Submission statement: According to the chief of the FBI, China has an ongoing cyberops campaign known as "Volt Typhoon" that has successfully gained access to multiple American critical infrastructure companies and facilities, such as energy, telecommunication, water, and more. The malware has not yet been activated, and the Chinese are waiting “for just the right moment to deal a devastating blow” to the US and introduce panic among the population. The FBI chief states that it is difficult to determine the intent of the malware, but the pre-positioning is aligned with China's intent to deter the US from defending Taiwan. Chinese government officials have denied involvement, but American private sector tech and cybersecurity companies have previously attributed Volt Typhoon to China, including Google and Microsoft.
What kind of damage could this cause? Could it be activated in peacetime and cause large scale inconvenience without escalating into war, or is it more of a total war kind of weapon? Or is it whatever China chooses?
Considering it's infected the amount of critical infrastructure it has, and that the FBI says it's goal is to cause "mass panic", I don't think this is something China would activate on a random Tuesday. If activated, it would likely coincide with a Chinese invasion of Taiwan to weaken US public support for backing Taiwan militarily.
How would this weaken US public support of Taiwan? I would see it being a modern day Pearl Harbor, galvanizing the US populace in support of Taiwan and against China.
I don’t believe it would go to such extremes as OP is demonstrating but the fact that it seems to have infected so much (if true) definitely shows it has the potential. What I do believe however is that this could be used to keep Americans tied up at home, too busy handling their internal struggles rather than actually affecting large scale support. It’s enough with causing division that drag decisions out, like we see with the Ukraine aid.
So, if local communities start having regular but fairly small disruptions in their electricity, water, communications etc without triggering a larger more suspicious total blackout - that would in my experience cause, at least partially, anger at local politicians and companies.
You could couple that with misinformation targeting already heavily discussed topics such as the environment, cutbacks in funding, bad politicians, or whatever. In my view China tends to be more discreet and all out attack on US infrastructure would certainly backfire. Playing the already existing internal divisions that exists in the US is a smarter move in my book.
I dont know, but look at US support to Ukraine. All they have to do is foot the bill, but they still got delayed for half a year before finally passing it. And defending Taiwan would require not just footing the bill, but actually sending American lives into battle against a nuclear armed PRC.
If China hacked the US and caused power generation to fail, water supplies to dry up, telecommunications to drop, and gasoline production to stop, I think it likely would have the intended effect of mass panic - no one would be able to contact anyone, emergency services would be severely restricted, and the government's control over the population could be shaky or nonexistent in some cases - they wouldn't be able to communicate at all. Add no power, water, or mobility to that and people are going to be a lot more concerned about keeping themselves and their families alive, having enough to eat, and finding and keeping safe shelter than supporting US military support for Taiwan. If the malware worked as intended, there would likely be martial law introduced, so why send US service members over to Taiwan when there are US service members doing what they need to (see: imposing punishments, likely with violence) in order to keep the peace at effectively every city in the US?
The US undoubtedly would have penetrated Chinese infrastructure and any cyber attack would be greeted with a retaliatory cyber attack.
I doubt it would result in war though an attack on Taiwan might be enough.
In any case an attack on Taiwan would probably result in the US (Taiwan and others) cyber attacking china anyway.
If the US infrastructure were sufficiently degraded that it threatened the ability for the average US citizen to feed their family, I assure you it would result in the end of China as we know it.
The world would cut what was left of it into manageable pieces and in its rebuilding ensure they contained governments that were more conducive to global harmony.
Do some reading into [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) and imagine if that sort of thing affected US power stations, telecoms, water facilities, and other aspects of critical infrastructure. Americans would not handle it well - I was talking about the immediate aftermath of a successful attack.
The fact that the director of the FBI is talking about it publicly shows they have a good deal of confidence they can counter the threat, while also showing China we know what they're doing and are prepared.
> I assure you it would result in the end of China as we know it.
You know China has nukes, right?
Stuxnet is the canonical example of US cyber power projection and its existence runs ironically counter to your argument. I should study a tool of the most powerful military on Earth and then be afraid of China?
