Cyber pandemic prep: CISA warns of Chinese cyberattacks as new DARPA program looks for flaws in commercial devices, platforms

Cyber pandemic rhetoric is making the rounds again, with the director of the US Cybersecurity and Infrastructure Security Agency (CISA) warning that China may use aggressive cyber operations on US pipelines and rail lines.

At the same time, the US Defense Advanced Research Projects Agency (DARPA) is putting together a research program to identify vulnerabilities in commercial devices and platforms.

Speaking at the Aspen Institute on Monday, CISA director Jen Easterly warned:

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic.

“This I think is the real threat that we need to be prepared for, and to focus on, and to build resilience against.”

The threat of cyberattacks on critical infrastructure is nothing new.

Last year, the White House put out a statement warning that Russia was “exploring options for potential cyberattacks” on critical infrastructure as well.

Likewise, the World Economic Forum (WEF) and partners have for years been prepping for a cyber pandemic that founder Klaus Schwab said “would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.”

In the latest iteration of cyber pandemic preparedness, Easterly referenced a recent cyber breach associated with the People’s Republic of China (PRC) via a “state-sponsored cyber actor” known as Volt Typhoon, which was able to infiltrate US military and private sector infrastructure.

According to CISA, Volt Typhoon’s tactic was something called “living off the land,” which uses built-in network administration tools to perform their objectives.

This tactic “allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.”

“We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold,” said Easterly.

“I think it’s going to be very, very difficult for us to prevent disruptions from happening, which comes down to resilience,” she added.

A day after Easterly’s remarks, DARPA announced a Proposers Day for its upcoming “Intelligent Generation of Tools for Security (INGOTS) program, which aims to “improve software and hardware resiliency of pervasive commercial devices by rapidly identifying and prioritizing their most dangerous flaws.”

While the INGOTS program description doesn’t reference “China,” “Volt Typhoon or “living off the land,” the program’s “vulnerability measurement pipeline” could help identify potential flaws, so organizations can better prepare themselves against “living off the land” types of breaches.

According to the program description, “Today, sophisticated cyberattacks combine multiple vulnerabilities into exploit chains that bypass software and hardware security measures to fully compromise critical, high-value devices.

“The INGOTS program aims to harden platforms against exploit chains by identifying and fixing these high-severity, chainable vulnerabilities before attackers can leverage them.”

In the end, “The INGOTS program will develop novel approaches, driven by program analysis and Artificial Intelligence (AI), to rapidly measure and comprehensively repair chainable vulnerabilities within modern, high-complexity software and hardware in order to preemptively defend against sophisticated cyber-attacks.”

DARPA’s INGOTS program Proposers Day will be held on June 30, 2023.