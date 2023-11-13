As military conflicts cause devastating real-world harm in the physical realm, the governments of Ukraine and Israel are battling escalating cyber harms from nation-state and non-state threat actors. Against this backdrop, the US government is increasingly alarmed about China and its capabilities of slipping into active cyberwarfare mode.

At this year’s Cyberwarcon, top government and industry experts gathered to examine the complex, multi-theater arenas in which known and emerging cyberattacks and digital threats are arising amid unpredictable wartime conflicts. Emerging from these talks are signs of Russian cyber aggression growing more destructive, a still-fluid landscape of disinformation and digital disruption in the Middle East, and the prospect that the ongoing and hard-to-spot infiltration of US critical infrastructure by Chinese hackers could be laying the groundwork for dangerous actions ahead.

China’s capacity for destructive threats looms large

Although China is best known for using its vast cyber skills to engage in intellectual property theft and espionage, it’s not comforting that a Chinese law passed in 2021 forces tech companies operating in the country to report the discovery of hackable flaws to a National Vulnerability Database within 48 hours of their discovery before a patch is available. The new law comes with a host of restrictions on what security researchers can say about the flaws they discover, likely leading to a secret stockpile of zero-day flaws that can be shared with China’s Ministry of State Security, which oversees the country’s state-sponsored hacking operations.

Speaking at Cyberwarcon, Dakota Cary, a nonresident fellow at the Atlantic Council’s Global China Hub, and Kristin Del Rosso, public sector field CTO for Sophos, walked through their research on the functioning and implications of the new flaw. “I think a few people are starting to understand the severity of this,” Del Rosso said.

This zero-day stockpiling has led to “an uptick in the amount of Chinese use of zero-day vulnerabilities to get into US critical infrastructure,” Morgan M. Adamski, director of NSA’s Cybersecurity Collaboration Center, said at the event. In urging the industry to collaborate with her agency on China, Adamski warned that “the PRC has significant resources. The US government has come out and said that their resources outnumber the US and all of our allies combined.”

China’s ability to evade detection and attribution is a critical factor in why the US government has stepped up its efforts to educate the industry about the cyber dangers China poses. “One of the main concerns that we have is that the PRC continues to use US domesticated infrastructure to hide their activities and evade detection by government and industry,” Adamski said. “They’re using a large number of covert infrastructure and networks to gain access into US critical infrastructure.”