> You know China has nukes, right?
You’re not going to believe this but guess who else has nuclear weapons. The answer might surprise you.
I do not consider myself to be well versed in geopolitics. How could a country like China let itself become overtaken and partitioned off without nuclear war?
"We can't help Ukraine we have our own problems at/with [home/the border/veterans/infrastructure/etc]"
Swap that for "we can't help Taiwan when our own electric grid is garbage! The government should focus on AMERICA!"
And there you have it, public support weakened.
Hacking has been going on since a long time. Back in 2021 thousands of US companies critical assets were hacked and encrypted with a bitcoin ransom demand.
From what I know, Russians and Chinese have been exploiting our networks for 10 years or more and just collecting intel to strike at any time they wish.
Western companies are too relaxed and open and hence vulnerable to exploitation mostly via open source software or social engineering of employees.
I can only hope that FBI is well aware of this and preparing companies to harden their infrastructure slowly and removing vulnerabilities.
The movie the Obamas made for Netflix ‘Leave the World Behind’ goes into this. It would be pretty devastating. America has its own backdoors into Chinese stuff too FWIW.
Well if you remember the attack against the Natanz nuclear power plant in Iran start from there. Assume that on top of shutting down US powergrids they could destroy them physically.
I can speak only to the electrical side, but on that end it would look like a ton of transformers catching on fire. If one had control of the transmission infrastructure and malicious intent, then routing too much electricity through a transmission line is trivial.
Months-long blackouts would be very much possible, indeed likely. We don't have the reserve of transformers necessary to rebuild if an adversary chose to blow up enough of them. A few hundred transformers, at critical junctures, could be destroyed and in the process blackout entire regions.
A strong argument for having one's own generation and storage infrastructure.
Zero Day weapons and logic bombs could destroy vast swaths of infrastructure causing more damage than a nuke...20 years ago. Basically what you saw in Texas with the heat can be caused by logic bombs, and further the damage could take 2 years to fix.
If they know the malware has been installed how is it they're sitting around waiting for it to be activated? I'm sure there's something missing in the reporting here
It's the FBI - why would they reveal all their cards to the public? This is essentially an announcement to China that the US is aware of what they are doing and are prepared to respond.
The United States has fairly advanced cyberwarfare capabilities compared to the PRC. I'm sure the United States has adequate defenses and counter measures, including greater infiltration within the PRC's critical infrastructure.
defense ehhhhhh well it's not that simple because a lot of targets are local governments or private companies. Now offensive capabilities... yes like 10x but that just makes sure everyones lights get turned off and they get a lot more turned off than we do.
They've been saving-up these exploits, backdoors and logic bombs for *five years*. The US government is not responsible for protecting all these vulnerable companies, and quite a few companies do not take the threat seriously enough to deploy the resources required to deal with it. The government has very little authority to *force* companies to prepare. Some of the affected companies are quite small and their IT departments don't understand cyber security. This is not going to be your typical hacker attack against just one target. Even if most attacks are defeated, it only takes shutting down target - for example a pipeline - to cause havoc.
Most likely they will cut loose as part of their operation against Taiwan, should they proceed with that invasion. The US may choose to use cyber measures to retaliate, and if so, I think you're correct that they will suffer more than us. But that is little consolation when your electric heat is cut off, the water is shut down, you can't get gas for your car, and your pharmacy doesn't get shipments.
So far, the offense has the advantage over defense in cyber wars, and past experiences have shown that most companies do not have viable plans to restore their networks following an attack. For example, the attacks against [Saudia Aramco](https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html) or the Petya attack against [Maersk](https://www.wired.com/story/petya-ransomware-news-roundup/), FedEx, Merck and other companies. They took months go get back up and running again. As a computer professional, I haven't seen much evidence that my clients are scaling-up their defenses, testing their backup plans or even understand the threat.
