China has been trying to find ways to gain access to critical infrastructure in the United States so that it can threaten those systems in the event of a conflict, the National Security Agency director said on Wednesday.
Gen. Timothy D. Haugh, who took the helm of the N.S.A. and the U.S. military’s Cyber Command in February, said that Beijing had stepped up its cyberefforts and that the United States, in response, was working harder to disrupt that activity.
Last year, U.S. officials uncovered an effort by China to gain access to critical infrastructure in Guam, home to U.S. military bases, and in the continental United States. Microsoft called the intrusions Volt Typhoon, after a Chinese network of hackers who often avoided using detectable malware and instead used stealthier techniques to enter wastewater systems and communication networks.
“What you see in Volt Typhoon is an example of how China has approached establishing access to put things under threat,” General Haugh said at a security conference at Vanderbilt University. “There is not a valid intelligence reason to be looking at a water treatment plant from a cyberperspective.”
General Haugh said China was securing access to critical networks ahead of a direct confrontation between the two countries. While he did not say specifically what that could involve, other American officials have said that if China gained access to critical infrastructure near military bases, it could disrupt or shut down systems to sow chaos and slow response time to a crisis in the Pacific or over Taiwan.
“They are sending a pretty clear signal of how they would use cyberspace in a crisis,” he said.
General Haugh said that Volt Typhoon was part of Beijing’s campaign to expand its global dominance. China, he said, is an “urgent military threat” and is increasing the sophistication of its cyberabilities.
Later in the conference, David E. Frederick Jr., the N.S.A.’s assistant deputy director for China, said that the People’s Liberation Army had its “longest arm” in cyberspace and was ensuring it had “attack capability” inside critical infrastructure. Overall, he said, the P.L.A. was trying to develop a modernized force to use against Taiwan by 2027.
General Haugh described it as an unfair fight. The United States had to disrupt Chinese systems inside a closed and restrictive environment. The Chinese, on the other hand, get to operate in the United States, an open society where it is far easier to get access to targets.
The People’s Republic of China, he said, was pursuing a policy of global dominance, but hoped to achieve that without a kinetic, real-world military fight, and is using cutting-edge technologies to achieve an advantage.
“We must recognize this and contest the P.R.C. below the level of armed conflict — particularly in cyber,” he said.
While General Haugh did not discuss Cyber Command’s operations inside China, he made clear that he was seeking not just to defend its own networks, but also to disrupt attacks against the United States. He spoke broadly of the military’s efforts to upset networks spreading malware and ransomware and conduct operations aimed at “causing loss of trust within the adversary’s cyberecosystem.”
“China is pursuing deliberate campaigns to gain advantage in every aspect of national power,” General Haugh said. “The threat posed by China is real — the P.R.C. has the desire and ability that make themselves our peer on the world stage.”
Adam Goldman contributed reporting.