FBI Director Christopher Wray opened up with Americans about a grave double threat on Wednesday, giving a textbook example of using his power and position to get attention.
His stunning warning about China’s capacity to “wreak havoc” on US infrastructure and directly harm Americans shed new light on the ambition of America’s new superpower foe and helps give context to the fragile relations between Washington and Beijing that are already showing up as an issue in the 2024 campaign.
And, experts said, Wray’s bombshell assessment about the vulnerabilities of the systems that underpin daily life reflected a growing issue – the interconnected nature of new transport, power and energy networks that could mean a future cyberattack on a single node could paralyze the entire country.
Rick Geddes, director of Cornell University’s Infrastructure Policy Program, said he was surprised by the “clarity and intensity of Wray’s statements regarding this threat and how much more resources the Chinese Communist Party is putting into this relative to the United States.” He said that Wray, despite his stark language, may have underplayed the gravity of an issue that raises “a lot of warning signals regarding the potential threats to our critical infrastructure.”
The scenario the FBI director painted in congressional testimony was a striking public accounting of the capacity of China, its Communist Party (CCP) leaders and sprawling intelligence agencies to target America’s way of life with a hacking operation that is bigger than that of all other nations combined. It raises the possibility that any conflict over Taiwan or territorial claims in the South China Sea that drags in the US could spread far beyond its epicenter on the other side of the globe. And it is a sign of the ambition and aggression of Xi Jinping’s China, which perceives an affront to its rightful power in American efforts to get it to submit to the existing US rules-based system.
“The CCP’s dangerous actions, China’s multi-pronged assault on our national and economic security, make it the defining threat of our generation,” Wray said. “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems.”
The specter of such a massive Chinese cyber-attack also underscores the extreme tensions beneath recent efforts to contain the plunge in US-China relations – and the depth of issues rocking the relationship. At their summit in November in California, Xi and President Joe Biden agreed to try to avoid flare-ups in a US election year. Xi promised Biden China wouldn’t interfere in the 2024 presidential election at that meeting, CNN reported exclusively this week. The high-level diplomatic contacts continued last week when national security adviser Jake Sullivan met Chinese Foreign Minister Wang Yi in Bangkok.
Wray also used the hearing before the House select committee on the Chinese Communist Party to cast doubt on Xi’s promise that China wouldn’t interfere in the election. His response, and the issue of potential cyberattacks, is likely to become an issue in the election itself as GOP candidates, especially ex-President Donald Trump, criticize Biden’s handling of the world’s most crucial diplomatic relationship and promise a harder line with Xi.
Wray’s stunning warning
Wray’s appearance on Capitol Hill marked the most significant moment yet for the committee, whose creation was one of the major legacy items from the short-lived Republican speakership of Kevin McCarthy. The challenge from an increasingly mighty China, which is reshaping global geopolitics, is one of the few policy areas on Capitol Hill where both parties share a common vision of a threat or problem and a desire for action.
The committee’s chairman, Republican Rep. Mike Gallagher of Wisconsin, warned that US intelligence agencies had discovered China had hacked into American critical infrastructure with the sole purpose of destroying or disabling it in the event of a conflict over Taiwan, for instance. “This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants,” he said. “There is no economic benefit for these actions. There’s no pure intelligence-gathering rationale. The sole purpose is to be ready to destroy American infrastructure, which would inevitably result in chaos, confusion and potentially mass casualties.”
The top Democrat on the committee, Rep. Raja Krishnamoorthi of Illinois, called on the government to act to prevent “political, economic and social chaos” in the event of an attack. He cited a need to hunt and destroy malware and malicious code that China was inserting into critical US infrastructure, and to take steps to spell out how the US would deter such action.
Wray warned that the purpose of such moves was to give China the capacity to exert harm deep in US society. “We can see from where they position themselves across civilian infrastructure that low blows aren’t just a possibility in the event of a conflict; low blows against civilians are part of China’s plan,” he said.
Before the hearing, Wray announced that the bureau and its partners had shut down an operation by a state-sponsored Chinese hacking group known as Volt Typhoon, which involved malware that allowed China to penetrate communications, energy transport and water sectors, and he called on Congress to help disrupt future violations of US systems.
There was no immediate response to the hearing from China but in the past the government in Beijing has denied hacking into US systems. It is also not possible to know the extent to which the US has its own capabilities to target China’s vital systems that might offer a measure of deterrence.
But Gen. Paul Nakasone, commander of US Cyber Command, told the House committee that the US was seeking to maintain a strategic advantage by “contesting the threats posed by the PRC in cyberspace by using the full scope of our authorities and the full spectrum of our capabilities to impose costs, deny benefits, and encourage restraint on the part of our adversary.”
How integrated systems raise the costs of catastrophic attacks
Gallagher warned at the start of the hearing that without constant vigilance and US defensive action, China would maintain the capacity to “turn off the lights for everyday Americans, shut down cities and cause massive loss of American lives.”
The problem is exacerbated by the interconnected nature of much of modern infrastructure.
Geddes said that a “quiet infrastructure revolution” had taken place in the US, powered by small start-up companies whose systems were being adopted across US systems.
“The policy issue is that there’s a lack of appreciation for how that integrates different sectors of infrastructure that prior to the technological development were independent, and you could think about them as being independent. Now they become more interdependent with one another,” he said.
The effect of this, Geddes said, is that different networks can become vulnerable to a single attack. For example, the increasing use of electric vehicles might mean that a successful hack of the electrical grid could grind large parts of the transportation system to a halt in a way that could have disastrous impacts on daily life and the economy.
Traffic signals are another example. In the past, they were often operated on a timer – meaning that they were not tied together. In modern systems, however, the signals are connected via computers. “If you have a cyberattack on that sort of technology, it could affect all signals at once,” Geddes said.
This level of integration actually makes the country more vulnerable than it would have been.
“One of the unintended consequences of this technological evolution is to make that integration more profound, but that implies to some degree it’s less resilient, and the effects of a successful cyberattack would be greater,” Geddes said.
This reality gives an already sweeping Chinese hacking capability even greater power and scope.