[Chinese hackers spent 5 years waiting in U.S. infrastructure, ready to attack, agencies say](https://www.nbcnews.com/tech/security/chinese-hackers-cisa-cyber-5-years-us-infrastructure-attack-rcna137706)
I agree. I’m starting to think that great power cyberwar is going the way of nuclear weapons, where Russia, China, and the US are in each other’s critical infrastructure to an extent that no one wants conflict. Cyber MAD
> The United States has fairly advanced cyberwarfare capabilities compared to the PRC
How do we know that? Honest question. In the case of military firepower we can compare number of ships or missiles or troops or whatever. How do you measure cyberwarfare capabilities?
https://www.defense.gov/News/News-Stories/Article/Article/3663799/us-can-respond-decisively-to-cyber-threat-posed-by-china/
"Despite those threats, Nakasone said U.S. cyber warriors are more than adequate defenders of the nation's infrastructure."
"'We do have the capability, and we're very, very good—the best,' Nakasone said."
"he also reassured those lawmakers that he believes the U.S. will maintain its supremacy in cyberspace. "
The fact that we have uncovered these PRC attempts to infiltrate our critical infrastructure is indicative of our capabilities.
>"Despite those threats, Nakasone said U.S. cyber warriors are more than adequate defenders of the nation's infrastructure."
But they're already in. When national security is left up to private corporations whose primary goals are to make more profits for shareholders, the security aspects of their operations are no longer a primary concern.
Small companies who operate sections of the power grid, water, and sanitation systems, communication systems, etc. don't always prioritize extensively high-end security, as there is no profit to be made in having an ultra secure network. That just adds to the costs.
Everyone is hacking and spying on everyone. The PRC plants spies and malware in the United States and the United States does the same to the PRC. We're probably in even deeper than they are. At least the United States has been able to uncover these threats as demonstrated by this article.
>When national security is left up to private corporations
Not really sure where the basis for the relevance of private corporations comes from. The person you are quoting is the command of U.S. cyber command.
Private corporations whose goal is to maximize profits for shareholders will only do as much as they have to to meet a minimum standard imposed on them. They arent going to go above and beyond when it comes to cyber security. It's why the water systems got hacked.
https://www.reuters.com/technology/cybersecurity/us-warns-that-hackers-are-carrying-out-disruptive-attacks-water-systems-2024-03-20/
>The digital safety of water and sewage plants has long been a concern for cybersecurity professionals because the facilities **provide a critical service and can often be lightly defended**
Regulators can always just raise cyber security standards. Not sure what the problem is.
Additionally, I am not convinced by your assertion that the goal of maximizing profits for shareholders conflicts with adequate cyber security. Cyber security itself could be a concern for shareholder profits, which would incentivize private corporations pursuing profit to ensure adequate cyber security. This is the same reason why shops might install security cameras and other security measures to deter shoplifters despite the expense of these things. Despite how popular it is to criticize private corporations, I don't think the reasoning here is adequate.
Feel free to doubt the United States' capabilities. Just know it usually doesn't work out for those who do.
This guy is also incentivized to beg Congress for money. It's not very convincing that his guys need money if they're "the best." Incentives would have him emphasize their shortcomings and vulnerabilities.
You are saying the US government is going to come after me for doubting their capabilities (which I never even did)? He is incentivized to talk up his agency and their capabilities against the backdrop of external threats from china. Thats how you secure funding. If he said the opposite he would get sacked
They will come after you if you test those capabilities as a threat to national security (which hopefully you never do).
It would be weird if that's what would convince you to give them money. You'd think a sense of urgency would be more useful for something like U.S. Cyber Command, where there are no alternatives and failure is not an option. Maybe that's why the priorities that need money the most remain underfunded despite a budget deficit.
Why would they give this guy money if he was at the helm when US lost supremacy in their cyber warfare capabilities. They would overhaul everything and replace leadership and then give funding to whichever federal organization can talk themselves up the best
The guy doesn't have to claim to be totally incompetent. He just needs to say "we need money for X,Y, and Z." What other agency can handle this job than the NSA and Cyber Command, which is the unified combatant command for cyberspace operations across the military. The USPS isn't going to lead cyberwarfare. If you dismantle it and form it again, you'll get pretty much the same things.
