Arthur T Knackerbracket has processed the following story:
The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure orgs' IT networks in America – and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.
The Chinese team remotely broke into IT environments — primarily across communications, energy, transportation systems, and water and wastewater system sectors — in the continental and non-continental United States and its territories, including Guam.
"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," a dozen Five Eyes government agencies warned on Wednesday.
[...] According to the US agencies, Volt Typhoon will likely use any network access it can get to pull off disruptive attacks against American systems and equipment in the event of geopolitical tensions or military conflicts.
[...] While the threat to American critical infrastructure appears to be the highest, should US facilities be disrupted, "Canada would likely be affected as well, due to cross-border integration," according to CCCS.
Australian and New Zealand critical infrastructure could be vulnerable as well.
In addition to sounding the alarm, the government bodies issued a long list of technical details, TTPs observed in the digital break-ins, and detection recommendations and best practices.
Plus, there's three actions that owners and operators should take "today" to mitigate the threat.
These include: Apply patches for internet-facing systems with priority given to appliances that Volt Typhoon likes to exploit.
Second: Turn on phishing-resistant multi-factor authentication (MFA).
And finally, ensure that logging is turned on for applications, access and security logs, and store these logs in a centralized system.
Related Stories
The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations.
"Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities."
[...] The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday.
"EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.
(Score: 5, Insightful) by RamiK on Saturday February 17 2024, @09:28AM (5 children)
In case folks aren't keeping up, all the aliens and espionage FUD you're hearing in the news recently is over section 702 of the FISA bill coming up for re-authorization: https://www.wired.com/story/section-702-privacy-reforms-sabotage-campaign/ [wired.com]
The campaign ties into how SNS CEOs find themselves in front of congressional committees having to answer for cyber-bullying and moderation of hate speech despite it being a legislative issue. That is, if congress really wants Facebook to do something about bullies and hate speech, it all it has to do is pass laws on the matter. So, calling Zuckerberg to public panels is just them flexing and telling him "keep selling us ad network data or we'll find ways to mess with your business".
compiling...
(Score: 4, Interesting) by VLM on Saturday February 17 2024, @08:09PM (1 child)
I'm not disagreeing with you but my immediate guess was spinning up for a false flag attack for the election year.
The puzzle:
1) Is the election interference goal to push "we need to stay the course with 'our' current leadership during these trying times"
or
2) Is the election interference goal to push "we can't have a memory care facility resident in charge during these trying times"
To some extent all we can do is wait for the false flag to happen, then see what message is pushed to figure out who ran the false flag and which side they're on. Who reacts immediately with simultaneous quotes and identical slogans across all forms of controlled media, that kind of thing. This is pretty traditional stuff over the last couple decades.
(Score: 2) by RamiK on Monday February 19 2024, @03:22PM
American voters don't have the attention span for privacy and press freedom issues unless there's a military conscription going on to keep protestors in the street. It's why no major publication mentioned Assange's extradition ruling from the UK being due this week.
compiling...
(Score: 1) by khallow on Monday February 19 2024, @08:15AM (2 children)
It's not a US legislative issue. First Amendment keeps the legislature from handling most of that. But as you say:
(Score: 2) by RamiK on Monday February 19 2024, @03:03PM (1 child)
I don't see how the first amendment is breached by congress passing a law saying the goverment is forbidden from buying ad network data. There been similar procurement bans handed out by congress since forever under similar circumstances (like restricting what weapons certain branches of goverment are allowed to buy and deploy).
compiling...
(Score: 1) by khallow on Monday February 19 2024, @04:51PM
(Score: 3, Interesting) by Username on Saturday February 17 2024, @10:18AM
finally, ensure that logging is turned on for applications, access and security logs, and store these logs in a centralized system for us to look at and tamper with.
(Score: 4, Touché) by Mojibake Tengu on Saturday February 17 2024, @12:48PM (4 children)
Why the critical infrastructure is connected to Internet?
I do not understand.
