China Disruptive Cyber Capabilities Likely Focus on Five Critical Infrastructure Sectors

The People’s Republic of China (PRC) is likely prioritizing disruptive cyber capabilities against five key U.S. critical infrastructure sectors: Energy, Water and Wastewater systems, Communications, Transportation systems, and Financial services.

In the energy sector, the PRC has been collecting data on U.S. energy infrastructure for over a decade and launched intrusion campaigns against oil and gas pipelines. The nation state also trained their military to target power grids, creating “cyber ranges” for practice.

Water and wastewater systems are another priority for the PRC due to their identification as critical to national security. Expert testimony suggest the PRC has military plans and training against these systems. In 2021, an unattributed campaign targeted a New England state water utility, compromising its network. The campaign resulted in an unsuspecting employee downloading a malicious PRC-owned web browser, ultimately compromising the water sector agency’s network, as reported by the Department of Homeland Security. The water and wastewater systems are highly reliant on Industrial Control Systems and Supervisory Control and Data Acquisition Systems. The unique nature of more than 148,000 local water systems, coupled with their complex sensor and alarm systems, makes executing wide-scale simultaneous cyber attacks inherently challenging. Successful attacks against this sector, leading to an interruption in clean drinking water or waste water services, could have significant consequences for various entities and functions, including hospitals, homes, agriculture, animal livestock, chemical production, and other sectors intolerant of clean water supply shortages.

In the communications sector, the PRC has a history of targeting US and global telecommunications and network service providers for espionage. The state has compromised a broad network of communication infrastructure in the United States, including small and home office routers. In 2023, PRC actors used stolen credentials, routers, and stealthy techniques to target the communication sector networks.

The Transportation systems sector, is of keen interest to PRC actors. Recent actions indicate their focus on the transportation sector as a prime target for cyber attacks, and the People Liberation Army has openly identified the sector as a key target. In 2021, PRC affiliated actors compromised the network of New York’s Metropolitan Transportation Authority, as reported by press sources. These incidents underscore the real-world impact of such attacks on critical transportation infrastructure.

Lastly, the financial services sector is viewed as both a strategic cyberwarfare target and vital to protecting the PRC’s national security. PRC actors targeted Taiwan’s financial services sector with the intent to steal data and disrupt economic growth. This sector’s critical role in supporting other industries makes it a prime target for PRC cyber operations.

Security Officer Comments:
The People’s Republic of China is targeting critical sectors, including energy, water, communications, transportation, and financial services. Their activities in these areas, such as intrusions and training, highlight the potential for disruptive cyber attacks. Understanding the interdependencies of these sectors is essential for assessing the broad consequences such attacks could have on critical infrastructure and national security.

Suggested Correction(s):
Mitigating the risk of disruptive cyber attacks is an ongoing effort that requires collaboration, vigilance, and adaption to evolving threats. It’s crucial for governments and private sector entities to work together to protect critical infrastructure and national security.

PDF: 23-0183 DHS – China Disruptive Cyber Capabilities Likely Focus on Five Critical Infrastructure Sectors – 10Oct23 (U-FOUO)