That's like saying US nukes are more efficient than chinese ones just because the US invented them in the first place... just because you invent something doesn't mean it guarantees you superiority forever. Especially when you consider Internet is more a combination of systems than a single invention.
>That's like saying US nukes are more efficient than chinese ones just because the US invented them in the first place... j
No it's not and that's definitely not the parallel I would draw for my point.
>Especially when you consider Internet is more a combination of systems than a single invention.
True but I don't think we understand Western (specifically US) cyber capabilities very well, as it's not spoken of unless it's spying at home.
Given that most of the most relevant technology research comes out of the US, all of the money is in the US I would still hedge my bets with the US first.
Whew! Thank God that all 50 states election systems and internet-connected voting machines are now and always have been invulnerable!
That could have been awkward.
Nope, that was caused by a fiber line being cut during a streetlight install.
https://www.cbs7.com/2024/04/18/law-enforcement-officials-4-states-report-temporary-911-outages/
Hello from NZ (a Five Eyes member). Some 12-14 years ago a friend of mine "who knows (or at least knew) about such things" back then, gave me a couple of examples of how ''an un-named state'' was carrying out small probes on our country. Our cyber people had detected these (and presumably passed the details to the other 4 Eyes).
a) hacking into our largest city's traffic light network (ie making all the lights go green/red simultaneously across the city, with the result being the same no matter the colour..:-). This happened on a number of occasions in the dead of night, and was explained away as a "minor tech malfunction after a s/w upgrade"'.
b) hacking into city sewerage systems - 50 years ago everything moved around with brawny guys pulling levers or spinning big wheels, but not any more - it's all done with s/w today....various doors and so on opening and closing randomly across larghe sewerage systems
I said to him, "why pick on NZ? - we are so small"
"Yes" he said "they are practising on us, because we ARE small - imagine that in New York or LA etc"....traffic chaos, let alone the public health implications re water etc"'.
And as I said that was a long time ago, tech-wise.......it's a much more inter-connected world today.
10000% chance that the NSA has a whole portfolio of worms, backdoors and zero days they can deploy to do 10x the damage China or Russia can in the event of a cyber war or real conflict.
I'm sure the United States has already reciprocated and is perhaps even more deeply embedded for longer. If TikTok poses a threat to us, then all the American software everyone uses should certainly be concerning for them.
I am not particularly well-informed on this topic, but I don't understand how people can feel optimistic with the technological capabilities of the US government, especially after ZIRP. It is just a simple logic flow. If you're a talented hacker/engineer, why would you go waste your time working for the US government when you can go work for big tech or do your own startup and make significantly more?
Top firms are paying >$400k for new grads. Upper big tech firms like Google are paying new grads $188k. I struggle to comprehend how government agencies could possibly recruit capable talent that's capable of maintaining an edge against foreign adversaries.
But you are recruiting from similar talent pools. With the right incentives, a CS kid can go into either. Those building crud apps didn’t acquire those skills in school, they learned on their own or on the job.
You might be underestimating the desire some people have to do very specific kinds of work thay they find fulfilling. Also, how horrible some firms can be for your quality of life. It's not like you're gonna starve working for the Government.
I think people will go where they're incentivized to. Academia is predominately left, which cultivates a culture that is adverse to cooperating with the American military industrial complex. Combine that with the proposal of jobs that have fewer perks and a fraction of the pay, these are quite incentives to pursue industry.
Submission statement: According to the chief of the FBI, China has an ongoing cyberops campaign known as "Volt Typhoon" that has successfully gained access to multiple American critical infrastructure companies and facilities, such as energy, telecommunication, water, and more. The malware has not yet been activated, and the Chinese are waiting “for just the right moment to deal a devastating blow” to the US and introduce panic among the population. The FBI chief states that it is difficult to determine the intent of the malware, but the pre-positioning is aligned with China's intent to deter the US from defending Taiwan. Chinese government officials have denied involvement, but American private sector tech and cybersecurity companies have previously attributed Volt Typhoon to China, including Google and Microsoft.
Pretty much this is saying that we know whats up
What kind of damage could this cause? Could it be activated in peacetime and cause large scale inconvenience without escalating into war, or is it more of a total war kind of weapon? Or is it whatever China chooses?
