Heads Up – Joint Cybersecurity Advisory AA24-038A, The Year Ahead

Source:  Joint Cybersecurity Advisory AA24-038A available here (PDF document).

“PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure“

While portions raise some questions…for those that want a BLUF the following portion should get your attention.

“The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and non-continental United States and its territories, including Guam. Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts. CCCS assesses that the direct threat to Canada’s critical infrastructure from PRC state-sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be disrupted, Canada would likely be affected as well, due to cross-border integration. ASD’s ACSC and NCSC-NZ assess Australian and New Zealand critical infrastructure, respectively, could be vulnerable to similar activity from PRC state-sponsored actors.”

The alert is a good read for those with any involvement in Civ/Govt Preparedness, EmComm, EMA, FD/EMS, LE, Nat’l Guard, etc.

FYI for the hams, you best be careful what services/ports you are directly exposing to the internet. For those that think “ah they don’t care about the hams?” Well I hate to break it to you, these are pros and they are well aware of ham radio’s potential “backup” role in disaster response communications. Are we a huge concern for them? No, especially given the current state of ham radio EmComm (LOL), but these threats are well aware of ham radio. Now how many of you are exposing ham systems directly to the wide open internet with “reachable” software/services that have seen little if any security testing/auditing for buffer overflows etc?

Preparedness Tip – Consider the Fall to be one of the high risk times for such potential conflicts to break out. The weather around that time frame is the most conducive to traditional military operations in that part of the world. That said, nothing says this would be a traditional conflict.

“We are paying attention {to world events} and adjusting because we could go to war tonight, this weekend.”   General Randy George, US Army Chief of Staff

Those in preparedness with half a clue about how these types of CI attacks could play out with their immediate and long term impacts…..should know what to do. As far as the impacts for the average unprepared citizen? Well just remember the early weeks of the Toilet Paper Pandemic. Now picture a scene of exponentially higher panic. It is fine to be concerned, but don’t be a part of the panic crowd.

The last few years should serve as an education in the need for preparedness for all of us. Heck, I felt my family was well prepared. We made some “adjustments” after witnessing how both the public and govt handled the last few years. We asked that unsettling question of “What if this had been an order of magnitude worse?”

For those creative entrepreneurs out there… To keep it family friendly, we need a version with Clusterfudge vs Cluster$#@  No worries, most everyone will get it LOL.

While it’s impossible to prepare for every possible scenario, focus on having your family well prepared for the most likely scenarios. Have a Plan B. Then have a backup Plan for your Plan B. Remember if things go seriously sideways, right then is a really poor time to be winging it on your decision making amidst widespread panic and confusion. In many scenarios the tough choices you make early on in the incident will have major impacts on if or how well your family survives what is playing out.  The time to plan is now, not after the smelly stuff is hitting the rapidly oscillating blades. Leave the panic and poor decision making to the many millions that sadly didn’t learn a thing from the last few years.

As one of my favorite WYNG leaders likes to “bomb drop” during tabletop exercises…Pop Quiz time.

Pop Quiz #1:  For the reader, pretend right now, right where you are at, your local power grid has failed without any obvious explanation. Within the hour you learn that it is widespread, rumors are most or all of the country is impacted. The hours drag by, something has gone very wrong. Some radio/cell/internet is up, but much of it (batteries only last for so long, generators need fuel…sometimes do not start) is already slowly failing or overloaded to the point of being useless. Rumors are going wild and confusion reigns. Traffic control systems are down and there are traffic accidents galore. Fire/EMS and LE are overloaded and trying to function with overloaded/down/failing voice and data communications. Before long the criminals will start doing what they do. Your kids are in school. Your spouse is at work. Whatcha gonna do?

Pop Quiz #2:  Same as above, but it’s clearly a massive coordinated critical infrastructure cyberattack. Power, telco/cell, and internet is all out. Maybe even your municipal water smells horrid or pressure = zero. You may have full bars on your cell, but you are not able to call or text anyone. Even hardwired landlines are just fast busy signals.. Whatcha gonna do?

Pop Quiz #3:  Same as above, but nearly everything electronic goes dead as if the mother of all master power switches just got flipped to the off position.  You look at your phone, it’s either malfunctioning or dead in your hand. It’s like the world around you was instantly knocked back to the stone ages. Some will recognize this as an HEMP attack, but most will have no idea what is going on for awhile. Given the hell on earth that will quickly develop in the coming days, this is definitely one of those scenarios where being prepared and making good initial decisions will impact your family’s survival chances. The clock is ticking. So again, whatcha gonna do? Sorry, but just standing there fouling your underwear is not an acceptable answer.

Yeah there is a lot more that could be covered here, but this is getting long enough. Not trying to scare you, but only to nudge you towards giving these low-probability, high-impact scenarios some thought.

For those that have yet to read the memo, the world changed in 2020 and not for the better. While I have faith that better times are ahead, it may be several years getting there. Things may well get worse before they get better.

“So next year we will likely see the climax to a number of current dangerous ideas, events, and forces, which finally will either overwhelm us or be addressed and remedied. We live in a Neronian age but can recover if we first understand how we got here and the nature of the suicide we are committing.”    Victor David Hanson, December 2023

IMHO, we face very interesting times ahead for the next 12-36 months. Buckle up, be safe, be prepared, and be vigilant. Let me leave you with the snippet below from a holiday season posting on the KYPN BBS systems. Opinions will vary, but I think the title and item #8 applies well….

For some of the hams in my hobby inbox lately…  I may cover some of the FAQ in there as time allows, but outside of the winter months don’t expect much on this blog. For now I’ll leave it at if you are just lurking on the sidelines of public blogs and the many “apparently dead” mailing lists, then let’s just say you are definitely out of the loop on some things. Ham radio is a participation hobby. Not everything is nor should it be on the public internet in today’s world.

2023 was a busy year and there will be plenty to talk/blog about when saner times return.

ZKO