At this year’s Black Hat cybersecurity conference, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), drew a chilling parallel between a recent CrowdStrike Falcon update mishap and potential cyber threats from Chinese actors.
During her keynote address, Easterly described the CrowdStrike outage as a “dress rehearsal” for the disruptive capabilities that a Chinese cyberattack, specifically linked to the group known as Volt Typhoon, might have on U.S. critical infrastructure.
The CrowdStrike Falcon update, which recently caused widespread disruptions affecting millions of computers globally, was a significant incident. The faulty update led to various operational disruptions, including interrupted medical services, canceled flights, and closed retail businesses.
The CrowdStrike Outage and Potential Chinese Cyberattack
Easterly remarked that the fallout from this CrowdStrike outage provided valuable insights into what a Chinese-linked cyber operation could potentially achieve. Easterly explained, “The situation we witnessed with CrowdStrike was a useful exercise for understanding the kind of chaos that Chinese cyber operations could unleash. It demonstrated exactly the kind of impact China aims to have, except in this case, we were able to mitigate the issues by rolling back the updates and rebooting our systems.”
Volt Typhoon, a name assigned by Microsoft to suspected Chinese cyber activities, is believed to target critical infrastructure in the U.S. The group aims to embed itself within these crucial systems, not for espionage or data theft, but to prepare for disruptive or destructive attacks in the event of a significant geopolitical conflict, such as a military confrontation involving Taiwan.
Easterly highlighted the potential severity of such threats, stating, “A conflict in Asia could lead to severe attacks on American infrastructure—think pipeline explosions, water system contamination, transportation disruptions, and communication breakdowns. These operations would aim to incite panic and undermine the U.S.’s ability to mobilize effectively”, reported CyberScoop.
China’s Denials and the Need for Enhanced Cyber Resilience
Chinese officials, however, have consistently denied involvement in such activities, dismissing claims about the Volt Typhoon as part of a U.S. disinformation campaign designed to malign China. Easterly’s remarks came during a broader discussion on election security, which also featured Felicity Oswald, head of the U.K.’s National Cyber Security Centre, and Hans de Vries, Chief Operational Officer of the European Union Agency for Cybersecurity (ENISA).
The panel explored various strategies for enhancing the resilience of election systems against threats like disinformation, DDoS attacks, ransomware, and technical failures—issues exacerbated by the CrowdStrike Falcon update incident.
In a follow-up conversation with reporters, Easterly emphasized that the threat from China is multifaceted and pervasive. “Volt Typhoon’s activities target various critical infrastructure sectors, and what we’ve seen so far may be just the beginning. There is likely much more that remains undetected,” she warned.
She stressed the importance of bolstering the resilience of digital systems to better withstand such disruptions and recover more swiftly from cyber incidents. “Despite the severe impact of the CrowdStrike outage, it served as a crucial exercise—a rehearsal for the potential threats China could pose,” Easterly concluded.
As cybersecurity experts and officials convene at the Black Hat conference, the conversation around mitigating threats and enhancing system resilience remains more pertinent than ever. The CrowdStrike Falcon update incident highlights the growing risks of vulnerabilities that exist and the need for robust defenses against potential cyberattacks, especially those that could emerge from state actors like China.