FBI adapting to 'growing' threat from Chinese cyber activity, senior official says
SAN FRANCISCO — The threat posed by malicious Chinese cyber activities is “absolutely a growing problem” as the U.S. tracks Beijing’s designs on Taiwan and prepares for the 2024 presidential election, according to a senior FBI official.
“We know more than we used to know, but that probably just makes it all the more concerning,” Cynthia Kaiser, deputy assistant director of the FBI’s Cyber Division, told The Record during an interview at the RSA Conference.
“We see China using cyber operations at the same time they're using intelligence operations. They're blending their operations to go after what they want to go after. And we don't see a slowing down of those efforts,” she added.
Kaiser made her remarks the same day FBI Director Christopher Wray testified that the bureau’s cyber personnel devoted to the China threat are outnumbered “50 to 1” by Chinese hackers.
"They've got a bigger hacking program than every other major nation," Wray told a House Appropriations subcommittee on Thursday. He noted the overall number of agency investigations into threats from Beijing has grown by 1,300% over the last decade.
U.S. officials have spent years warning about the dangers posed by Chinese state-backed hackers. Taiwanese authorities have estimated there are 20 to 40 million attempted cyberattacks every month from Beijing, which recently prompted a group of congressional lawmakers to introduce legislation to help the island nation better defend itself digitally.
In March, the U.S. publicly released the clandestine community’s assessment of a host of national security challenges and revealed that it believes the Chinese government hopes to field a military powerful enough by 2027 to stave off any U.S.-led intervention in an armed conflict over Taiwan.
That report has opened up the FBI to go beyond speaking about more immediate digital threats, such as ransomware, to more actively discussing the potential armed conflict and its impact in cyberspace.
“China's the long-term threat, but 2027 is not long-term,” she told The Record. “With that date in mind, there's the potential for a lot of different activities that could occur and some of those are cyber.”
Kaiser predicted the bureau would undertake activities similar to those it took in the months leading up to Russia’s unprovoked invasion of Ukraine — proactively sharing indicators of compromise or information about increased reconnaissance activities with the private sector and likewise kicking any intelligence from commercial entities back to federal partners.
However, she declined to say if the intelligence community would share declassified information with the general public on the scale of the run up to Moscow’s invasion, something the country’s spy chiefs have been lauded for.
“That is not the FBI's decision to make,” she said.
A ‘sea’ of concerns
In February, Kaiser told a National Association of Secretaries of State gathering that Chinese hackers are part of “a sea of things” the federal government is concerned about, CNN reported.
A few months before, Chinese operatives had scanned the IT systems of both political parties ahead of the 2022 midterms, possibly as reconnaissance for future breaches, which prompted the FBI to brief both sides.
Kaiser said the bureau would be on watch for “more active collection of information” during the 2024 presidential race, be it information about voters and candidates or internal to a political party.
Such theft “gives China a world of options,” she told The Record.
“Whether that's to tailor influence campaigns later down the road because they have a lot of information on voters, whether that's to be able to leak information or whether that's to be able to allow for follow-on operations.”
She said that while “any type of intrusion in the elections or in state government arena is worrisome,” she discounted the possibility of a potential harmful disruption because of the “redundancy” across the nation’s voting infrastructure, like paper ballots and local control of elections.
Kaiser highlighted the previously reported operation in which two Iranian nationals were eventually charged by the Justice Department for attempting to influence the 2020 presidential election.
She called the scheme a “cyber operations fueled influence designed to undermine confidence in the election and sow chaos.
“It's not to actually disrupt an election because you maybe got some information,” Kaiser said. “It's to claim more.”
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.