Five Eyes Agencies Urge Critical Infrastructure to Take Volt Typhoon Threat Seriously
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and other U.S. and international partners have issued a joint fact sheet warning critical infrastructure entities to take the threat of attacks by Chinese state-sponsored actors seriously. The warning follows on from a February 2024 cybersecurity alert about an advanced persistent threat group known as Volt Typhoon, which was discovered to have embedded itself in the networks of many critical infrastructure entities, including transportation, energy, communications, and water and wastewater systems. The intrusions are believed to be strategic, with the threat actors maintaining persistent access to potentially disrupt or destroy critical services in the event of increased geopolitical tension or military conflicts.
Volt Typhoon uses living-of-the-land techniques rather than malware to maintain access to compromised networks and conduct its activities to evade detection. The extent of the compromises has yet to be determined but they could be extensive. Many critical infrastructure entities have had systems compromised and efforts are ongoing to ensure the threat actors are removed from those systems.
The fact sheet provides leaders of critical infrastructure entities with guidance to help them prioritize the protection of critical infrastructure and functions. The issuing agencies urge leaders to recognize cyber risk as a core business risk, which is essential for good governance and national security. Leaders should empower cybersecurity teams to make informed resourcing decisions to better detect and defend against Volt Typhoon intrusions and malicious cyber activities, such as implementing cybersecurity performance goals. Cybersecurity teams should also be empowered to effectively apply detection and hardening best practices, the staff should receive continuous cybersecurity training and skill development, and organizations should develop and test comprehensive information security plans and drive a cybersecurity culture in their organization.
Leaders have also been advised to secure their supply chains by establishing strong vendor risk management processes, exercising due diligence, selecting vendors that adhere to secure-by-design principles, ensuring vendors have patching plans, and limiting usage of any product that breaks the principle of least privilege.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
