Government and Policy

Cyber pandemic prep: CISA warns of Chinese cyberattacks as new DARPA program looks for flaws in commercial devices, platforms

Cyber pandemic rhetoric is making the rounds again, with the director of the US Cybersecurity and Infrastructure Security Agency (CISA) warning that China may use aggressive cyber operations on US pipelines and rail lines.

At the same time, the US Defense Advanced Research Projects Agency (DARPA) is putting together a research program to identify vulnerabilities in commercial devices and platforms.

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic”

Jen Easterly, CISA, 2023

Speaking at the Aspen Institute on Monday, CISA director Jen Easterly warned:

In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic.

“This I think is the real threat that we need to be prepared for, and to focus on, and to build resilience against.”

The threat of cyberattacks on critical infrastructure is nothing new.

Last year, the White House put out a statement warning that Russia was “exploring options for potential cyberattacks” on critical infrastructure as well.

Likewise, the World Economic Forum (WEF) and partners have for years been prepping for a cyber pandemic that founder Klaus Schwab said “would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.”

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole”

Klaus Schwab, WEF Cyber Polygon, 2020

In the latest iteration of cyber pandemic preparedness, Easterly referenced a recent cyber breach associated with the People’s Republic of China (PRC) via a “state-sponsored cyber actor” known as Volt Typhoon, which was able to infiltrate US military and private sector infrastructure.

According to CISA, Volt Typhoon’s tactic was something called “living off the land,” which uses built-in network administration tools to perform their objectives.

This tactic “allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.”

We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold,” said Easterly.

I think it’s going to be very, very difficult for us to prevent disruptions from happening, which comes down to resilience,” she added.

“We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold”

Jen Easterly, CISA, 2023

A day after Easterly’s remarks, DARPA announced a Proposers Day for its upcoming “Intelligent Generation of Tools for Security (INGOTS) program, which aims to “improve software and hardware resiliency of pervasive commercial devices by rapidly identifying and prioritizing their most dangerous flaws.”

While the INGOTS program description doesn’t reference “China,” “Volt Typhoon or “living off the land,” the program’s “vulnerability measurement pipeline” could help identify potential flaws, so organizations can better prepare themselves against “living off the land” types of breaches.

According to the program description, “Today, sophisticated cyberattacks combine multiple vulnerabilities into exploit chains that bypass software and hardware security measures to fully compromise critical, high-value devices.

“The INGOTS program aims to harden platforms against exploit chains by identifying and fixing these high-severity, chainable vulnerabilities before attackers can leverage them.”

In the end, “The INGOTS program will develop novel approaches, driven by program analysis and Artificial Intelligence (AI), to rapidly measure and comprehensively repair chainable vulnerabilities within modern, high-complexity software and hardware in order to preemptively defend against sophisticated cyber-attacks.”

DARPA’s INGOTS program Proposers Day will be held on June 30, 2023.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

How a former Wall Street exec is saving your plants and the planet 

Jeanna Liu’s love for nature is rooted in her childhood. As a young girl, Liu…

2 hours ago

New initiative announced to accelerate cloud, GenAI adoption in Latin America

The arrival of generative artificial intelligence (genAI) into the mainstream at the end of 2022…

3 hours ago

Deborah Leff to join Horasis Advisory Board in boost to machine learning and data initiatives 

Data analytics and machine learning models deliver the most powerful results when they have access…

6 hours ago

37, Emotionally Stuck, and Why the Journey Didn’t Change Me

I’ve been on the road for almost a year now. Chasing freedom, adventure, and purpose.…

2 days ago

Will iPhones Get Pricier Under Trump’s Leadership?

As technological use increases, so may the cost of innovation due to the global movement…

2 days ago

The Science of Gift-Giving: 10 Functional Gifts for the Holidays

Have you ever asked yourself why some people are amazing at picking gifts, while others…

3 days ago