Congress of the United States
Mashington, BE 20515
December 15, 2023,
‘Te Honorable Jen Easterly
Director
Cybersecurity and Infrastructure Security Agency
US. Deparment of Homeland Socurty
245 Murray Lane
Washington, D.C. 20528
ear Diecor Easter:
We writ to express our serious concerns with recent reporting that Volt Typhoon, & Chinese
state-sponsored treat ater, ls infiltrated at least eo dozen ertcal infasructre entities over the past
year, inluding a water utility in Hawai, e major West Coast port, and an il and gos pipeline, and
aitemyted to gain acess to even more ~ including the Texas power ari.” This reporting builds on May
2023 findings fom Microsoft and a Cybersecurity Advisory from the Cybersecurity and Infrastructure
Security Agency (CISA) and ethers that found that Volt Typhoon had engaged in “stealthy and targeted
‘malicious activity” to gain and malian persistent access to networks to enable the disruption of “rtical
‘communications infrastructure between the United States and Asia region during future crises"? Given
‘Chinas ambitions related i Taiwan, we find the escalation of Volt Typhoon’s tactics extremely
troubling,
Historically, the goal of Chinese cyber operations was espionage, but Valt Typhoon’s recent
activity mark a cisturbing sit in China's objetives, Active since 2021, Valk Tyhpoon bas targeted 8
ranged of era infrastructure sectors ~ fom manufacturing to information technology o education —
‘throughout the United States, but recently has focused on assets within the Indo-Pacific region,
Including in Guam and Hawaii” According tothe Office ofthe Ditector of National Inteligence’s 2025,
‘Annual Treat Assessment, “China almost certainly is capable of launching eyber-atacks that could
isrupt critical infrastructure services within the United States including against oil and gis pipelines,
and ail systems." We viw thas latest breaches as blatant attempt to preposition capabilites that
«ould uhimately disrupt our nation's energy security supply chins, and transportation systems,
Jeopardizing our ability to swifly execute critical national security missions.
1 The Weshington Post, “Chinas evber-anmy is invading critica U.S, scrvises December 11,2023,
2 Microsoft Threat intelligence, “Volt Typhoon Targets US Critical Infrastructure with Living-Off-the.
Land Teshatgues” May 24,2023.
va
4 ofie of he Director of Navona nlligene,“Augual Thal Acsssment ofthe LS, fuieisense,
Communit Febroay 6, 2023‘We apprecite that CISA provides a range offeeecybersectrity services fo critica infastructare
owners and operstors, and that it has undertaken initiatives, such asthe Pipeline Cybersecurity Initiative,
to Improve te eyberscurty posture of targeted sectors. As Volt Typhoons cyber activity grows bolder
and more aggresive, CISA’s Supporto ertcal infastuctae owners and operators must evolve to
‘match the tres environment
As your Executive Director ison Wales his acknowledged, the nature of Vo Typhoon’s
«ber activity represents "2 significant change from Chinese cyber activity from seven to 10 years
‘go thet was focused primarily on political and economic espionage.”® CISA must be well
positioned to suppor eral infrastracture owners sid operators as they wark to defend thelr
etworks fom increasingly sophisticated cyber activity. We therefore request an in-person
bipatisan briefing to gain farther insight into this pressing national security concer,
cetly,
ToyE Neils ‘Donald M. Payne, J
Member of Congress ‘Member of Congress
are pn Frront
‘Andrew R Garbarino “Eric Swalwell
Member of Congress Member of Congress
* American Miltary News, “China's coher atniy infiltrating US: Kenack.” December 11,2023,