BNSF classification yard in northwest Denver, CO, USA.
Image: Acton Crawford via Unsplash

China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says

LAS VEGAS — Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly warned that the Chinese government would consider destructive or disruptive attacks on American pipelines, railroads and other critical infrastructure if it believed the U.S. would get involved during a potential invasion of Taiwan.

During the DEF CON security conference this weekend, Easterly spoke alongside Transportation Security Administration (TSA) administrator David Pekoske about efforts to both address the country’s cybersecurity gaps and convince the hacker community to lend a helping hand.

Easterly did not hold back in describing the threat from China — openly confirming concerns raised by White House officials in a New York Times story last month about the potential for destructive cyberattacks during an invasion of Taiwan.

In May, Microsoft and U.S. officials revealed that hackers connected to the government in Beijing had moved beyond their penchant for surveillance and data theft. Chinese hackers had developed the capability to cause disruption to U.S. critical infrastructure, particularly on military bases on the island of Guam.

China sees Taiwan as a breakaway province that eventually should return to control by Beijing. President Joe Biden said in September 2022 that the U.S. would send troops to Taiwan if it was invaded.

‘Formidable capabilities’

The New York Times story in July said several U.S. government agencies had begun a global search through its systems for evidence of Chinese malfeasance, discovering that the hackers’ access extended to the power grids, communications systems and water supplies for military bases within the U.S. and abroad.

Easterly said on Saturday that the escalation was alarming because U.S. officials spent more than a decade fighting against Chinese cyberattacks that focused on the theft of financial and technological information as well as outright surveillance.

“I hope that people are taking seriously a pretty stark warning about the potential for China to use their very formidable capabilities in the event of a conflict in the Taiwan Straits to go after our critical infrastructure,” she told the crowd.

Read more: China to disclose secret US ‘global reconnaissance system,’ claims official

“I think we've seen a change, frankly," Easterly said. "In some of the products that we put out earlier this year, a cybersecurity advisory talked about Chinese state-sponsored actors living off the land. So not malware, but actually using the native processes of a computer to hide in those systems. And it wasn't for espionage or data theft, which has been going on for decades. It was more likely for disruption and destruction.”

CISA did not respond to requests for comment about the discrepancy between Easterly’s assessment that potential attacks would not involve malware and the New York Times’ explicit mention of malware.

Bracing for disruption

Easterly echoed a call she made earlier in the week for the American public to brace itself for the potential for disruptive cyberattacks while taking lessons from Ukraine, which has faced an onslaught of digital incidents since Russia invaded last year.

The intelligence community has already included stark warnings in its annual threat assessment, she noted.

“In the event of a conflict, China will almost certainly consider aggressive cyberattacks against U.S. critical infrastructure and is almost certainly capable of disruption or destruction when it comes to oil and natural gas pipelines and railroads,” she said.

Pekoske echoed her concerns, telling the crowd that time “is not our friend.” At an earlier event, Pekoske said the TSA was moving quickly to coordinate with other agencies and issue emergency directives because of the intelligence they are getting from security officials.

“You don't issue emergency amendments to a security plan unless you feel like you are in an emergency situation,” he said.

“The intelligence we’re getting is consistent. It's getting consistently more concerning over time.”

The reactions to the ransomware attack on Colonial Pipeline and the arrival of several high-altitude balloons allegedly from China in February were evidence that the American public needed to be more pragmatic about the potential for attacks while being prepared to “meet them with resilience and unity as an American people,” Easterly said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.