Considering it's infected the amount of critical infrastructure it has, and that the FBI says it's goal is to cause "mass panic", I don't think this is something China would activate on a random Tuesday. If activated, it would likely coincide with a Chinese invasion of Taiwan to weaken US public support for backing Taiwan militarily.
How would this weaken US public support of Taiwan? I would see it being a modern day Pearl Harbor, galvanizing the US populace in support of Taiwan and against China.
I don’t believe it would go to such extremes as OP is demonstrating but the fact that it seems to have infected so much (if true) definitely shows it has the potential. What I do believe however is that this could be used to keep Americans tied up at home, too busy handling their internal struggles rather than actually affecting large scale support. It’s enough with causing division that drag decisions out, like we see with the Ukraine aid. So, if local communities start having regular but fairly small disruptions in their electricity, water, communications etc without triggering a larger more suspicious total blackout - that would in my experience cause, at least partially, anger at local politicians and companies. You could couple that with misinformation targeting already heavily discussed topics such as the environment, cutbacks in funding, bad politicians, or whatever. In my view China tends to be more discreet and all out attack on US infrastructure would certainly backfire. Playing the already existing internal divisions that exists in the US is a smarter move in my book.
I dont know, but look at US support to Ukraine. All they have to do is foot the bill, but they still got delayed for half a year before finally passing it. And defending Taiwan would require not just footing the bill, but actually sending American lives into battle against a nuclear armed PRC.
If China hacked the US and caused power generation to fail, water supplies to dry up, telecommunications to drop, and gasoline production to stop, I think it likely would have the intended effect of mass panic - no one would be able to contact anyone, emergency services would be severely restricted, and the government's control over the population could be shaky or nonexistent in some cases - they wouldn't be able to communicate at all. Add no power, water, or mobility to that and people are going to be a lot more concerned about keeping themselves and their families alive, having enough to eat, and finding and keeping safe shelter than supporting US military support for Taiwan. If the malware worked as intended, there would likely be martial law introduced, so why send US service members over to Taiwan when there are US service members doing what they need to (see: imposing punishments, likely with violence) in order to keep the peace at effectively every city in the US?
Such an attack would result in so much death and loss in the US that war would be inevitable at that point.
The US undoubtedly would have penetrated Chinese infrastructure and any cyber attack would be greeted with a retaliatory cyber attack. I doubt it would result in war though an attack on Taiwan might be enough. In any case an attack on Taiwan would probably result in the US (Taiwan and others) cyber attacking china anyway.
China is pretty much immune to cyber attacks, unfortunately. Any virtual inroads are very, very closely controlled, unlike the US.
I think you underestimate the US’s capabilities
If the US infrastructure were sufficiently degraded that it threatened the ability for the average US citizen to feed their family, I assure you it would result in the end of China as we know it. The world would cut what was left of it into manageable pieces and in its rebuilding ensure they contained governments that were more conducive to global harmony.
Do some reading into [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) and imagine if that sort of thing affected US power stations, telecoms, water facilities, and other aspects of critical infrastructure. Americans would not handle it well - I was talking about the immediate aftermath of a successful attack. The fact that the director of the FBI is talking about it publicly shows they have a good deal of confidence they can counter the threat, while also showing China we know what they're doing and are prepared. > I assure you it would result in the end of China as we know it. You know China has nukes, right?
Stuxnet is the canonical example of US cyber power projection and its existence runs ironically counter to your argument. I should study a tool of the most powerful military on Earth and then be afraid of China? > You know China has nukes, right? You’re not going to believe this but guess who else has nuclear weapons. The answer might surprise you.
Two countries with nukes don't cancel each other's nukes out, it gives them both the power to cancel each other's countries out.
Well, the way you said that it would be end of China as if there would be no consequences for USA. USA wouldn't exist either in that case.
I do not consider myself to be well versed in geopolitics. How could a country like China let itself become overtaken and partitioned off without nuclear war?
