News U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan

[Admin]

The U.S. government has uncovered a Chinese hacking campaign targeting Guam's critical infrastructure, according to Bloomberg.

U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan : Read more

 

[bit_user]

the decentralized nature of Guam's infrastructure, managed largely by private entities, complicates coordinated defenses. This makes things challenging, as do local resistance and mistrust delaying comprehensive security measures.

In one example of mistrust, GPA declined offers from Google-owned Mandiant for network monitoring, citing concerns about external oversight. Furthermore, rival telecom companies in Guam are wary of publicizing their vulnerabilities, so they resisted collaboration during a 2024 congressional visit, according to the Bloomberg report.

In broad terms, the solution seems reasonably straight-forward. To win or renew a contract as a service provider for the military, require they subject themselves to monitoring and auditing by an approved partner. If they refuse and no alternate providers exist (or also refuse), then the military needs to build its own power generation and communications infrastructure at that location. It'd be an expensive way to go, but better than the alternative. 9 times out of 10, I'll bet the private sector supplier would agree, especially if they're convinced they'd lose the business otherwise.

 

[Hooda Thunkett]

In broad terms, the solution seems reasonably straight-forward. To win or renew a contract as a service provider for the military, require they subject themselves to monitoring and auditing by an approved partner. If they refuse and no alternate providers exist (or also refuse), then the military needs to build its own power generation and communications infrastructure at that location. It'd be an expensive way to go, but better than the alternative. 9 times out of 10, I'll bet the private sector supplier would agree, especially if they're convinced they'd lose the business otherwise.

I would call this the bare minimum. Personally, I feel that not reporting a breach, not cooperating in the investigation, and not allowing security monitoring, should not be legal even for companies that only serve civilians, and should be punishable with a prison sentence of 1-5 years for the CEO and Security Officer of the company. Why? Because shutting down the power, water, or communications in civilian areas that don't directly affect the military can cause problems they have to address, like being able to contact the troops that aren't on the base, or if there's an infrastructure failure during a natural disaster the military will be expected to be the first responders, keeping them from responding to a military threat at the same time.
Even if there isn't a direct threat to base infrastructure, such as cutting off base power or water, having an adversary controlling infrastructure could still be a huge threat to a military base. Imagine an adversary opening the flood gates on a dam above a base during a flood.
Corporations do not take security nearly seriously enough, and it's well past time they started to. If they won't until there's a threat of prison, so be it.

 

[time_lord]

The US education system is so full of BS. The general population is so badly lacking in knowledge of science, it is scary. Through lax security, the USA has given away all its secrets to China, Russia etc.

 

[derekullo]

The US education system is so full of BS. The general population is so badly lacking in knowledge of science, it is scary. Through lax security, the USA has given away all its secrets to China, Russia etc.

If the US education system is so full of BS then why is China/Russia trying to steal their secrets?

That's like knowingly cheating off the failing kid in class?

 

[rluker5]

Cheaper and more effective to support Intel instead of it's beleaguered overseas competitor if what you are looking for is a secure source for chip fabs. That is what Taiwan would do if they were in our situation.

 

[ThatMouse]

I wish they would provide more info and evidence of "hacking" because the US calls just trying to guess a password "hacking" but considering how bad most security is that's usually all it takes.

 

[Ktbpylon]

"The U.S. government has uncovered a Chinese hacking campaign targeting Guam's critical infrastructure"

If I'm wrong, please correct me - it wouldn't be the first time. But wouldn't this be considered an act of war? State sponsored cyber attacks on US infrastructure? Or is it not state sponsored/more muddy than that?

 

[bit_user]

I wish they would provide more info and evidence of "hacking" because the US calls just trying to guess a password "hacking" but considering how bad most security is that's usually all it takes.

If you read the article, they're talking about finding malware that's already resident on systems used for the infrastructure in question. Not only that, but they name the specific malware.

If I'm wrong, please correct me - it wouldn't be the first time. But wouldn't this be considered an act of war?

The most tricky thing about cyber warfare is the matter of attribution. Combined with the lack of any real damage that has so far been done, it'd be hard to call this an act of war. Perhaps it better fits the category of espionage, at least for the time being.

Treating it as an act of war could lead to an escalatory spiral that can easily get out of hand, so a measured response seems prudent.

 

[ThatMouse]

If you read the article, they're talking about finding malware that's already resident on systems used for the infrastructure in question. Not only that, but they name the specific malware.


The most tricky thing about cyber warfare is the matter of attribution. Combined with the lack of any real damage that has so far been done, it'd be hard to call this an act of war. Perhaps it better fits the category of espionage, at least for the time being.

Treating it as an act of war could lead to an escalatory spiral that can easily get out of hand, so a measured response seems prudent.

Right it is measured for sure, but the US is responding so I hear. It just doesn't make headlines. The tiktok ban for example is not the response, but sort of the political outcome, because congress knows what's up.