Light Wave

World

China Suspected of Planting Malware Deep Within U.S. Infrastructure

By Jake Beardslee · July 30, 2023

In brief…

  • Biden admin. believes China implanted malicious code in US infrastructure networks, including power grids, water supplies, and communications, risking disruption during conflicts.
  • US officials say China's efforts date back at least a year.
  • White House is assessing the situation and briefing Congress
  • Chinese state-sponsored actors appear linked to the operation
  • Its scope and intent being assessed.
  • The malware aims at disruption, not surveillance.
White House and U.S. military uneasy over Chinese malware  

The Biden administration believes China has implanted malicious computer code deep within U.S. infrastructure networks, including those controlling power grids, communications, and water supplies to military bases. The cyber-infiltration of large swaths of U.S. infrastructure could enable China to disrupt American military operations if a conflict arises, such as over Taiwan.

Microsoft first reported detecting suspicious code in May, including in telecom systems in Guam. U.S. officials say China’s efforts predate that by at least a year. The full extent of China’s penetration into U.S. and foreign networks remains unknown.

White House officials have been meeting to assess the situation and develop a response. Administration officials, meanwhile, have begun briefing Congress, governors, and utilities. The operation has been linked to Chinese state-sponsored actors, as its scope and intent are being assessed.

The Chinese code targets basic infrastructure serving military bases and civilians. (Nuclear sites rely on independent systems.) The code has not been found in classified networks. If activated, the impact is uncertain. Officials believe that any disruption in communications and power could be restored within days.

China denies cyber-operations against the U.S. However, the malware in question is different, since disruption, not surveillance, appears to be the objective. At the Aspen Security Forum last week, Rob Joyce, Director of Cybersecurity at the NSA, called the situation “really disturbing” given the disruptive potential.

Microsoft experts uncovered hints of the problem in May. Brief consideration was given to monitoring the malware, but the White House ordered its swift removal given the level of threat involved. Even so, the overall sophistication of the code makes detection challenging.

George Barnes, Deputy director of the NSA, also speaking at the Aspen summit, said, “China is steadfast and determined to penetrate our governments, our companies, our critical infrastructure… In the earlier days, China’s cyber-operations activities were very noisy and very rudimentary,” he continued. “They have continued to bring resources, sophistication and mass to their game. So the sophistication continues to increase.”