China’s cyber threat to U.S. NCI and ICS/SCADA is real and present.
While we have seen 220 Chinese paramilitary ships, manned by maritime militias, swarming around a disputed reef in the South China Sea in April, the threat from China will not come from a kinetic physical attack on Taiwan.
Instead, this act of deception is intended to cloak a modern-day threat with conventional warfare appearances.
Glimmers of False Hope
In spite of the Biden administration’s Monday condemnation of China for waging attacks on vulnerable Windows Exchange servers, and the combined voices from the U.K., the European Union and NATO joining with the U.S. in condemning China’s cyber behavior, Xi Jinping and the CCP are members of the UN Security Council and that will not change anytime soon.
This week’s Justice Department indictment against four members of the MSS (Ministry of State Security) for various cyber activities that targeted universities and government agencies in an effort to steal trade secrets and intellectual property, may give false hope to those who believe China will cave under broad international pressure.
There is scant evidence to support this notion.
Norway’s Foreign Ministry formally accusing China of attacking its parliament in March through the Exchange flaws, will not impress the MSS nor the office of Xi Jinping.
The comment from Scott Shackelford this week, chair of Indiana University’s cybersecurity program, underscores the impact of the absence of consequences with his observation that, “As for attributing the Exchange cyberattacks, the main benefit for the Biden administration is the fact that this was done collectively with close partners and allies. Naming and shaming, though, only gets us so far without any formal sanctions to go along with the attribution.”
And we will never see those sanctions applied.
Because we have become one the leading “partners” dependent upon China, our leading adversary, for goods and services that are now hopelessly baked into our supply chain formulas.
Turning a Blind Eye
America, not unlike the rest of the world, wants and needs those manufactured goods to support our “essential” lifestyles, and we have become numbed to the ease and economy that this relationship provides.
Apple, Nike, Adidas, Mercedes, Porsche and the NBA in particular, have repeatedly turned away from Chinese human rights violations and criticism, in favor of dirt-cheap labor and rapid accessibility to components, finished goods, retail consumer demand base and streaming NBA games.
The Belt and Road Initiative Marches On
And while we remain dependent upon the global bully, the Chinese communist regime continues to aggressively expand its global influence through its Belt and Road Initiative, and at the same time issues unveiled threats to any country that might try to intervene, like the U.S. efforts to rally allies to begin pushing back against the CCP’s five year plan.
The 140 countries who have already signed on to China’s program of universal largesse are in the boot, looking forward to necessary supplies and resources, technological assistance and funding, while providing precious (though locally useless) mineral resources that are essential to the Chinese manufacturing machine’s production of a vast array of products.
According to McKinsey, over 10,000 Chinese-owned firms are currently operating throughout the African continent, and the value of Chinese business there amounts to more than $2 trillion over the past 15 years, with $300 billion in investment currently on the table.
High-speed Economic Growth
Infrastructure is what Africa needs most and it is what China is most equipped to provide. It is not lost on many African leaders that 30 years ago China was in a similar place that they are now; a backwater country whose economy made up hardly two percent of global GDP.
But over the past three decades, China shocked the world in the way that it used infrastructure to propel economic growth, creating a high-speed rail network that now tops 29,000 kilometers, paving over 100,000 kilometers of new expressways, constructing over 100 new airports, and building no less than 3,500 new urban areas, which include 500 economic development zones and 1,000 city-level developments.
Over this period of time, China’s GDP has grown more than 10x, ranking #2 globally today.
At the ceremony last week to celebrate their communist party’s 100th anniversary, President Xi Jinping reminded the Chinese and the rest of the world that, “The Chinese people will absolutely not allow any foreign force to bully, oppress or enslave us and anyone who attempts to do so will face broken heads and bloodshed in front of the iron Great Wall of the 1.4 billion Chinese people.”
That message seems pretty unequivocal.
Since late 2020, Xi’s regime has begun a series of overstepping that has resulted in open threats to Taiwan and its allies, a crackdown on the alleged two-state system of Hong Kong governance, the dissolution of the only free press newspaper on the island and continued genocidal assault on the Uyghurs while stepping up its cyberattacks on critical infrastructure, U.S. networks, and the spread of mal- and misinformation through our media outlets.
