Intel officials warn about Russia and China plans for cyberattacks on US infrastructure

WASHINGTON (TND) – Top intelligence officials briefed a Thursday Senate panel on what they consider the biggest threats to the United States. At the top of their list were cyberattacks from foreign adversaries.

Director of National Intelligence Avril Haines told the Senate Armed Services Committee it is “one of our most pernicious transnational threats” with Russia and China at the forefront.

Haines said in the past year, global ransomware attacks have increased as much as 74%. American entities–particularly in the healthcare sector–have been top targets. The UnitedHealth Group hack in February disrupted payments and claims systems nationwide.

But it’s the nation’s critical infrastructure, like water systems, agriculture, energy, and transportation that the Intelligence Community fears will be prime targets for cyberattacks carried out by, or on behalf of a nation-state if the U.S. is drawn into a direct conflict.

Although the likelihood of any single attack having a widespread effect on interrupting critical services remains low, the increased number of attacks and the actors’ willingness to access and manipulate these control systems increases the collective odds that at least one could have a more significant impact,” Haines said.

However, Haines said, adversaries understand their own vulnerabilities and are unlikely to launch a disruptive attack unless they’re at war.

“These actors put a premium on preparing offensive capability basically during peacetime in part by preemptively planting footholds in our infrastructure,” Haines said. “What we see is both China and Russia effectively trying to preposition themselves in ways that would allow them to conduct those kinds of attacks.”

Russia and China have each previously denied involvement in cyberattacks.

Intelligence officials said the first line of defense is private companies locking their “digital doors.” The Cybersecurity and Infrastructure Security Agency offers guidance for organizations that includes steps to prevent, detect and respond to a cyber intrusion.

“In virtually all of the attacks we’ve seen against U.S. critical infrastructure, cyber actors took advantage of default or weak passwords, unpatched known vulnerabilities, and poorly secured network connections to launch relatively simple attacks,” Haines said.