At Tuesday’s hearing hosted by the House Energy and Commerce Subcommittee on Oversight and Investigations, Manny Cancel (senior vice president of the North American Electric Reliability Corporation) warned legislators about the “alarming” growing threat to the American power grid system posed by the Chinese Communist Party (CCP).
A dystopian scenario of an attack by the CCP could plunge multiple sensitive civilian and military sites into darkness. As Mr. Cancel put it, “The Chinese activities are… quite alarming.”
The Office of the Director of National Intelligence’s February report concluded that the CCP “almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure” in the case of a direct confrontation.
China is “almost certainly” capable of launching such cyberattacks, as confirmed by the May-June incidents of the Chinese-sponsored hackers infiltrating the State Department and Gina Raimondo’s Department of Commerce account. The threat assessment report also revealed that vandalism and other physical attacks against grid infrastructure spiked by 77% in 2022.
Mr. Cancel noted the Chinese hackers’ increasing sophistication and their capacity to “[gain] access to networks.” He lamented how “patient” and “stealthy” the CCP-backed hackers are as “they’re actually quite adept at obfuscating what they’re trying to do.”
He cited a declassified FBI-Cybersecurity and Infrastructure Security Agency report that Chinese hackers were able to breach the systems of 13 companies that own oil and gas pipelines between 2011 and 2013, extracting sensitive data related to operations.
The only way to protect against these alarming cyber threats is to bolster the security measures of key infrastructure, making sure businesses are properly securing their electronic data, supply chains, and other systems.
The government must also take steps to effectively regulate cybersecurity, invest in technologies designed to detect threats, and build a culture of security that encourages individuals and businesses to be proactive in protecting themselves and their data against any attempts to breach systems.