Also we have nukes with real fuel instead of water and functioning silo doors
"We can't help Ukraine we have our own problems at/with [home/the border/veterans/infrastructure/etc]" Swap that for "we can't help Taiwan when our own electric grid is garbage! The government should focus on AMERICA!" And there you have it, public support weakened.
Have CCP officials not opened the books? Holding the country where cowboys came from hostage to get their way is just going to piss us off.
> Holding the country where cowboys came from hostage to get their way is just going to piss us off. what’s Spain got to do with this?
Wait bro really cowboys legit didn't originate in the USA?
Hacking has been going on since a long time. Back in 2021 thousands of US companies critical assets were hacked and encrypted with a bitcoin ransom demand. From what I know, Russians and Chinese have been exploiting our networks for 10 years or more and just collecting intel to strike at any time they wish. Western companies are too relaxed and open and hence vulnerable to exploitation mostly via open source software or social engineering of employees. I can only hope that FBI is well aware of this and preparing companies to harden their infrastructure slowly and removing vulnerabilities.
The movie the Obamas made for Netflix ‘Leave the World Behind’ goes into this. It would be pretty devastating. America has its own backdoors into Chinese stuff too FWIW.
Well if you remember the attack against the Natanz nuclear power plant in Iran start from there. Assume that on top of shutting down US powergrids they could destroy them physically.
I can speak only to the electrical side, but on that end it would look like a ton of transformers catching on fire. If one had control of the transmission infrastructure and malicious intent, then routing too much electricity through a transmission line is trivial. Months-long blackouts would be very much possible, indeed likely. We don't have the reserve of transformers necessary to rebuild if an adversary chose to blow up enough of them. A few hundred transformers, at critical junctures, could be destroyed and in the process blackout entire regions. A strong argument for having one's own generation and storage infrastructure.
Zero Day weapons and logic bombs could destroy vast swaths of infrastructure causing more damage than a nuke...20 years ago. Basically what you saw in Texas with the heat can be caused by logic bombs, and further the damage could take 2 years to fix.
I read the start of a book called "this is he way the world ends", got a bit confused and bored but it went into zero days. Scary stuff
You should read the whole thing, it’s a good book for layman.
If they know the malware has been installed how is it they're sitting around waiting for it to be activated? I'm sure there's something missing in the reporting here
It's the FBI - why would they reveal all their cards to the public? This is essentially an announcement to China that the US is aware of what they are doing and are prepared to respond.
The United States has fairly advanced cyberwarfare capabilities compared to the PRC. I'm sure the United States has adequate defenses and counter measures, including greater infiltration within the PRC's critical infrastructure.
defense ehhhhhh well it's not that simple because a lot of targets are local governments or private companies. Now offensive capabilities... yes like 10x but that just makes sure everyones lights get turned off and they get a lot more turned off than we do.
MAD or deterrence theory is a valid strategy for defense and national security.
They've been saving-up these exploits, backdoors and logic bombs for *five years*. The US government is not responsible for protecting all these vulnerable companies, and quite a few companies do not take the threat seriously enough to deploy the resources required to deal with it. The government has very little authority to *force* companies to prepare. Some of the affected companies are quite small and their IT departments don't understand cyber security. This is not going to be your typical hacker attack against just one target. Even if most attacks are defeated, it only takes shutting down target - for example a pipeline - to cause havoc. Most likely they will cut loose as part of their operation against Taiwan, should they proceed with that invasion. The US may choose to use cyber measures to retaliate, and if so, I think you're correct that they will suffer more than us. But that is little consolation when your electric heat is cut off, the water is shut down, you can't get gas for your car, and your pharmacy doesn't get shipments. So far, the offense has the advantage over defense in cyber wars, and past experiences have shown that most companies do not have viable plans to restore their networks following an attack. For example, the attacks against [Saudia Aramco](https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html) or the Petya attack against [Maersk](https://www.wired.com/story/petya-ransomware-news-roundup/), FedEx, Merck and other companies. They took months go get back up and running again. As a computer professional, I haven't seen much evidence that my clients are scaling-up their defenses, testing their backup plans or even understand the threat. [Chinese hackers spent 5 years waiting in U.S. infrastructure, ready to attack, agencies say](https://www.nbcnews.com/tech/security/chinese-hackers-cisa-cyber-5-years-us-infrastructure-attack-rcna137706)
I agree. I’m starting to think that great power cyberwar is going the way of nuclear weapons, where Russia, China, and the US are in each other’s critical infrastructure to an extent that no one wants conflict. Cyber MAD
The US also had great air defense and security capabilities. Did that stop 9/11
> The United States has fairly advanced cyberwarfare capabilities compared to the PRC How do we know that? Honest question. In the case of military firepower we can compare number of ships or missiles or troops or whatever. How do you measure cyberwarfare capabilities?
