Congress of the United States Mashington, BE 20515 December 15, 2023, ‘Te Honorable Jen Easterly Director Cybersecurity and Infrastructure Security Agency US. Deparment of Homeland Socurty 245 Murray Lane Washington, D.C. 20528 ear Diecor Easter: We writ to express our serious concerns with recent reporting that Volt Typhoon, & Chinese state-sponsored treat ater, ls infiltrated at least eo dozen ertcal infasructre entities over the past year, inluding a water utility in Hawai, e major West Coast port, and an il and gos pipeline, and aitemyted to gain acess to even more ~ including the Texas power ari.” This reporting builds on May 2023 findings fom Microsoft and a Cybersecurity Advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and ethers that found that Volt Typhoon had engaged in “stealthy and targeted ‘malicious activity” to gain and malian persistent access to networks to enable the disruption of “rtical ‘communications infrastructure between the United States and Asia region during future crises"? Given ‘Chinas ambitions related i Taiwan, we find the escalation of Volt Typhoon’s tactics extremely troubling, Historically, the goal of Chinese cyber operations was espionage, but Valt Typhoon’s recent activity mark a cisturbing sit in China's objetives, Active since 2021, Valk Tyhpoon bas targeted 8 ranged of era infrastructure sectors ~ fom manufacturing to information technology o education — ‘throughout the United States, but recently has focused on assets within the Indo-Pacific region, Including in Guam and Hawaii” According tothe Office ofthe Ditector of National Inteligence’s 2025, ‘Annual Treat Assessment, “China almost certainly is capable of launching eyber-atacks that could isrupt critical infrastructure services within the United States including against oil and gis pipelines, and ail systems." We viw thas latest breaches as blatant attempt to preposition capabilites that «ould uhimately disrupt our nation's energy security supply chins, and transportation systems, Jeopardizing our ability to swifly execute critical national security missions. 1 The Weshington Post, “Chinas evber-anmy is invading critica U.S, scrvises December 11,2023, 2 Microsoft Threat intelligence, “Volt Typhoon Targets US Critical Infrastructure with Living-Off-the. Land Teshatgues” May 24,2023. va 4 ofie of he Director of Navona nlligene,“Augual Thal Acsssment ofthe LS, fuieisense, Communit Febroay 6, 2023‘We apprecite that CISA provides a range offeeecybersectrity services fo critica infastructare owners and operstors, and that it has undertaken initiatives, such asthe Pipeline Cybersecurity Initiative, to Improve te eyberscurty posture of targeted sectors. As Volt Typhoons cyber activity grows bolder and more aggresive, CISA’s Supporto ertcal infastuctae owners and operators must evolve to ‘match the tres environment As your Executive Director ison Wales his acknowledged, the nature of Vo Typhoon’s «ber activity represents "2 significant change from Chinese cyber activity from seven to 10 years ‘go thet was focused primarily on political and economic espionage.”® CISA must be well positioned to suppor eral infrastracture owners sid operators as they wark to defend thelr etworks fom increasingly sophisticated cyber activity. We therefore request an in-person bipatisan briefing to gain farther insight into this pressing national security concer, cetly, ToyE Neils ‘Donald M. Payne, J Member of Congress ‘Member of Congress are pn Frront ‘Andrew R Garbarino “Eric Swalwell Member of Congress Member of Congress * American Miltary News, “China's coher atniy infiltrating US: Kenack.” December 11,2023,