Ports face a heightened risk of Chinese espionage that could lead to sabotage and shutdowns, a new infrastructure security risk assessment from the Department of Homeland Security warns.
The Homeland Threat Assessment 2024 from DHS’ Office of Intelligence and Analysis has sections on public safety and security including terrorism, illegal drugs, malinformation and mis/disinformation, and transnational repression; border and immigration security including migration and watchlist encounter trends and transnational criminal organizations; critical infrastructure security including disruptive and destructive attacks as well as espionage against critical infrastructure; and threats to economic security including economic manipulation and malign influence, economic espionage, and financially motivated cyber attacks.
“In addition to targeting US critical infrastructure for destructive and disruptive attacks, adversaries continue to use cyber and physical espionage tactics to access and steal sensitive information from US critical infrastructure networks,” the HTA said. “Such information enables pre-positioning for future attacks, gaining insight into our attack response capabilities, and exfiltrating sensitive data for criminal profit or follow‑on intelligence activities. Techniques include the use of AI‑generative software programs to enhance social engineering tactics, which trick targeted individuals into disclosing sensitive information or clicking on malicious web links, for intelligence collection.”
The assessment predicts that cyber spies affiliated with the Russian government “likely will remain a persistent threat to federal, state, and local governments, as well as entities in the defense, energy, nuclear, aviation, transportation, healthcare, education, media, and telecommunications industries.”
“Chinese government cyber actors likely will continue to target key critical infrastructure sectors in the United States, including healthcare and public health, financial services, the defense industrial base, government facilities, and communications,” the HTA continues. “Beijing’s expansion of maritime logistics capabilities and the use of commercial Chinese logistics technologies increase the risk of espionage and potential disruption operations at ports.”
Cyber actors associated with the Iranian government “continue to employ social engineering tactics, utilize easily accessible scanning and computer hacking tools, and exploit publicly known software and hardware vulnerabilities to conduct cyber espionage against US critical infrastructure entities,” the assessment adds.
The economic manipulation part of the report notes that Beijing “almost certainly will continue to use economic coercion as retaliation for perceived political or military challenges to its interests,” including “trade restrictions, public boycotts, and arbitrary, sometimes undeclared ‘administrative discrimination’ procedures to block select US companies and investors from accessing China’s markets.”
China’s “control and manipulation of critical supply chains,” with export control measures on gallium and germanium cited as an example, “will remain an economic security threat to the Homeland.”
The assessment also warns of the risk for economic espionage — “largely through cyber intrusions that target confidential US business information, including trade secrets, technical data, and other proprietary information” — and Beijing likely to “use its opaque and discretionary administrative licensing processes to force technology transfers in exchange for business approvals.”
The report also highlights port security as one of the “impacts of climate change and natural disasters” posing “acute and systemic threats to the United States, often converging with more traditional national security threats.”
“Wildfires, drought, heavy precipitation, and other extreme weather events increase risks to our supply chains and have the potential to impact the availability of goods and services, generating cascading economic effects,” the HTA says. “Intensified storms and extreme seasonal weather will continue to disrupt maritime shipping routes and threaten port infrastructure, including at strategic chokepoints like the Panama Canal.”
The infrastructure security section of the HTA notes that domestic violent extremists “increasingly called for physical attacks on critical infrastructure this year” as “a means to advance their ideologies and achieve their sociopolitical goals.”
“DVEs, particularly RMVEs promoting accelerationism—an ideology that seeks to destabilize society and trigger a race war—have encouraged mobilization against lifeline and other critical functions, including attacks against the energy, communications, and public health sectors,” the assessment says. “Unidentified actors have attacked electric cooling components, substations, and transformers, though the impact on the energy sector’s ability to provide localized services has been minimal.”