US cyber official: ‘Sky’s the limit’ for Chinese hacking threats

A top official with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency sounded the alarm about Chinese hackers targeting U.S. critical services on Wednesday, saying they are laying the groundwork for future attacks at a “critical moment.”

“The sky’s the limit when it comes to both Chinese intentions and their capabilities. We have already detected that they have compromised U.S. critical infrastructure,” CISA’s Executive Director Brandon Wales said at the Semafor World Economy Summit in Washington.

He said the agency has found instances of Chinese hackers “burrowing into our critical infrastructure” to prepare for future attacks aimed to “disrupt or destroy our critical infrastructure at a critical moment, probably to affect geopolitical decision making.”

These attacks could be deployed in order to affect U.S. power projection in Asia in the event of a conflict over Taiwan, he said, or be used to “cause societal panic inside the United States.”

Wales said U.S. officials have not seen any shift in China’s behavior, despite efforts by the Biden administration to open new channels of communication with China to address concerns and work on shared challenges.

“If there’s any change at all, it’s been that China over the years has become more sophisticated in their techniques to obscure what they’re doing,” Sandra Joyce, head of global intelligence at Mandiant, said.

CISA is one of the leading federal government agencies tasked with ensuring U.S. elections are secure, in addition to its work more broadly on hardening U.S. critical infrastructure against cyberthreats.

Wales said that while foreign cyber threats to U.S. elections “continue to increase,” Americans should feel confident about the security of election systems as the 2024 presidential race heats up.

“The American people should have confidence in the overall system,” he said, adding that U.S. elections are “far more secure than they were in 2016.”

CISA recently completed work on a rule mandating companies that own and operate critical infrastructure to report cyber incidents, which Wales said was designed to give the federal government more visibility into activity on U.S. networks and allow quicker action in response to threats.

“We do not believe that we have sufficient visibility into the cyber attacks that are happening every single day against U.S. companies, U.S. government agencies, state local governments,” he said.