In recent news, a terrifying scenario has emerged where a nation-state threat group managed to gain persistent access to critical infrastructure systems within the United States. This included systems that are essential for daily life, such as water supply and hospitals. The threat group, known as the Volt Typhoon campaign by the Chinese government, issued a warning to the U.S. government, threatening to disrupt critical infrastructure if U.S. foreign policy interfered with their own operations, particularly in relation to Taiwan.
This alarming revelation has shaken cybersecurity experts like Joshua Corman, who has long been an advocate for improving software supply chain security in the federal government. Corman, co-author of The Rugged Manifesto, emphasized the need for greater awareness among the general public about the vulnerabilities and threats that exist within our critical infrastructure. He underscored the fact that the U.S. is vulnerable to attacks from adversaries like China, who have demonstrated the capability to disrupt critical systems.
To address these growing concerns, Corman is spearheading a pilot project called UnDisruptable27, funded through the Institute for Security and Technology. This project focuses on cybersecurity threats at the intersection of water supply and healthcare accessibility, two critical areas where cyber attacks could have devastating consequences. The project aims to mitigate risks posed by potential cyber threats, particularly from China, with a target date of 2027 when officials believe China could take action against Taiwan.
Corman also expressed frustration with the lack of transparency in the private sector regarding the vulnerabilities present in software. He criticized vendors for not disclosing the contents of their software, which can leave critical infrastructure operators unaware of potential risks. To combat this issue, Corman suggested that some operators may need to revert to analog systems and disconnect from digital systems to enhance their security posture.
In addition to addressing immediate cybersecurity concerns, Corman is also considering ways to hold software vendors accountable for endangering public safety and national security. He hinted at plans to take action against the worst offenders in the industry, emphasizing that the time for turning a blind eye to preventable flaws in digital infrastructure is over.
As the threat landscape continues to evolve, Corman stressed the importance of conducting crisis simulations and implementing measures to enhance resilience in the face of potential cyber attacks. By proactively addressing vulnerabilities and improving transparency in software supply chains, Corman believes that the U.S. can better protect its critical infrastructure from the growing threats posed by hostile foreign powers.
Overall, the revelations about the Volt Typhoon campaign serve as a stark reminder of the ongoing cybersecurity challenges faced by the U.S. and the critical importance of strengthening defenses against malicious actors intent on disrupting vital systems. Joshua Corman’s initiatives and advocacy efforts underscore the urgency of addressing these vulnerabilities to safeguard national security and public safety in an increasingly digital world.