China deep in US networks? 'They're preparing for war,' HR McMaster to lawmakers

Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.

"Why is China on our systems? Because I think they're preparing for war," McMaster told lawmakers during the US House of Representatives Committee on Homeland Security field hearing.

McMaster served as national security advisor to President Donald Trump from February 2017 to April 2018 and is now a senior fellow at Stanford's policy think tank, the Hoover Institution. He, alongside tech execs from Google and Palo Alto Networks, testified before the committee on Wednesday night during the offsite hearing at Stanford.

"The Chinese Communist Party is preparing for war in a number of ways," McMaster said, citing a 44-fold increase in China's defense spending since 2000 and its ongoing weapons-systems development. 

"We can connect what we've seen with Volt Typhoon to a broader range of threats, including the massive buildup of their nuclear forces, about a 400 percent increase," McMaster added. "I know it may seem extreme to say this, but I believe that China is developing a first-strike nuclear capability against us, because why else would you want to cripple all of [America's] critical infrastructure, including communications infrastructure."

Also to this point: McMaster cited the Chinese spy balloons used for high-altitude surveillance, and described this as part of Beijing's "pattern of intelligence collection."

"The balloon intelligence collection was really aimed at communications intelligence that could only be picked up at that altitude, and that was communications intelligence associated with our strategic forces," he said.

Palo Alto Networks Chief Security Intelligence Officer Wendi Whitmore also testified before the committee, and told lawmakers that "what we see is very concerning. As recent campaigns like Salt and Volt Typhoon have reinforced, our cyber adversaries — China, Russia, Iran, North Korea — are more active and aggressive than ever."

In written comments submitted to the committee, Whitmore said that her company blocks as many as 31 billion cyberattacks on a daily basis, and up to 9 million of these every day are new, never-before-seen attack methods.

Whitmore previously served as a special agent conducting computer crime investigations for the US Air Force.

The Register caught up with Whitmore after the hearing, and asked her about McMaster's claim that China is preparing for war.

"It's something that every American and certainly every government and military official should be concerned about," she told The Register, citing the Chinese government's Typhoon intrusions.

"You're seeing more, deeper embedding into critical infrastructure, telecommunication systems," Whitmore said. "It raises concerns, and certainly any of the cyber professionals you know share those concerns."

• China now America's number one cyber threat – US must get up to speed
• Chinese snoops tried to break into US city utilities, says Talos
• Ex-CISA employee: 'This culture of fear started permeating the agency'
• This is the FBI, open up. China's Volt Typhoon is on your network

Many security experts believe public-private information sharing efforts can help address these concerns, and Whitmore told lawmakers that Palo Alto Networks supports Representative Eric Swalwell's proposal to codify CISA's Joint Cyber Defense Collaborative (JCDC) into law. Whitmore said this legislation would "further put wind in the sails of the JCDC's mission."

Whitmore added to The Register that this partnership needs to be a two-way street.

"The challenge with a big organization," like the federal government, "is making sure they can move as rapidly as needed," she said. 

"Oftentimes that relates to: we've got to get a lot of approvals. We've got to go through particular processes," Whitmore continued. "Those checks and balances are in place for good reasons, but I think that that's an area where we can continue to look at: How can we both move faster?"

A major cybersecurity attack — or any type of national crisis — "is going to be an all-hands-on-deck situation," she said. "That's going to mean leveraging public entities, but certainly also private organizations as well. That's why these partnerships are so important. It gives us the opportunity to build those relationships in advance." ®