CIOCybersecurityInformation TechnologySecurity

Guarding the Dragon’s Den: Local Government Mitigation for today’s targeted Critical Infrastructure

By Dr. Brian Gardner, Chief Technology & Information Security Officer, City of Dallas

Recently, FBI Director Wray testified before a House subcommittee warning that China was escalating a broad hacking effort aimed at destabilizing the United States’ power grid, oil pipelines, and water systems. He disclosed that Chinese hackers, affiliated with the “Volt Typhoon” group based in Beijing, had successfully infiltrated servers targeting various critical infrastructure networks, including those of local governments.

Municipal governments’ control over such critical infrastructure, such as water treatment plants, electric providers, airports, and other transportation hubs, are highly poised targets for state-sponsored hacking operations, with all having major national security implications. Overall, the stability and resilience of municipal infrastructure are important to ensuring the continued functioning of society, the economy, and stability. Disruptions to these systems would have widespread economic impacts. They would affect both local and national levels.

The disruption of critical infrastructure would cause substantial economic damage, both in terms of immediate costs for repair and recovery, as well as long-term impacts. A successful cyber-attack on critical infrastructure would ultimately erode public trust in government institutions. It would also undermine the reliability and security of essential services necessary for local municipal functions and residents.

The U.S.-China relationship is complex and multifaceted, marked by cooperation and competition. A major obstacle lies in attribution within cyber operations. Identifying the genuine origin of cyberattacks, whether state-sponsored or otherwise, remains a complex task. Both the United States and China have levied accusations of cyber espionage and hacking against each other. Determining attribution becomes increasingly intricate in the realm of disinformation and influence campaigns. Identifying the source of false narratives or propaganda presents an ongoing challenge.

As the world becomes more interconnected, it’s crucial for municipal governments to acknowledge the pressing need to strengthen their cybersecurity protections for data.

Both countries recognize the need to stabilize relations and prevent escalation. Diplomatic channels are essential for managing crises. However, deep mutual skepticism persists. China believes the U.S. seeks to maintain global hegemony, while the U.S. worries about China’s rise, challenging its interests. Issues such as Taiwan, Human Rights, and economic trade imbalance create a Petri dish environment for mistrust, cyber espionage, and increased cyber-attacks.

First and foremost, municipal governments must assess the elevated risk from a global standpoint. Cooperation with federal, state, private sector entities, and even international allies is essential. As this fight is not a localized problem but rather a global one being fought on many fronts by multiple allies, the exchange of threat intelligence aids in recognizing patterns and vulnerabilities.

Drill deep into your critical infrastructure’s entire strategic plan, including cyber. Pose tough questions regarding your technology vendors and service providers. Ensure that critical infrastructure systems and software are supported from an operational perspective and scrutinized through a resilience lens.

Establish dedicated teams or outside partnerships to monitor and analyze cyber threats continuously, especially focusing on those originating from China, and assess their potential impact on government operations. Thus, this approach prompts prompt identification and response to potential attacks or intrusions. Ask yourself, have you tested against the threat model?

Provide all employees, executives, contractors, and stakeholders on cybersecurity awareness, incident response procedures, training and education programs for, and the latest cyber threats, including tactics used by Chinese threat actors, so users can assist in identifying those indicators. Just as users can represent the largest weakness, having multiple eyes on a problem can help strengthen those same defenses.

As nation-state threat actors increasingly employ AI-based strategies in their malicious activities, we must proactively equip ourselves with advanced and generative AI technologies as the guardians of critical infrastructure. These cutting-edge tools are essential for effectively identifying, analyzing, and countering new tactics these malicious actors employ.

By embracing AI-driven solutions, we enhance our ability to detect those subtle patterns, anomalies, and emerging threats in real-time, thereby improving the fortification of our defenses and ensuring the resilience of our most critical systems against terroristic threats. A very much needed proactive approach not only strengthens our security posture but also underscores our commitment to staying ahead of adversaries in the cyber warfare.

They are lastly, Creating and consistently updating resilience and contingency plans to minimize the effects of cyber-attacks on critical infrastructure, especially those involving nation state adversaries. Those plans are essential and ensure swift recovery and the uninterrupted provision of vital services.

Overall, cyber-attacks on critical infrastructure pose multifaceted risks to national security, requiring proactive measures such as robust cybersecurity defenses, information sharing mechanisms, international cooperation, and strategic planning to mitigate and respond effectively to such threats. Cyber-attack disruption of critical services would lead to widespread chaos, economic losses, and public safety issues.

Unfortunately, the likelihood of Chinese cyber capabilities becoming more sophisticated over time is high. This trend will continue as the country invests in artificial intelligence cyber technologies, thus changing the cyber-attack landscape. This will involve the development of advanced malware, zero-day exploits, and techniques for evading detection. Local government officials really need to take a hard look at their current cybersecurity posture, and plan for the new threat landscape.

As the world becomes more interconnected, it’s crucial for municipal governments to acknowledge the pressing need to strengthen their cybersecurity protections for data. The looming threat from Chinese and other nation-state bad actors, focused on cyberattacks on critical infrastructure, poses significant risks. Ultimately, disrupting vital services, compromising sensitive information, and putting public safety at risk. Given the challenges and heightened level of cyber threats faced by municipalities, there is a significant need for resources and effort to adopt a robust arsenal of protective technologies, awareness, and focused protective measures.