Insight

Recent reporting about Volt Typhoon activity, thought to be China’s PLA Southern Theater Command, around US critical infrastructure on Guam and elsewhere in the US raises hard questions: why are those systems targeted and what can be expected?

Ask 10 different China experts about the chances of war over Taiwan and you’ll get seven different answers. Ask those same analysts about how conflict might happen and the disparity in conclusions begins to shrink. Military doctrine, public statements, and military exercises all provide valuable insights into what actions China could take in a crisis. Reports of Volt Typhoon’s “Living Off the Land” cyber activity against critical infrastructure on Guam are another piece of data experts can use to determine likely scenarios.

China expert Devin Thorne explains in his analysis of China’s Science of Military Strategy 2020, a semi-regular published work from the PRC’s military academics, that China will use cyber effects on civilian systems and critical infrastructure to deter the United States from engagement in a Taiwan crisis. We think Thorne’s analysis is spot on.

For businesses who fall into critical infrastructure, like airlines, utilities, hospitals, and financial services, the how of China’s potential actions is critical. The preposition of access, but not malware, on Guam gives a good indication.

What can you find?

Access to critical infrastructure’s networks is all China’s military needs to act on a moments notice. Rather than preposition their malware on networks that could be found, analyzed, and defended against, operators just need an open door through which they can drop an eventual payload—or better yet, take action without ever introducing new binaries. These living off the land campaigns offer more stealth than your standard vuln exploitation + payload = action on objectives operations, making them a favored tool for operators who may one day have to possess a capability.

Living off the land (LOTL) attacks are not new. Effectively countering them requires the fundamentals of your security program to be in place, and functioning. Ensure up-to-date system patching, restricting access, and diligent logging provides defenders with the necessary tools to spot such threats. Instead of relying on Indicators of Compromise (IOCs), introducing a behavioral analysis approach to detections can underscore unusual system behavior, signaling the need for deeper scrutiny. It was through this type of analysis that the US Department of State recently pinpointed a cyberattack from China within their Microsoft 365 environment.

KSG has helped a number of clients execute such LOTL campaign hunts—and prepared even more to set up their networks to be able hunt for such activity. Many organizations are not yet in a place to search for such activity, despite falling into China’s crosshairs for cyber coercion.

For more information or assistance on these issues, please reach out to intel@ks.group.

Forwarded this ExecBrief by a friend? Click below to sign up for our weekly dispatch.

Global Scan

Geopolitics

1. China’s Foreign Investment Hits a 25-Year Low: The slump in a key metric—direct investment liabilities—has sparked fears that geopolitical tensions and a waning post-pandemic recovery has chilled confidence in the market. Overseas firms have meanwhile seen profits fall at double-digit rates amid subdued consumer demand in the country.

2. Great-Power Lunar Race Heats Up: The Russian state space agency has launched the country's first lunar mission in nearly 50 years, as part of a gambit to establish an outpost on the moon and demonstrate capability to China. US, EU, and Canadian astronauts are meanwhile slated under the Artemis program to land on the moon in late 2020s.

3. Taiwanese Chipmaker TSMC Announces First European Plant: The company committed €3.5 billion for a new production plant, as the EU aims for 20% market share in global semiconductors (from 9 percent currently). TSMC will follow Intel, Infineon, and Wolfspeed in establishing new manufacturing footprints in Germany.

Cybersecurity

1. CISA, Partners Release 2022 List of Top Routinely Exploited Vulnerabilities: The advisory, released in collaboration with Western and US interagency counterparts, urges all organizations to review and implement its detailed mitigations. It also provides vendors and designers recommendations to reduce vulnerabilities in their products.

2. NIST Issues Draft Cybersecurity Framework 2.0: The draft incorporates industry feedback to provide expanded guidance for organizations of all sizes, instead of focusing primarily on guidance for critical infrastructure. It also provides additional specific guidance for small firms.

3. UK Elections Watchdog Acknowledges Major Cyber Breach: The August 2021 hack—first detected last October and publicly confirmed this week—allowed hackers to access electoral registers containing names and addresses of registered voters since 2014. The Electoral Commission claims little risk to electoral outcomes.

Strategic and Emerging Technology

1. Liquid Metal Battery Poised to Be On-Grid by 2024: A calcium-antimony alloy promises to resist capacity fade, making it attractive as a replacement for diesel backup generators. Meanwhile, installation of a 300-kWh grid system in Colorado begins early next year.

2. US Scientists Replicate Nuclear Fusion Breakthrough: Researchers at Livermore Labs repeated the December 2022 feat, generating “ignition”—yielding more energy than was put into it—for the second time in history. They noted, however, a feasible alternative energy source is likely decades away.

3. Cal-Tech Researchers Demonstrate Wireless Power Transmission: A prototype launched into orbit in January beamed detectable power to earth for the first time—ruling out the need for expensive rigid structures in space. “We are doing it with flexible lightweight structures and with our own integrated circuits. This is a first.”

Policy/Regulation

1. White House Releases Outbound Investment Screening Order: The program combines targeted prohibitions and mandatory notifications for investments in Chinese quantum, artificial intelligence (AI), and semiconductor technologies. The EU is reportedly considering its own equivalent measure, with an update due in December.

2. US Intelligence Agencies Take Steps to Protect Commercial Satellites: Military and civilian agencies have developed a framework focused on sharing threat information with the commercial sector, establishing a process to investigate and respond to anomalies, and coordinating plans for data collection.

3. Rules to Keep AI in Check: Nations Carve Different Paths for Tech Regulation: The US, EU, and China are charting unique courses: hands-off, precautionary, and tightly controlled, respectively. All of them are trying to work out to what degree regulation is necessary, as existing laws might already address some AI risks.

Bookmarks

1. Lawfare: Will the New EU-US Data Privacy Framework Pass Judicial Scrutiny?

2. Atlantic Council: A new White House order is taking aim at investment in Chinese tech. How will it actually work?