Sign up to save your podcasts
Or
Share China's cyber crews camping in US grids - CISA says lock the back door before its too late
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's cyber crews camping in US grids - CISA says lock the back door before its too late
This is your Tech Shield: US vs China Updates podcast.
Hey listeners, Ting here – your friendly neighborhood China-and-cyber nerd. Let’s jack straight into this week’s “Tech Shield: US vs China” feed.
The headline shift comes from a new Check Point analysis warning that the US has moved into a full-on “strategic cyber competition” phase with China and other state-aligned actors, where intrusions into government and critical infrastructure aren’t just spying anymore, they’re long-term beachheads designed to be flipped into disruption during a crisis. Check Point describes these as “strategic access actors” quietly camping inside power grids, health systems, and government networks, pre-positioned to coerce or disable the US if Taiwan or the South China Sea ever goes hot.
On the defense side, US agencies are leaning hard into guidance and coordination. CISA, NSA and their friends keep hammering critical infrastructure operators about locking down operational technology – those industrial control systems that run water, power, pipelines, ports – because that’s exactly where Chinese state-backed crews love to lurk. They’re pushing “secure-by-design” for OT vendors, strong authentication, and the very unsexy but lifesaving rule: if your industrial device is directly on the public internet, you are basically offering it as a practice target.
In parallel, MITRE just expanded its ATT&CK Evaluations to focus more on cloud and multi-platform espionage campaigns, explicitly to help defenders emulate state actors like China that blend identity abuse, supply chain compromise, and stealthy persistence across hybrid environments. That’s nerd-speak for: enterprises now get better test ranges to see if their shiny EDR and XDR tools can actually catch a stealthy PRC operator hopping from cloud to on-prem and back again.
On Capitol Hill, lawmakers are sharpening the outer moat. Some senators are pushing tougher telecom and satellite security measures in the wake of Chinese-linked campaigns like Salt Typhoon, arguing that if your baseband and your space segment are compromised, everything else is cosplay. Others worry too much regulation will slow 5G, 6G, and commercial space innovation – which, ironically, could hand Beijing the edge anyway.
Industry, for once, isn’t just doomscrolling. US vendors are racing to bake AI into detection – think models trained specifically on Chinese tradecraft patterns – and rolling out managed threat-hunting for mid-sized utilities and hospitals that will never have a 24/7 in-house SOC. The catch? As Check Point points out, China is also using AI to accelerate zero-day discovery and social engineering, so we’re in an algorithmic arms race, not a one-sided upgrade.
Effectiveness check: the good news is US visibility and coordination are way better than even two years ago, and the shift toward preemptive “hunt forward” operations plus better public advisories is closing some of the easiest doors. The bad news is structural: critical infrastructure still runs on decades-old gear, patching windows are tiny, and a lot of smaller operators treat cyber like a paperwork problem, not an existential one. That’s the gap Chinese operators are betting on.
If I had to grade this week’s US tech shield against China: improving, but still too much legacy shrapnel in the stack and too many incentives to fix breaches after the fact instead of hardening before the next campaign.
Thanks for tuning in, listeners – don’t forget to subscribe so you don’t miss the next deep dive into the US–China cyber chessboard. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here – your friendly neighborhood China-and-cyber nerd. Let’s jack straight into this week’s “Tech Shield: US vs China” feed.
The headline shift comes from a new Check Point analysis warning that the US has moved into a full-on “strategic cyber competition” phase with China and other state-aligned actors, where intrusions into government and critical infrastructure aren’t just spying anymore, they’re long-term beachheads designed to be flipped into disruption during a crisis. Check Point describes these as “strategic access actors” quietly camping inside power grids, health systems, and government networks, pre-positioned to coerce or disable the US if Taiwan or the South China Sea ever goes hot.
On the defense side, US agencies are leaning hard into guidance and coordination. CISA, NSA and their friends keep hammering critical infrastructure operators about locking down operational technology – those industrial control systems that run water, power, pipelines, ports – because that’s exactly where Chinese state-backed crews love to lurk. They’re pushing “secure-by-design” for OT vendors, strong authentication, and the very unsexy but lifesaving rule: if your industrial device is directly on the public internet, you are basically offering it as a practice target.
