Intelligence Sharing Modelled on Ukraine‘s Approach for Countering China
The Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, has called for a shift in approach to counter threats to US critical infrastructure posed by China. She suggested that intelligence sharing methods employed in the run-up to Russia’s invasion of Ukraine should be used to stop Chinese hacking groups. Easterly praised the declassification of sensitive information about Russia’s cyber operations in Ukraine and efforts targeted at reducing the risks to U.S. targets. The process helped intelligence agencies to ensure that both sources and methods were protected while also providing information to those who needed it.
The Call for Transparency and Radical Sharing
The model, according to Easterly, sets a good precedent for dealing with the threats posed by China. To further emphasize the need for transparency, Rep. Raja Krishnamoorthi, D-Ill. echoed Easterly’s call for Ukraine’s “radical disclosure and radical sharing” approach during the invasion. The ranking member of the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party emphasized that such an attitude should be adopted towards adversarial regimes. Adopting the same approach would empower intelligence agencies to handle potential security risks efficiently.
Shields Up Campaign and Secure Code Development
During the invasion, CISA created a “Ukraine tensions plan” and carried out an exercise alongside critical infrastructure owners and operators on how to respond and communicate with the private sector during an attack on US soil. The aim of the exercise was to make U.S. information sharing more proactive. CISA launched the “Shields Up” campaign to encourage U.S. businesses and institutions to improve their cybersecurity posture and defend against potential Russian attacks during the invasion. Easterly urged the government to use its purchasing power to persuade critical infrastructure to develop secure-by-design code. Ultimately, “we’ll see a Shields Up campaign extended to what we see from China” Easterly says.
The Threat Posed by China
In addition to Easterly’s call for a focus on the threat posed by China, Microsoft and U.S. intelligence agencies have revealed that a Chinese-linked hacking group dubbed “Volt Typhoon” targeted critical infrastructure in the United States, including telecommunications infrastructure in Guam. The ultimate goal of the campaign was to give China the ability to disrupt communications between the United States and Asia in the event of a crisis. Easterly posits that the Chinese operations are increasingly focused on disruptive and destructive impacts, similar to Russian operations.
Building Resilience against Cyber Threats
Given the potential for China to induce societal panic during conflicts, Easterly urges building resilience against the threat and preparing for it. Societal resilience has been lost, as seen in reactions to events such as the Colonial Pipeline ransomware attack in 2021 as well as the Chinese spy balloon that drifted over US territory earlier this year. Therefore, Easterly calls for greater preparation and a shift in mindset towards better resilience and preparation for potential cyber offenses.
Editorial
Efforts to counter risks to US national infrastructure require a shift in approach and mindset. Easterly’s call for transparency, radical sharing, and radical transparency are excellent approaches to deal with adversarial regimes like China and Russia. Adopting a proactive rather than reactive stance, as demonstrated during the “Shields Up” campaign, would go a long way in boosting resilience. The call to leverage the purchasing power of the government to persuade critical infrastructure to develop secure code software will help to put the country on a good footing towards countering cyber threats. It is time to build a resilient infrastructure that minimizes the risk posed by cyber threats.
Advice
Individuals and organizations are advised to adopt a proactive stance towards cybersecurity threats. It would help to mitigate potential cybersecurity risks posed by adversarial governments such as China and Russia. For organizations, it is essential to adopt secure-by-design code and secure all critical infrastructure. Organizations should also take steps to improve cybersecurity and information sharing by running drills and exercises on response efforts in the event of an attack. Engagement with government cybersecurity agencies, including CISA, on improving cybersecurity posture is also critical. In all, a shift in the mindset towards greater resiliency is necessary to mitigate cybersecurity threats.
<< photo by Thomas Evans >>
You might want to read !
- “RomCom” Hackers Strike Ukraine and US Healthcare Targets
- The Importance of Mature Threat Hunting in Defending Against Supply Chain Attacks
- The Resurfacing of Mt. Gox Cybercrime Charges: An Editorial Exploration
- Toward a More Collaborative Approach: Strengthening Public-Private Partnerships to Enhance Cybersecurity.
- Bridging the Cybersecurity Divide: The Power of Public-Private Information Sharing
- Ukrainian Hackers Target the Russian Central Bank-Linked Telecom Firm
- “The Risks and Challenges of Hacking the Moonlighter Satellite”
- “Fortinet’s Response: Fixing the Critical FortiGate SSL VPN Vulnerability”
- RCE Vulnerability in Fortinet FortiGate Firewalls Requires Urgent Patching
- The Intersection of Financial Heists and Cyber Espionage in the “Asylum Ambuscade” Cyberattack
- The Art of Doing Less: Maximizing Value in Times of Scarcity
