China Hacks U.S. Infrastructure Shows Why Lawmakers Should Better Protect Americans’ Data
By David B. McGarry
Officials revealed last week that a cyber entity backed by People’s Republic of China (PRC), Volt Typhoon, has targeted a wide assortment of U.S. critical infrastructure. The hacking campaign reportedly centered on U.S. Navy and other government facilities on the island of Guam.
Microsoft, which reported the breach first noted that, “the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” Additionally, “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.” While the attack’s scope and success remains unclear, Secretary of the Navy Carlos Del Toro told CNBC that the Navy “has been impacted.”
The frequency with which governments and the largest corporations succumb to hacks should give pause to lawmakers who support policy proposals that would require Americans to provide numerous websites, or even government programs, with their personal data. Proposals, such as the American Innovation and Choice Online (AICO)Act would require online marketplaces to share customers’ credit-card data with third-party vendors. The SHOP SAFE and INFORM Acts (the latter became law in December 2022) would require online sellers to reveal personal data. And, various federal and state bills that would require social-media platforms to verify the age of their users could be vulnerable to hacks.
A digital economy necessitates the creation of at least some “treasure troves” of Americans’ data. However, lawmakers ought not enact policies that exacerbate this unavoidable security risk.
This incident also serves to remind elected officials and the American public that international conflict is increasingly, a hybrid – or outright digital – affair. China’s long-running cyber campaigns against American entities represent not some aberration, the new norm. Add thereto the cybercriminals who answer to Moscow, Pyeongyang, Tehran, or hostile powers or civilian masters.
In short, the task of securing networks presents significant challenges to even the most expertly led, and expensively outfitted, professionals. As warfare, commerce, socialization, and so much else migrates to digital spaces, policymakers should avoid at (almost) all costs compromising Americans’ privacy and cybersecurity.
Published on June 7, 2023