How China's cyberespionage has changed

China is the most active and persistent cyberthreat to American critical infrastructure, but that threat has changed over the last two decades, the Cybersecurity and Infrastructure Security Agency (CISA) says.

"I do not think it is possible to design a foolproof system, but I do not think that should be the goal. The goal should be to make it very difficult to get in," Cris Thomas, sometimes known as Space Rogue, a member of L0pht Heavy Industries, said during testimony before the Governmental Affairs Committee May 19, 1998.

"Backtracking and reverse hacking is a relatively tricky area. Based upon the relatively antiquated protocols that you are dealing with, there is not a tremendous amount of information as to where things came from, just that they came," said another member of the group, Peiter Zatko, who testified under his codename, "Mudge."

Around that time, the current CISA Director, Jen Easterly, was deployed to Iraq to investigate how terrorists were using new technology.

"I actually started in the world of counterterrorism, and I was deployed to Iraq and saw how terrorists were using communications technologies for recruitment and radicalization and operationalizing improvised explosive devices," Easterly said.

At that time the U.S. government was investing in cyberwarfare. The Bush administration had ordered studies on computer network attacks, but officials eventually expressed concern over the amount of damage those attacks could cause. Instead, the U.S. moved to a more defensive posture that focused on defending against attacks.

"When I stood at the Army's first cyber Battalion and was involved in the stand-up of U.S. Cyber Command, we were very focused on nation-state adversaries," Easterly said. "Back then, China was really an espionage threat that we were focused on."

Threats from China would eventually intensify. According to the Council on Foreign Relations' cyber operations tracker, in the early 2000s, China's cyber campaigns mostly focused on spying on government agencies.

By then, China had a history of spying on U.S. innovation and using it to replicate its own infrastructure. In 2009, Chinese hackers were suspected of stealing information from Lockheed Martin's Joint Strike Fighter Program. Over the years, China has debuted fighter jets that look and operate like U.S. planes.

"China is the preeminent threat to the U.S.," Easterly said. "We are laser-focused on doing everything we can to identify Chinese activity, to eradicate it and to make sure we can defend our critical infrastructure from Chinese cyber actors."

"Now we are looking at them as a threat to do disruptive and destructive operations here in the U.S. That is really an evolution that, frankly, I was not tracking and was pretty surprised when we saw this campaign," Easterly said.

The Council on Foreign Relations Cyber Operation Tracker reveals China has frequently targeted trade operations and military operations in the South China Sea, and one of its favorite targets in the past decade has been Taiwan.

"We have seen these actors burrowing deep into our critical infrastructure," Easterly said. "It's not for espionage, it's not for data theft. It's specifically so that they can launch disruptive or destructive attacks in the event of a crisis in the Taiwan Strait."

"A war in Asia could have very real impacts on the lives of Americans. You could see pipelines blowing up, trains getting derailed, water getting polluted. It really is part of China's plan to ensure they can incite societal panic and deter our ability to marshal military might and citizen will. This is the most serious threat that I have seen in my career," Easterly said.

"At the end of the day, it is a team sport. We work very closely with our intelligence community and our military partners at U.S. Cyber Command. And we have to work together to ensure that we are leveraging the full tools across the U.S. government and, of course, working with our private sector partners," Easterly said. 

"They own the vast majority of our critical infrastructure. They are on the front lines of it. And, so, ensuring that we have very robust operational collaboration with the private sector is critical to our success in ensuring the safety and security of cyberspace."