White House: Threats to critical infrastructure are 'severe'

SAN FRANCISCO -- During an RSA Conference 2024 keynote on Tuesday, White House representatives warned that the threat to critical infrastructure organizations is "severe" and persistent, particularly from Chinese nation-state threat actors.

Harry Coker, Jr., national cyber director at the White House, and Sue Gordon, former principal deputy director of national intelligence, presented the session titled " The State of our Cyber is Strong: The View from the White House." Coker and Gordon discussed Tuesday's release of the White House's second version of the National Cybersecurity Strategy implementation and provided an update on its progress.

The White House released version one of the strategy last year and one of the top pillars helped to address evolving risks against critical infrastructure. Over the past year, the government updated and implemented new requirements intended to protect those organizations such as the U.S. Security and Exchange Commission's four-day reporting rule. However, the risks have not only continued but worsened.

Nation-state threat groups, particularly those aligned with China, aren't conducting attacks against critical infrastructure solely for cyberespionage purposes, financial gain or intelligence gathering anymore, Coker warned. Their motivations are broader and more dangerous.

"The days of physical threats to our critical infrastructure are long gone. The cyber threats to critical infrastructure are severe and not going away," he said during the session.

One prime example of these "severe" threats revolves around the Chinese nation-state actor Microsoft tracks as Volt Typhoon. Coker highlighted a Jan. 31 hearing with the FBI, CISA and National Security Agency where he provided testimony about the threat posed by China to U.S. critical infrastructure.

During the hearing, U.S. agencies detailed how they disrupted a botnet campaign by Volt Typhoon where threat actors compromised hundreds of U.S.-based SOHO routers as part of a wider campaign against U.S. critical infrastructure organizations. They also revealed that Volt Typhoon hid in victim's IT networks and maintained access to some critical infrastructure organizations for at least five years.

During her hearing testimony, CISA director Jen Easterly emphasized Volt Typhoon actors intended to use that access for disruptive and destructive attacks in case of a conflict with the U.S. Coker echoed that sentiment during Tuesday's RSA Conference 2024 keynote.

"It was great to have that hearing because the American public and international public need to understand we are under unacceptable risk posed by malicious actors with regards to our critical infrastructure," he said.

Another RSA Conference 2024 session on Monday, which featured officials from other U.S. agencies, confirmed Volt Typhoon intrusions are ongoing. Coker urged each of the sector's risk agencies to have the cyber resources, personnel and expertise to work with the owners and operators of critical infrastructure. He stressed that he's confident the government is engaged in the right partnerships to help combat threats moving forward.

However, Coker said there is still plenty of work to accomplish, noting that some private sector organizations "look at cybersecurity as an inconvenience as opposed to an imperative."

He cited a recent workforce meeting held at the White House as an example of how cybersecurity is affecting an array of critical industries, including transportation, food and agriculture, education, and manufacturing.

Coker expanded on the persistent threat against the education sector in particular. To combat the disruptive attacks that threaten sensitive information and lead to school closures, Coker said the White House requested that K-12 school districts transition from .com or .org domains to .gov where "security is afforded to them." CISA was a strong operational partner lead in that area, he said.