The U.S. Cybersecurity and Infrastructure Security Agency (CISA) director, Jen Easterly, issued a stark warning about the cyber threats posed by attackers connected to the People’s Republic of China (PRC). In a recent blog post, Easterly expressed concerns that the PRC may attempt to achieve “reunification” with Taiwan by the end of the decade or sooner. She emphasized the need for the U.S. to bolster its defenses against potential disruptive attacks on critical infrastructure, including transportation, telecommunications, power grids, water facilities, and more.
As Easterly prepares to step down from her position along with CISA Deputy Director Nitin Natarajan ahead of the new Trump administration’s inauguration, the agency has been actively engaged in various initiatives during the transition period. One significant move expected is the issuance of a cybersecurity executive order by outgoing President Joe Biden to address the escalating cyber threats.
Easterly highlighted the success of CISA in combating PRC-linked threat actors in government networks and critical infrastructure sectors such as energy, transportation, water, and telecommunications. Despite these efforts, she stressed that the current actions represent only a fraction of the ongoing threat. The relentless cyber campaign by the PRC underscores the critical need for enhanced cybersecurity measures across both public and private sectors.
In her post, Easterly urged for a shift towards more secure product development, pointing out that vulnerabilities in technology products have enabled cyber attackers to exploit them. She emphasized the importance of prioritizing security over speed to market in developing technology products to prevent adversaries from exploiting weaknesses. Easterly called on technology companies to build and sell products that are inherently secure to safeguard critical infrastructure from potential attacks.
Moreover, Easterly urged critical infrastructure organizations to reinforce their commitment to resilience in the face of evolving cyber threats. She emphasized the need for CEOs, boards, and business leaders to recognize cyber risk as a core business concern and to conduct regular testing of critical systems to ensure operational continuity and rapid recovery in the event of an attack.
The imminent cybersecurity executive order from President Biden is expected to introduce stringent measures to enhance federal and contractor defenses against PRC actors and other cyber threats. The order may include provisions for stronger software and cloud security standards, improved federal network security, enhanced authentication mechanisms, third-party risk management protocols, bolstered BGP security, and the promotion of AI-powered security technologies. It is also anticipated to grant CISA additional enforcement authority for cybersecurity standards.
As the U.S. continues to confront the growing cyber threat landscape, the actions taken by CISA and the forthcoming cybersecurity executive order underscore the critical need for continuous vigilance and proactive measures to safeguard the nation’s critical infrastructure and digital assets against malicious actors.