National cyber director warns of ransomware, Chinese infrastructure attacks and cyber supply chain concerns

One of the top cybersecurity officials in the U.S. said Wednesday that he was especially concerned with Chinese infiltration of the country’s critical infrastructure, as well as software supply chain risks and the continued expansion of ransomware.

Although there have been several recent disclosures about Beijing-linked hacking campaigns, National Cyber Director Harry Coker led with concerns about Volt Typhoon, a Chinese cyber operation to embed backdoors in U.S. critical infrastructure and potentially take destructive action in the event of an invasion of Taiwan.

“Nations spy — it's a fact of life, we have to deal with that. This is not about traditional espionage. It is not about financial gain. It is about the ability to disable and destroy America's ability to mobilize if the current competitive phase transitions into crisis, and then, even worse, conflict,” he said. 

Coker, who took over the key Biden administration position less than a year ago, spoke at Recorded Future’s Predict cyber intelligence conference in Washington, D.C. (The Record is an editorially independent unit of Recorded Future).

U.S. agencies have led a whole-of-government effort to root out Chinese access gained through the Volt Typhoon effort, but in recent weeks officials have warned of a new operation dubbed Salt Typhoon.

The Wall Street Journal published articles in September outlining discoveries by U.S. law enforcement agencies showing Salt Typhoon actors had breached “a handful of U.S. internet-service providers.” 

Over the weekend, the same outlet reported that Chinese actors broke into systems specifically created by U.S. broadband providers like Verizon, AT&T and Lumen Technologies to facilitate wiretapping requests used by the federal government. 

The hackers allegedly had access to the systems for months, intaking troves of information from U.S. citizens, businesses and more. Although Coker didn't discuss the campaign, the National Security Agency has acknowledged it is investigating the incident.

Supply chains and ransomware

Coker noted that he was speaking to the National Governors Association when he heard news of the Israeli military operation that saw thousands of pagers issued to members of the Lebanese armed group Hezbollah explode all at once. 

That kind of attack highlighted larger concerns Coker has about the cybersecurity of the software supply chain, where there have been several incidents involving malicious infiltration. 

“Imagine on the supply chain side for cybersecurity. In all likelihood, we would not have the visual impact [of the Hezbollah attack] at that moment. But we should never rest easy on that. We have to take supply chain security seriously early and throughout the process,” he said.

Coker listed off several other concerns — the proliferation of spyware, the use of memory safe languages in product creation, AI and Border Gateway Protocol issues — that his office is hard at work addressing.

But he spoke at length about cybercrime and the expansion of ransomware attacks, which he said doubled last year. 

One of the key ways the U.S. is trying to deal with ransomware is by organizing a coalition of countries to help limit the amount of safe havens cybercriminals have to launch the attacks from. 

“We have to use all the tools in our nation’s and our allies' toolkit to combat cybercrime. That's a point that we consistently make to our allies. This is not a U.S. problem,” he said. 

“Oftentimes, some of our allies say it's a Western problem, it's a capitalism problem, it's America's challenge. Well, no, this is a global challenge, and no one should think that they can't be touched or that they're not touched already.”

He noted that last week, the National Security Council hosted the fourth Counter Ransomware Initiative summit where 68 nations participated, a marked increase from the 30 that initially participated in 2021. 

A joint statement from the summit committed each country to several anti-ransomware tactics, including pursuing ransomware actors, not allowing safe haven for these actors to operate and more.

Coker also said U.S. Cyber Ambassador Nate Fick has been hard at work building ties between countries on strategizing around the concept of “digital solidarity” and more stringent cyber international norms. 

“His strategy talks about how like-minded nations work to deter not just the cybercriminals, but those that shepherd the criminals, from no longer being a part of the ransomware schemes that they're a part of right now by allowing safe havens,” he said. 

“We still have to work through the Counter Ransomware Initiative, work on digital solidarity, and we have to leverage every tool in our nation's bag to deter the cybercriminals and those that cause harm.”