In parallel, MITRE just expanded its ATT&CK Evaluations to focus more on cloud and multi-platform espionage campaigns, explicitly to help defenders emulate state actors like China that blend identity abuse, supply chain compromise, and stealthy persistence across hybrid environments. That’s nerd-speak for: enterprises now get better test ranges to see if their shiny EDR and XDR tools can actually catch a stealthy PRC operator hopping from cloud to on-prem and back again.
On Capitol Hill, lawmakers are sharpening the outer moat. Some senators are pushing tougher telecom and satellite security measures in the wake of Chinese-linked campaigns like Salt Typhoon, arguing that if your baseband and your space segment are compromised, everything else is cosplay. Others worry too much regulation will slow 5G, 6G, and commercial space innovation – which, ironically, could hand Beijing the edge anyway.
Industry, for once, isn’t just doomscrolling. US vendors are racing to bake AI into detection – think models trained specifically on Chinese tradecraft patterns – and rolling out managed threat-hunting for mid-sized utilities and hospitals that will never have a 24/7 in-house SOC. The catch? As Check Point points out, China is also using AI to accelerate zero-day discovery and social engineering, so we’re in an algorithmic arms race, not a one-sided upgrade.
Effectiveness check: the good news is US visibility and coordination are way better than even two years ago, and the shift toward preemptive “hunt forward” operations plus better public advisories is closing some of the easiest doors. The bad news is structural: critical infrastructure still runs on decades-old gear, patching windows are tiny, and a lot of smaller operators treat cyber like a paperwork problem, not an existential one. That’s the gap Chinese operators are betting on.
If I had to grade this week’s US tech shield against China: improving, but still too much legacy shrapnel in the stack and too many incentives to fix breaches after the fact instead of hardening before the next campaign.
Thanks for tuning in, listeners – don’t forget to subscribe so you don’t miss the next deep dive into the US–China cyber chessboard. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Tech Shield: US vs China Updates podcast.
Hey listeners, Ting here – your friendly neighborhood China-and-cyber nerd. Let’s jack straight into this week’s “Tech Shield: US vs China” feed.
The headline shift comes from a new Check Point analysis warning that the US has moved into a full-on “strategic cyber competition” phase with China and other state-aligned actors, where intrusions into government and critical infrastructure aren’t just spying anymore, they’re long-term beachheads designed to be flipped into disruption during a crisis. Check Point describes these as “strategic access actors” quietly camping inside power grids, health systems, and government networks, pre-positioned to coerce or disable the US if Taiwan or the South China Sea ever goes hot.
On the defense side, US agencies are leaning hard into guidance and coordination. CISA, NSA and their friends keep hammering critical infrastructure operators about locking down operational technology – those industrial control systems that run water, power, pipelines, ports – because that’s exactly where Chinese state-backed crews love to lurk. They’re pushing “secure-by-design” for OT vendors, strong authentication, and the very unsexy but lifesaving rule: if your industrial device is directly on the public internet, you are basically offering it as a practice target.
In parallel, MITRE just expanded its ATT&CK Evaluations to focus more on cloud and multi-platform espionage campaigns, explicitly to help defenders emulate state actors like China that blend identity abuse, supply chain compromise, and stealthy persistence across hybrid environments. That’s nerd-speak for: enterprises now get better test ranges to see if their shiny EDR and XDR tools can actually catch a stealthy PRC operator hopping from cloud to on-prem and back again.
On Capitol Hill, lawmakers are sharpening the outer moat. Some senators are pushing tougher telecom and satellite security measures in the wake of Chinese-linked campaigns like Salt Typhoon, arguing that if your baseband and your space segment are compromised, everything else is cosplay. Others worry too much regulation will slow 5G, 6G, and commercial space innovation – which, ironically, could hand Beijing the edge anyway.
