Government and Policy

Cyber pandemic prep: CISA warns of Chinese cyberattacks as new DARPA program looks for flaws in commercial devices, platforms

Cyber pandemic rhetoric is making the rounds again, with the director of the US Cybersecurity and Infrastructure Security Agency (CISA) warning that China may use aggressive cyber operations on US pipelines and rail lines.

At the same time, the US Defense Advanced Research Projects Agency (DARPA) is putting together a research program to identify vulnerabilities in commercial devices and platforms.

“In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic”

Jen Easterly, CISA, 2023

Speaking at the Aspen Institute on Monday, CISA director Jen Easterly warned:

In the event of a conflict, China will almost certainly use aggressive cyber operations to go after our critical infrastructure to include pipelines and rail lines — to delay military deployment and to induce societal panic.

“This I think is the real threat that we need to be prepared for, and to focus on, and to build resilience against.”

The threat of cyberattacks on critical infrastructure is nothing new.

Last year, the White House put out a statement warning that Russia was “exploring options for potential cyberattacks” on critical infrastructure as well.

Likewise, the World Economic Forum (WEF) and partners have for years been prepping for a cyber pandemic that founder Klaus Schwab said “would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.”

“We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole”

Klaus Schwab, WEF Cyber Polygon, 2020

In the latest iteration of cyber pandemic preparedness, Easterly referenced a recent cyber breach associated with the People’s Republic of China (PRC) via a “state-sponsored cyber actor” known as Volt Typhoon, which was able to infiltrate US military and private sector infrastructure.

According to CISA, Volt Typhoon’s tactic was something called “living off the land,” which uses built-in network administration tools to perform their objectives.

This tactic “allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.”

We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold,” said Easterly.

I think it’s going to be very, very difficult for us to prevent disruptions from happening, which comes down to resilience,” she added.

“We need to deal with this specific tactic of what’s called ‘living off the land,’ which is essentially threat actors using the native processes of your computers to be able to get a foothold”

Jen Easterly, CISA, 2023

A day after Easterly’s remarks, DARPA announced a Proposers Day for its upcoming “Intelligent Generation of Tools for Security (INGOTS) program, which aims to “improve software and hardware resiliency of pervasive commercial devices by rapidly identifying and prioritizing their most dangerous flaws.”

While the INGOTS program description doesn’t reference “China,” “Volt Typhoon or “living off the land,” the program’s “vulnerability measurement pipeline” could help identify potential flaws, so organizations can better prepare themselves against “living off the land” types of breaches.

According to the program description, “Today, sophisticated cyberattacks combine multiple vulnerabilities into exploit chains that bypass software and hardware security measures to fully compromise critical, high-value devices.

“The INGOTS program aims to harden platforms against exploit chains by identifying and fixing these high-severity, chainable vulnerabilities before attackers can leverage them.”

In the end, “The INGOTS program will develop novel approaches, driven by program analysis and Artificial Intelligence (AI), to rapidly measure and comprehensively repair chainable vulnerabilities within modern, high-complexity software and hardware in order to preemptively defend against sophisticated cyber-attacks.”

DARPA’s INGOTS program Proposers Day will be held on June 30, 2023.

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

GAN, Tec de Monterrey partnership highlights cross-border startup ecosystem building in Latin America amid trade dispute

Despite recent tensions between the United States government and Latin American countries over migration and…

22 hours ago

This founder started out with US $5K to his name. Now, he owns a multi-million-dollar global business

Meet Nitin Seth, the Co-Founder and CEO of Screen Magic (SMS Magic), a messaging leader…

1 day ago

Building smarter: AI, the ultimate tool transforming an old-age industry

In this Brains Byte Back, we sit down with Hari Vasudevan, founder and CEO of…

1 day ago

When AI Goes Rogue: 8 Lessons from Implementing LLMs in the Healthcare Industry that Could Save the Future

By Santosh Shevade, Principal Data Consultant at Gramener – A Straive company All pharmaceutical companies…

3 days ago

Digital Public Infrastructure will enable public, private entities to control your access to essential goods, services & mobility

Digital Public Infrastructure is a top-down agenda coming from unelected globalists, bureaucrats, and their partners…

1 week ago

Open Source Claims to Be a Meritocracy—So Why Are Companies Buying Their Way In?

Imagine that you are a maintainer of a widely used open source project relied upon…

1 week ago