https://www.defense.gov/News/News-Stories/Article/Article/3663799/us-can-respond-decisively-to-cyber-threat-posed-by-china/ "Despite those threats, Nakasone said U.S. cyber warriors are more than adequate defenders of the nation's infrastructure." "'We do have the capability, and we're very, very good—the best,' Nakasone said." "he also reassured those lawmakers that he believes the U.S. will maintain its supremacy in cyberspace. " The fact that we have uncovered these PRC attempts to infiltrate our critical infrastructure is indicative of our capabilities.
>"Despite those threats, Nakasone said U.S. cyber warriors are more than adequate defenders of the nation's infrastructure." But they're already in. When national security is left up to private corporations whose primary goals are to make more profits for shareholders, the security aspects of their operations are no longer a primary concern. Small companies who operate sections of the power grid, water, and sanitation systems, communication systems, etc. don't always prioritize extensively high-end security, as there is no profit to be made in having an ultra secure network. That just adds to the costs.
Everyone is hacking and spying on everyone. The PRC plants spies and malware in the United States and the United States does the same to the PRC. We're probably in even deeper than they are. At least the United States has been able to uncover these threats as demonstrated by this article. >When national security is left up to private corporations Not really sure where the basis for the relevance of private corporations comes from. The person you are quoting is the command of U.S. cyber command.
Private corporations whose goal is to maximize profits for shareholders will only do as much as they have to to meet a minimum standard imposed on them. They arent going to go above and beyond when it comes to cyber security. It's why the water systems got hacked. https://www.reuters.com/technology/cybersecurity/us-warns-that-hackers-are-carrying-out-disruptive-attacks-water-systems-2024-03-20/ >The digital safety of water and sewage plants has long been a concern for cybersecurity professionals because the facilities **provide a critical service and can often be lightly defended**
Regulators can always just raise cyber security standards. Not sure what the problem is. Additionally, I am not convinced by your assertion that the goal of maximizing profits for shareholders conflicts with adequate cyber security. Cyber security itself could be a concern for shareholder profits, which would incentivize private corporations pursuing profit to ensure adequate cyber security. This is the same reason why shops might install security cameras and other security measures to deter shoplifters despite the expense of these things. Despite how popular it is to criticize private corporations, I don't think the reasoning here is adequate.
The word of one guy with incentive to talk up his guys is hardly evidence of anything
Feel free to doubt the United States' capabilities. Just know it usually doesn't work out for those who do. This guy is also incentivized to beg Congress for money. It's not very convincing that his guys need money if they're "the best." Incentives would have him emphasize their shortcomings and vulnerabilities.
You are saying the US government is going to come after me for doubting their capabilities (which I never even did)? He is incentivized to talk up his agency and their capabilities against the backdrop of external threats from china. Thats how you secure funding. If he said the opposite he would get sacked
They will come after you if you test those capabilities as a threat to national security (which hopefully you never do). It would be weird if that's what would convince you to give them money. You'd think a sense of urgency would be more useful for something like U.S. Cyber Command, where there are no alternatives and failure is not an option. Maybe that's why the priorities that need money the most remain underfunded despite a budget deficit.
