Government and Policy

Cyber pandemic prep: CISA warns of Chinese cyberattacks as new DARPA program looks for flaws in commercial devices, platforms

Cyber pandemic rhetoric is making the rounds again, with the director of the US Cybersecurity and Infrastructure Security Agency (CISA) warning that China may use aggressive cyber operations on US pipelines and rail lines.

At the same time, the US Defense Advanced Research Projects Agency (DARPA) is putting together a research program to identify vulnerabilities in commercial devices and platforms.

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic”

Jen Easterly, CISA, 2023

Speaking at the Aspen Institute on Monday, CISA director Jen Easterly warned:

In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic.

“This I think is the real threat that we need to be prepared for, and to focus on, and to build resilience against.”

The threat of cyberattacks on critical infrastructure is nothing new.

Last year, the White House put out statement warning that Russia was “exploring options for potential cyberattacks” on critical infrastructure as well.

Likewise, the World Economic Forum (WEF) and partners have for years been prepping for cyber pandemic that founder Klaus Schwab said “would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.”

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole”

Klaus Schwab, WEF Cyber Polygon, 2020

In the latest iteration of cyber pandemic preparedness, Easterly referenced a recent cyber breach associated with the People’s Republic of China (PRC) via a “state-sponsored cyber actor” known as Volt Typhoon, which was able to infiltrate US military and private sector infrastructure.

According to CISA, Volt Typhoon’s tactic was something called “living off the land,” which uses built-in network administration tools to perform their objectives.

This tactic “allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.”

We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold,” said Easterly.

I think it’s going to be very, very difficult for us to prevent disruptions from happening, which comes down to resilience,” she added.

“We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold”

Jen Easterly, CISA, 2023

A day after Easterly’s remarks, DARPA announced a Proposers Day for its upcoming “Intelligent Generation of Tools for Security (INGOTS) program, which aims to “improve software and hardware resiliency of pervasive commercial devices by rapidly identifying and prioritizing their most dangerous flaws.”

While the INGOTS program description doesn’t reference “China,” “Volt Typhoon or “living off the land,” the program’s “vulnerability measurement pipeline” could help identify potential flaws, so organizations can better prepare themselves against “living off the land” types of breaches.

According to the program description, “Today, sophisticated cyberattacks combine multiple vulnerabilities into exploit chains that bypass software and hardware security measures to fully compromise critical, high-value devices.

“The INGOTS program aims to harden platforms against exploit chains by identifying and fixing these high-severity, chainable vulnerabilities before attackers can leverage them.”

In the end, “The INGOTS program will develop novel approaches, driven by program analysis and Artificial Intelligence (AI), to rapidly measure and comprehensively repair chainable vulnerabilities within modern, high-complexity software and hardware in order to preemptively defend against sophisticated cyber-attacks.”

DARPA’s INGOTS program Proposers Day will be held on June 30, 2023.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

Barcelona’s Tech Ecosystem: Gateway to Europe

Article by Ian Rankin, Chief Commercial Officer at Sim Local As its ecosystem grows, the…

6 hours ago

Uruguay passes law regulating crypto, could set precedent for rest of Latin America

While several Latin American countries have enacted crypto regulations — including some with volatile economic…

1 day ago

CBDC could be used for state surveillance, includes wealth of personal data & behavioral patterns: IMF

Programmable Central Bank Digital Currencies (CBDCs) could be used for state surveillance while posing risks…

2 days ago

Understanding the Cultural Impact of Nippon’s Acquisition of U.S. Steel

Article by Shinichiro (SHIN) Nakamura, President of one to ONE Holdings Nippon Steel’s proposed $15…

2 days ago

The Great Revolt will be the end of the AI saga

Joe Rogan is ten years older than me. So, when I say that I totally…

3 days ago

Why the US healthcare system is in urgent need of digital health solutions 

The US has access to some of the most advanced healthcare treatments and innovations. In…

6 days ago