House bill pitches interagency task force to counter Chinese hacking threats

Legislation being introduced Tuesday would create an interagency task force focused on countering Chinese cyber threats, according to bill text first shared with Nextgov/FCW.

The Strengthening Cyber Resilience Against State-Sponsored Threats Act led by Rep. Laurel Lee, R-Fl. orders the creation of a joint-agency task force between the FBI and the Cybersecurity and Infrastructure Security Agency within 120 days of becoming law.

The task force would coordinate efforts among federal agencies responsible for critical infrastructure protection to address cybersecurity threats from Beijing-backed hacking collectives like Volt Typhoon, a mainstay cyber threat that officials assess is burrowing into U.S. infrastructure in preparation to shutter or sabotage the systems if tensions rise over a possible Chinese invasion of Taiwan.

The CISA director would chair the task force while the FBI director would serve as its deputy. The body would be required to submit an initial report on its findings and recommendations within 540 days of establishment and provide annual follow-up reports for the next five years. 

Those reports would aim to assess cybersecurity threats to critical infrastructure, resources needed to counter such threats and the potential consequences of Chinese cyberattacks on U.S. infrastructure during a crisis or conflict. Some of those assessment briefings will be classified, the bill text says.

“It is critical that the federal government implements a focused, coordinated, and whole-of-government response to all of Beijing’s cyber threats, so no other actors succeed,” Lee said in a statement.

Beijing has previously denied involvement in these hacking activities. Its National Computer Virus Emergency Response Center in late July published a factually inaccurate paper that claimed Volt Typhoon was a made-up U.S. disinformation campaign used to hype up the nature of cyber threats coming out of Beijing.

A senior U.S. intelligence official previously said that China is eventually seeking to cause societal panic through the use of its infrastructure spelunking operations. The U.S. could change its strategy and take a more offensive approach against the groups, but it would risk crippling a tense but still peaceful relationship with Beijing, the official said.

Just last week, the FBI said that a separate China-tied hacking collective dubbed Flax Typhoon had latched onto thousands of compromised storage devices, cameras, internet routers and other devices.

Flax Typhoon’s botnet, according to a U.S. report, spanned over 260,000 malware-infected devices across North America, South America, Europe, Africa, Southeast Asia and Australia. Half of the hijacked devices were based in the U.S., said FBI director Christopher Wray.

Just Monday, local reports said that FBI and DHS officials are investigating a breach of water infrastructure in Arkansas City. The hackers’ identities are not known, but water services have not been disrupted and drinking water remains safe, the city manager said.

Chinese hackers have frequently employed “living off the land techniques” that allow them to hide inside systems and bypass detection, U.S. reports say, noting that they have breached American facilities in Guam and other vital infrastructure in U.S. facilities both inside and outside the country. The clandestine activities involve a tradecraft that’s difficult to uncover because of the group’s reliance on stolen administrator credentials that allow them to more easily mask their exploits.