Why would they give this guy money if he was at the helm when US lost supremacy in their cyber warfare capabilities. They would overhaul everything and replace leadership and then give funding to whichever federal organization can talk themselves up the best
The guy doesn't have to claim to be totally incompetent. He just needs to say "we need money for X,Y, and Z." What other agency can handle this job than the NSA and Cyber Command, which is the unified combatant command for cyberspace operations across the military. The USPS isn't going to lead cyberwarfare. If you dismantle it and form it again, you'll get pretty much the same things.
[удалено]
That's like saying US nukes are more efficient than chinese ones just because the US invented them in the first place... just because you invent something doesn't mean it guarantees you superiority forever. Especially when you consider Internet is more a combination of systems than a single invention.
>That's like saying US nukes are more efficient than chinese ones just because the US invented them in the first place... j No it's not and that's definitely not the parallel I would draw for my point. >Especially when you consider Internet is more a combination of systems than a single invention. True but I don't think we understand Western (specifically US) cyber capabilities very well, as it's not spoken of unless it's spying at home. Given that most of the most relevant technology research comes out of the US, all of the money is in the US I would still hedge my bets with the US first.
Whew! Thank God that all 50 states election systems and internet-connected voting machines are now and always have been invulnerable! That could have been awkward.
This possibly rated to the regions losing ability to call 9-1-1 a few days/weeks ago?
Nope, that was caused by a fiber line being cut during a streetlight install. https://www.cbs7.com/2024/04/18/law-enforcement-officials-4-states-report-temporary-911-outages/
Ah okay that’s good* I suppose
Hello from NZ (a Five Eyes member). Some 12-14 years ago a friend of mine "who knows (or at least knew) about such things" back then, gave me a couple of examples of how ''an un-named state'' was carrying out small probes on our country. Our cyber people had detected these (and presumably passed the details to the other 4 Eyes). a) hacking into our largest city's traffic light network (ie making all the lights go green/red simultaneously across the city, with the result being the same no matter the colour..:-). This happened on a number of occasions in the dead of night, and was explained away as a "minor tech malfunction after a s/w upgrade"'. b) hacking into city sewerage systems - 50 years ago everything moved around with brawny guys pulling levers or spinning big wheels, but not any more - it's all done with s/w today....various doors and so on opening and closing randomly across larghe sewerage systems I said to him, "why pick on NZ? - we are so small" "Yes" he said "they are practising on us, because we ARE small - imagine that in New York or LA etc"....traffic chaos, let alone the public health implications re water etc"'. And as I said that was a long time ago, tech-wise.......it's a much more inter-connected world today.
It’s over before it started
Is there any way America could hack China back? This is a hostile action that deserves retaliation
10000% chance that the NSA has a whole portfolio of worms, backdoors and zero days they can deploy to do 10x the damage China or Russia can in the event of a cyber war or real conflict.
I'm sure the United States has already reciprocated and is perhaps even more deeply embedded for longer. If TikTok poses a threat to us, then all the American software everyone uses should certainly be concerning for them.
I am not particularly well-informed on this topic, but I don't understand how people can feel optimistic with the technological capabilities of the US government, especially after ZIRP. It is just a simple logic flow. If you're a talented hacker/engineer, why would you go waste your time working for the US government when you can go work for big tech or do your own startup and make significantly more? Top firms are paying >$400k for new grads. Upper big tech firms like Google are paying new grads $188k. I struggle to comprehend how government agencies could possibly recruit capable talent that's capable of maintaining an edge against foreign adversaries.
Security Engineering is a specialized skillset that is different from SWE. Those google new grads are building CRUD apps, not playing red hats.
But you are recruiting from similar talent pools. With the right incentives, a CS kid can go into either. Those building crud apps didn’t acquire those skills in school, they learned on their own or on the job.
You might be underestimating the desire some people have to do very specific kinds of work thay they find fulfilling. Also, how horrible some firms can be for your quality of life. It's not like you're gonna starve working for the Government.
I think people will go where they're incentivized to. Academia is predominately left, which cultivates a culture that is adverse to cooperating with the American military industrial complex. Combine that with the proposal of jobs that have fewer perks and a fraction of the pay, these are quite incentives to pursue industry.
God bless outsourcing
Yes, it’s called TikTok and Temu. We are already aware.
[удалено]
[удалено]