China’s systematic human rights abuses alone should be cause for an international sanctioning and expulsion from the five member, permanent security council of the UN.
A visitor from Mars would be shocked that a founding member of that council would be allowed to continue while systematically forcing sterilizations and forced labor in “re-education camps,” of Uighur Muslims in the Xinjiang province.
Until said visitor realized that the entire global community is entirely reliant largely upon goods made in China, as they are made nowhere else.
Backed into a Corner
We’ve backed ourselves into an inescapable corner, and now it’s all ours.
Looking toward the International community for help finds a hollow vessel as an international tribunal already invalidated China’s claim to 90% of the South China Sea back in 2016, but Beijing simply ignores the ruling.
Echos of Instability
China’s interest in Taiwan is not a territorial imperative but has serious strategic underpinnings.
It turns out that today, Industry 4.0 finds a substantial global shortage of chips and Taiwan Semiconductor Manufacturing Co. (TSMC), which now makes almost all of the world’s most sophisticated chips, and many of the simpler ones, is increasingly in the Chinese crosshairs, as their own dependency on chips zeros in to focus on the leading target.
TSMC semiconductors are in billions of technology products, from cellphones to computers and cars – yet most folks think they are produced by Apple and Qualcomm or other American semiconductor plants.
TSMC is now the world’s most important semiconductor company, with enormous influence over the global economy. With a market cap of around $550 billion, it ranks 11th worldwide.
Similar in some ways to our past reliance on Middle Eastern oil, any instability on the island is threatening to echo across industries.
A Fragile Dependency
That dependency poses significant risks to the global economy.
As more technologies require chips of insane complexity, more are coming from an island that’s an increasingly dangerous topic of interest for both the U.S. and China.
As the demand expands, TSMC can’t make enough chips, adding to the chaos of supply bottlenecks, higher prices and furloughed workers (auto industry).
In response to this market lock-in, China has made semiconductor independence a major tenet of its national strategic plan.
And to underscore Xi’s point, the CCP has increased the frequency and scale of patrols of CCP bombers, fighter jets, warships and aircraft carriers through the Taiwan Strait.
As a combined declaration of strength, a demonstration of their clarity of intention, and a bogus distraction from the real threat being developed in Beijing and readied for launch.
As trial indicators, Taipei has accused four Chinese groups of hacking into at least ten Taiwanese government agencies and six thousand official email accounts in the last couple of years.
Taiwan Joins Other Southeast Asians in Doomsday Scenarios
Proving that they can, and as a warning to Taiwan that, without a reasoned agreement about their future relationship with China, the outcome could be very uncomfortable for the Taiwanese, to say nothing of the rest of the world.
In addition, China has accelerated interference in Taiwan’s elections, spreading disinformation on social media and increasing its control over Taiwanese media outlets. These techniques are historically emblematic and point to China’s larger strategy of employing coercion to erode trust in Taiwan’s political system and sow divisions in Taiwanese society.
All designed for an ultimate showdown, but one done in cyberspace, not in the air, over land or at sea.
If one is attracted to gambling, it’s a fair bet that within 5 years, Taiwan will enjoy a much closer and exclusive relationship with China, which will prove detrimental to the rest of the world.
And in addition, the rest of the Southeast Asian governments should not be sleeping well. The recent and broadening activities of the LuminousMoth APT group and its connections with MustangPanda indicate China’s wider interests in the region. It also indicates that Chinese APTs are focusing on developing new and innovative malware implants and we will see more sophisticated tools in the near term.
The Art of War
In Sun Tzu’s the Art of War, he defines in Chapter 3, “Planning the Attack” the nature of strength. By “attack,” Sun Tzu means specifically the idea of moving into a new territory, not necessarily battle or conflict. Conceptually, he posits that one must expand or advance one’s existing position in order to survive. While defense is less expensive than advance over the short term, change undermines existing positions, so if they are not advanced, they must fail.
In Chapter 4, “Positioning,” Sun Tzu explains how one must use competitive positions. A subject’s abilities to defend themselves and to advance are both based on their current position. To get where one wants to go, one must start from where one is. A subject cannot create the openings or opportunities that it needs to advance because the environment is too large and complex to control.
