U.S. policymakers have been extremely slow to react to a mountain of evidence about attacks by Chinese hackers on critical U.S. communications and infrastructure systems, analysts say.
This week, as potential new threats from Chinese hackers were identified, the federal government issued one of its strongest warnings yet about the need for Americans (and particularly government officials and other “very specific” individuals) to secure your communications against eavesdropping and interception.
The warning came as news broke of a Commerce Department investigation into the possibility that computer network routers made by the Chinese company TP-Link could pose a threat to the millions of American businesses, homes and government agencies that they use them.
Also on Wednesday, Congress took long-awaited steps to fund a program that will purge other Chinese technologies from U.S. telecommunications systems. The so-called rip and replace program targets equipment manufactured by Chinese companies Huawei and ZTE.
Too far behind
While experts said the recent actions are a step in the right direction, they cautioned that U.S. policymakers have been extremely slow to react to a mountain of evidence that Chinese hackers have long been attacking critical systems. communications and infrastructure in the United States.
The lack of action has persisted despite intelligence and law enforcement agencies repeatedly sounding the alarm.
In January, testifying before the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party, FBI Director Christopher Wray said: “There has been very little public attention to the fact that the Hackers (from the People's Republic of China) are attacking our critical infrastructure: our water treatment plants, our electric grid, our oil and gas pipelines, our transportation systems. And the risk this poses to all Americans requires our attention. pay attention now.”
A year earlier, Wray had warned lawmakers on the House Appropriations Committee that their researchers were outnumbered.
“To give you an idea of what we're dealing with, if every single FBI cyber agent and intelligence analyst focused exclusively on the Chinese threat, Chinese hackers would still outnumber FBI cyber personnel by at least 50%. 1,” Wray said.
Decades of complexity
Part of the problem, experts said, is that it is difficult for policymakers to muster the political will to make changes that could be detrimental to the lives and livelihoods of American citizens in the absence of public concern about the problem. .
“It still remains very, very difficult to convince ordinary citizens of the seriousness of Chinese espionage, or the extent of it,” said Bill Drexel, a fellow in the National Security and Technology Program at the Center for a New American Security.
He contrasted the relatively subdued public response to the recent revelation of a Chinese hacking operation known as Salt Typhoon, which compromised mobile phone networks across the country, with the uproar that accompanied the much less serious appearance of a Chinese spy balloon over the continental United States in 2023.
“That just demonstrates this … problem where the really serious issues that are intangible, that are only in cyberspace, are really difficult to understand,” Drexel told the VOA.
“Over four decades, we intertwined our supply chains very deeply with China, and our digital systems became increasingly complex, allowing them to be hacked and compromised in increasingly complex ways,” Drexel said.
“We have just begun to try to change the course of this matter,” he added. “But there's so much momentum for so long on these issues, and they continue to increase in complexity, so it's really hard to catch up.”
Warning for white Americans
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on Wednesday, reporting that it “has identified cyber espionage activity by threat actors affiliated with the government of the People's Republic of China (PRC) targeting the infrastructure of commercial telecommunications”.
He went on to say, “This activity enabled the theft of customer call records and the breach of private communications for a limited number of very specific individuals.”
The warning appeared to be related to the Salt Typhoon attack that government researchers say compromised all major mobile carriers in the US, giving the Chinese government extraordinary access to communications between millions of Americans.
CISA's five-page document outlines steps the agency recommends that all Americans, but particularly those most likely to be targeted, take immediately.
The first is to immediately restrict the use of standard mobile communications platforms, such as voice calls and Short Message Service (SMS) text messages. Instead, the agency recommends Americans restrict their communications to free messaging platforms that offer end-to-end encryption, such as Signal, that support one-on-one and group chats, as well as voice and video calls. Data sent with end-to-end encryption is extremely difficult to decrypt, even if a malicious actor can intercept it during transmission.
Among the other advice CISA offered was avoiding using SMS messages for multi-factor authentication, switching to apps that provide authentication codes or, where possible, adopting hardware-based security keys for highly sensitive accounts. Other recommendations included using complex, random passwords stored in password management software, as well as platform-specific suggestions for iPhone and Android users.
Concerns about TP-Link
On Wednesday, The Wall Street Journal reported, and other outlets later confirmed, that the Commerce Department, as well as the Justice and Defense departments, are investigating reports that computer routers made by Shenzhen-based TP-Link, They are an attack vector for Chinese hackers.
TP-Link currently dominates the computer router market in the US, with almost two-thirds of the total market share. In October, a Microsoft report revealed that a Chinese hacking operation identified as CovertNetwork-1658 has compromised thousands of TP-Link routers to create a network that is used by “multiple Chinese threat actors” to gain illicit access to computer networks. all over the world.
The Journal report also revealed that the Commerce Department is considering banning the sale of TP-Link routers in the US next year, a move that could significantly disrupt the US networking hardware market.
Remove and replace
Congress on Wednesday took long-delayed steps to address a different potential threat from China, allocating $3 billion to a program that will remove telecommunications equipment made by Huawei and ZTE from rural telecommunications networks in the U.S.
The funding for the rip-and-replace program comes years after the United States identified the two companies as a potential threat.
Starting in the first Trump administration and throughout Joe Biden's term, the United States pressured allies around the world to block the installation of 5G cellular communications equipment from Huawei and ZTE on their networks, in some cases threatening to stop to share confidential information with allies who did not comply.