Rust programming language offends both my Intelligence and my Spirit.
(Score: 1, Insightful) by Anonymous Coward on Saturday February 17 2024, @01:50PM (2 children)
One word - convenience.
But undoing the potential for "cyber attack" can be pretty easy, someone just has to go into work instead of controlling the plant[1] from home in their pjs. The trick is in determining when it's time to pull the internet access--ideally just before the damage is done. Is anyone that smart?
[1] "Plant" in the control theory sense -- could be any sort of feedback controller of "systems and equipment in the event of geopolitical tensions or military conflicts."
(Score: 4, Interesting) by RS3 on Saturday February 17 2024, @04:45PM
I completely agree. Adding and augmenting, too many in the tech world are trying to make things too easy for non-technical people. You can thank unbridled competition. "Buy our gateway- it requires no configuration". Nevermind that it has "back doors", open to the 'net admin port, etc.
Years ago when I had ADSL I got seriously chided / scolded by ISP's tech support people because they couldn't access my gateway. 'nuff said there.
Also just plain and simple ignorance. Most people don't even know what they don't know. Too many people like to scold and chide "you need to ask the right questions". It's not possible to do when you don't know.
My point is, it's not just the convenience of system monitoring and control, but the convenience of it being too easy for non-experts to plug a bunch of things together and think everything is "secure". Frankly, the person doing it is not only not a real network engineer / admin, but is focused on getting things working, on or under $ and time budgets. "Look boss, I got it all working". Nobody does security audit because they don't have such people on staff, nor do they even know they need security-minded network admin.
Sorry, but I'll also blame the software world, but not the programmers, more the business leaders: the attitude of rushing things to market, and we'll patch things later.
I'll augment the ignorance concept: the danger that can happen through that nice Internet wire isn't tangible to many people. It's not like a hot stove or furnace, there's no electricity danger, it's not a water pipe that could spray and flood a building. It's just a little connector that causes cool blinky lights to happen.
I'll also blame, heavily, "corporate culture", including political structure, and pretty obviously: just bad management. My most recent full-time job my title was "machine mechanic". I was the only degreed engineer, let alone only network / admin expert. But company management never acknowledged my skills, nor ever gave me power or responsibility over things like network. Some other guy, who was super smart, kind of did it, but he was a total gadget hound who had no interest in nor responsibility for nor understanding of machine control systems (PLC and SCADA).
(Score: 2) by VLM on Saturday February 17 2024, @08:27PM
Not disagreeing but for additional reasons, check out Codesys automation server, I've played around and watched other demo it, and its pretty cool. Lets say you have exactly 19 printing press lines at a facility (true story I did contract IT work there), you can do the PLC equivalent of a "git push" and all the production lines running the "Release" branch get new code downloaded from the internet server. I would not push some major behavior change code, but the concept of PLC seems to continually add in stuff like human-machine UIs and remote monitoring and various machine learning BS, so if you're just fixing a typo on a screen its no big deal to push code. They also do the A/B testing and soft rollout over time and rollback stuff just like any other cluster, it just happens to be a cluster of PLCs not a cluster of webservers, and of course its mostly sold as SaaS-over-the-internet with a subscription of course.
Another possible issue I've seen, although I've not been personally involved with this, is PLC sellers love to nickel and dime the hell out of their users. "Oh you want to use an additional GPIO line? That's fine connect over the internet and subscribe to a microscopically higher tier of service". Technically this should not require "always on" internet access but in practice most implementations seem to.
(Score: 2) by Freeman on Monday February 19 2024, @07:40PM
*Insert Bureaucracy* explanation enough.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1, Insightful) by Anonymous Coward on Saturday February 17 2024, @01:43PM
Further motivation for the Chinese, sour grapes. Mexico recently passed China in exports to the USA, after running about the same for the last year or so.
https://fortune.com/2024/02/08/chilly-relations-beijing-mexico-exports-more-china-us-first-time-20-years/ [fortune.com]