Instead, one must learn how to recognize opportunities created by changes in the environment.
ICS and SCADA
Which brings us to ICS and SCADA.
This week saw an announcement from CISA attributing several past attacks, including a spear-phishing and intrusion campaign carried out between December 2011 and 2013 by Chinese hackers against oil and natural gas pipeline companies in the United States.
According to CISA and the FBI, of the 23 targeted organizations, “13 were confirmed to be compromised, 3 were ‘near misses,’ and 8 had an ‘unknown depth of intrusion.’
“CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations,” the agencies said.
Gathering the Evidence
During their investigation, CISA and the FBI discovered that the attackers had focused exclusively on, and had successfully exfiltrated ICS operational data, and succeeded in accessing SCADA networks and had exfiltrated ICS permission group credentials and vulnerable jump points to (and from) corporate IT networks.
There is only one reason why they would bother with such a series of attacks.
The U.S. maintains about 2 million miles of natural gas distribution mains and pipelines, 321,000 miles of gas transmission and gathering pipelines, 175,000 miles of hazardous liquid pipeline, and 114 active liquid natural gas plants that are connected to natural gas transmission and distribution systems.
Petroleum pipelines transport crude oil or natural gas liquids, and there are three main types of petroleum pipelines involved in this process: gathering systems, crude oil pipeline systems, and refined products pipelines systems, all of which are provided by a small group of suppliers, and most of them operate using the same protocols.
IOW, if you can attack one successfully, you can attack all.
Predicting the Future
The information collected during these past reconnaissance attacks will enable threat actors to access ICS networks via multiple channels and would provide efficient access to remotely perform unauthorized operations on the pipeline with physical consequences.
Colonial Pipeline was a probative query to gauge both the security precautions and the operator’s response to a ransomware threat.
Both went exactly according to expectations.
The Enemy of My Enemy…
While not operating in harmony, the Russians and Chinese have competing, yet cooperative goals with respect to the US NCI. In Russia’s case, the attack was a signal that verified their superiority in cyberspace and a bow shot to inform this administration that any attempts in cyber or sanctions against Moscow, will be met with surprising force.
In China’s case, it is the patient placement of sleeping dogs, trained to act in response to a certain set of instructions that are loaded and locked, and which await a signal from leadership that the time to act has finally come.
All Talk, No Walk
The Biden administration has so far taken a less directly confrontational approach to the threat of China than the Trump administration, seeking instead to build a coalition to combat the threat.
“Last night I was on the phone with for two straight hours with Xi Jinping,” Biden told reporters in the Oval Office in February. “It was a good conversation, I know him well, we spent a lot of time together over the years I was vice president, but if we don’t get moving, they’re going to eat our lunch. They have major, major new initiatives on rail, they already have rail that goes 325 miles per hour with ease. They are working very hard to do what I think we’re gonna have to do.”
Too Little Too Late
A few years and many dollars too late.
In February, he announced the formation of a Defense Department China Task Force to assess the future challenge from China; meanwhile, G7 member states agreed to the initiative aimed at challenging China’s Belt and Road Initiative.
Secretary of State Antony Blinken, in a message to NATO said back in March, “When one of us is coerced we should respond as allies and work together to reduce our vulnerability by insuring our economies are more integrated with each other.”
G-7 leaders continue to send word salad statements like the one released in June criticizing China in a number of places.
The Pearl Harbor of Cyber
Biden correctly responded with, “The G7 explicitly agreed to call out human rights abuses in Xinjiang and Hong Kong. I know this is going to sound somewhat prosaic, but I think we’re in a contest, not with China per se, but a contest with autocrats, autocratic governments around the world, as to whether or not democracies can compete with them in the rapidly changing 21st century.”
And therein lies the crux of the problem.
In the meantime, we desperately need to shore up our critical infrastructure, and it has become obvious that without a centralized, private/public partnership mandating change for all participants in the narrowest of windows, we will remain sitting ducks.
More so even, than in Pearl Harbor on that fateful morning in December, 1945.
Those sailors had no warning.
Today, we have more warnings, than we can shake a stick at.
As folks say down in Texas, we need to stop hugging the rose bush and get down to business.