NEW: House Homeland Releases “Cyber Threat Snapshot” Highlighting Rising Threats to US Networks, Critical Infrastructure

WASHINGTON, D.C. -- The House Committee on Homeland Security has released a new "Cyber Threat Snapshot " examining growing threats posed by malign nation-states and criminal networks to the homeland and the data of Americans.

"As China and Iran's pre-election intrusions into campaign networks show, cyberspace is increasingly becoming the battlefield on which America's adversaries seek to undermine our sovereignty and threaten the services that Americans depend on. The Chinese Communist Party's exploitation of vulnerabilities in major internet service providers is just the newest alarm to sound as Beijing, Tehran, and Moscow work to gain strategic advantages through cyber espionage, manipulation, and destruction," Chairman Mark E. Green, MD said. "We must remain vigilant in mitigating risks to our networks across sectors from both nation-state and opportunistic criminals, from the energy and healthcare sectors to the telecommunications infrastructure that connects us all. This Critical Infrastructure Security and Resilience Month, it's important to remember that the public and private sectors have a vital partnership in this mission. The Committee is dedicated to fostering that collective defense when our country needs it most."

Since the infamous SolarWinds intrusion in 2020 and the Colonial Pipeline intrusion in 2021, malign nation-states and opportunistic cybercriminal networks have only increased their exploitation of vulnerabilities in both public and private sector networks for the purpose of ransomware, espionage, disruption, and strategic pre-positioning. Unfortunately, cyberattacks on critical infrastructure increased 30 percent globally last year.
While our adversaries are sophisticated, one in 10 intrusions in 2023 were due to improper credentials access, with spear-phishing ranking as the second-most common attack vector for threat actors, according to the Cybersecurity and Infrastructure Security Agency (CISA). This reminds us that our cyber adversaries do not always need sophisticated technology to attack our networks-they merely need the right information and patience.

To undermine U.S. sovereignty, Iranian hackers used spear-phishing to target campaign networks and government officials; China allegedly backed hacking group Salt Typhoon to infiltrate candidates' phones; and Russia used a botnet to target social media feeds in an effort to spread their malign influence.

The Storm-0558 intrusion into the Microsoft Exchange accounts of high-level U.S. officials and government agencies last year not only revealed the intentions of America's adversaries, but also highlighted the importance of the public-private sector partnership. The cascading impacts of cyber insecurity are rarely ever isolated to one sector, industry, or agency. In fact, government agencies were the third-most targeted sector for ransomware attacks in 2023.

From Iran-backed intrusions into our water sector and the targeting of satellites to the Chinese Communist Party-affiliated 'Typhoon' intrusions into numerous facets of our critical infrastructure, nation-states see the dangerous value in disrupting, manipulating, or surveilling the operational and information technology that supports the daily lives of Americans.

Cyber insecurity also impacts the health and wellness of Americans, as cybercriminals increasingly target hospitals and other healthcare entities for ransom. The intrusions into the Ascension Health hospital system and Change Healthcare, a UnitedHealth subsidiary, showcase the damage that can be done to patient care and privacy when the IT that is foundational to emergency response is undermined by cyber criminals.

Aside from just criminal networks, nation-state actors like North Korea have also targeted the healthcare sector as a lucrative way to finance its malign activities. Tragically, one in three Americans were affected by healthcare data breaches last year. Ransomware attacks across sectors increased more than 70 percent from 2022 to 2023, according to CISA. All of these incidents must put us on high alert and remind us to be as proactive as possible in ensuring the resilience of our federal civilian and private networks from malign actors.

To combat these threats, the Committee has advanced legislation to address the cyber workforce gap, protect our maritime ports from foreign cyber adversaries, and ensure a whole-of-government effort to combat cyber threats from China.

Chairman Green's "Cyber PIVOTT Act" increases the accessibility of cyber training and education by establishing a new full-scholarship program for two-year degrees at community colleges and technical schools, which are granted in exchange for required government service. Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-FL) introduced the "Identifying Adversarial Threats at Our Ports Act" to determine if cybersecurity vulnerabilities exist with respect to certain foreign cranes in use at U.S. ports. Representative Laurel Lee (R-FL), vice chair of the Subcommittee on Cybersecurity and Infrastructure Protection, introduced the "Strengthening Cyber Resilience Against State-Sponsored Threats Act" to establish an interagency task force and require a comprehensive report on the targeting of U.S. critical infrastructure by People's Republic of China state-sponsored cyber actors. All three of these bills were advanced by the Committee in a September markup.

###