Industry, for once, isn’t just doomscrolling. US vendors are racing to bake AI into detection – think models trained specifically on Chinese tradecraft patterns – and rolling out managed threat-hunting for mid-sized utilities and hospitals that will never have a 24/7 in-house SOC. The catch? As Check Point points out, China is also using AI to accelerate zero-day discovery and social engineering, so we’re in an algorithmic arms race, not a one-sided upgrade.
Effectiveness check: the good news is US visibility and coordination are way better than even two years ago, and the shift toward preemptive “hunt forward” operations plus better public advisories is closing some of the easiest doors. The bad news is structural: critical infrastructure still runs on decades-old gear, patching windows are tiny, and a lot of smaller operators treat cyber like a paperwork problem, not an existential one. That’s the gap Chinese operators are betting on.
If I had to grade this week’s US tech shield against China: improving, but still too much legacy shrapnel in the stack and too many incentives to fix breaches after the fact instead of hardening before the next campaign.
Thanks for tuning in, listeners – don’t forget to subscribe so you don’t miss the next deep dive into the US–China cyber chessboard. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here – your friendly neighborhood China-and-cyber nerd. Let’s jack straight into this week’s “Tech Shield: US vs China” feed.
The headline shift comes from a new Check Point analysis warning that the US has moved into a full-on “strategic cyber competition” phase with China and other state-aligned actors, where intrusions into government and critical infrastructure aren’t just spying anymore, they’re long-term beachheads designed to be flipped into disruption during a crisis. Check Point describes these as “strategic access actors” quietly camping inside power grids, health systems, and government networks, pre-positioned to coerce or disable the US if Taiwan or the South China Sea ever goes hot.
On the defense side, US agencies are leaning hard into guidance and coordination. CISA, NSA and their friends keep hammering critical infrastructure operators about locking down operational technology – those industrial control systems that run water, power, pipelines, ports – because that’s exactly where Chinese state-backed crews love to lurk. They’re pushing “secure-by-design” for OT vendors, strong authentication, and the very unsexy but lifesaving rule: if your industrial device is directly on the public internet, you are basically offering it as a practice target.
In parallel, MITRE just expanded its ATT&CK Evaluations to focus more on cloud and multi-platform espionage campaigns, explicitly to help defenders emulate state actors like China that blend identity abuse, supply chain compromise, and stealthy persistence across hybrid environments. That’s nerd-speak for: enterprises now get better test ranges to see if their shiny EDR and XDR tools can actually catch a stealthy PRC operator hopping from cloud to on-prem and back again.
On Capitol Hill, lawmakers are sharpening the outer moat. Some senators are pushing tougher telecom and satellite security measures in the wake of Chinese-linked campaigns like Salt Typhoon, arguing that if your baseband and your space segment are compromised, everything else is cosplay. Others worry too much regulation will slow 5G, 6G, and commercial space innovation – which, ironically, could hand Beijing the edge anyway.
Industry, for once, isn’t just doomscrolling. US vendors are racing to bake AI into detection – think models trained specifically on Chinese tradecraft patterns – and rolling out managed threat-hunting for mid-sized utilities and hospitals that will never have a 24/7 in-house SOC. The catch? As Check Point points out, China is also using AI to accelerate zero-day discovery and social engineering, so we’re in an algorithmic arms race, not a one-sided upgrade.
Effectiveness check: the good news is US visibility and coordination are way better than even two years ago, and the shift toward preemptive “hunt forward” operations plus better public advisories is closing some of the easiest doors. The bad news is structural: critical infrastructure still runs on decades-old gear, patching windows are tiny, and a lot of smaller operators treat cyber like a paperwork problem, not an existential one. That’s the gap Chinese operators are betting on.
If I had to grade this week’s US tech shield against China: improving, but still too much legacy shrapnel in the stack and too many incentives to fix breaches after the fact instead of hardening before the next campaign.
Thanks for tuning in, listeners – don’t forget to subscribe so you don’t miss the next deep dive into the US–China cyber chessboard. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI