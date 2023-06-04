On the same day Typhoon Mawar made landfall on Guam and shut down water, power and telecom services, information about a digital storm potentially poised to strike the island came to light.

Microsoft on May 24 said it had uncovered “stealthy and targeted malicious” digital activity carried out by a state-sponsored hacking group in China called Volt Typhoon. Since 2021, Volt Typhoon has targeted critical infrastructure in Guam and in the U.S., Microsoft stated in a report.

“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors,” the company stated.

Volt Typhoon has been clandestinely infiltrating computer systems and looking to maintain access and gather data for as long as possible. In rare cases, hackers create “command and control” channels, capable of sending directions to compromised computer networks, Microsoft said in the report.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

The island is a key hub for undersea telecom cables that facilitate communication between the Asia-Pacific region and the mainland United States. Guam is one of the main targets for the Chinese military, in the event that conflict erupts with the U.S. over Taiwan, military experts have said.

The need for improved cybersecurity on Guam was one of the main focuses of a threat briefing given earlier this year to lawmakers by Joint Region Marianas, Sen. Dwayne San Nicolas told The Guam Daily Post recently.

San Nicolas, who oversees military affairs and emergency response for the Legislature, was unfamiliar with the details of the Chinese cyberattacks, but said he wasn't surprised.

“We’re fighting a war in technology," he said. "It's a matter of national security. There needs to be more conversation about how we handle that, we'll get to that once we get out of all this,” he said, referring to Typhoon Mawar recovery.

There’s good military reason for China to be targeting the island, according to Leland Bettis, with the think tank Pacific Center for Island Security.

“It's not original to me, but one of the best, the most effective missile defenses is to stop a missile from being launched” through cyberattacks, he told the Post.

Interrupting communications or utilities also is an effective means to demoralize a population, he said.

Cyberwarfare against the U.S. is nothing surprising or new, Bettis said, but is alarming in the Asia-Pacific because it lies in a “gray zone” when it comes to conflict. News of more cyberattacks originating from China could further sour relations with the U.S., at a time when tensions were already high.

“If there’s one miscommunication,” things could be dire for Guam, Bettis said.

Critical infrastructure

Cybersecurity incidents in just the past six months have stalled operations at Guam Memorial Hospital, as well as service to Docomo Pacific telecom customers, though no connection to foreign hackers has been confirmed.

Microsoft executives in an interview with The New York Times said networks in Guam’s telecommunication sector have been infiltrated.

The Post contacted local telecom companies to ask about the findings announced by Microsoft.

Docomo Pacific declined to comment on the specifics of the March attack the company faced. Company policy called for all specific inquiries about cyberthreats to be referred to the FBI, Docomo chief legal officer James Hofman told the Post in a statement.

“Fortunately, the damage from the March cyber incident was limited to certain segments of our network and no customer data was lost or compromised. We did not respond to the attackers and instead focused on rebuilding and fortifying our security protocols and policies.”

The company was aware of increasing threat activity from state-sponsored groups and criminal syndicates, Hofman said.

GTA Teleguam in a statement said it hasn't been on the receiving end of any attacks.

“There have been a few telecommunications providers on Guam who have been impacted by cyberattacks, but GTA is not one of them.”

IT&E was unable to comment immediately, due to issues in the aftermath of Typhoon Mawar.

“At the moment our entire team is prioritizing network restoration and recovery,” company content specialist Joy White said.

The New York Times also reported a port in the United States was targeted.

Port Authority of Guam General Manager Rory Respicio told the Post he wasn't aware of any Chinese cyberattack and said the Port Authority “(did) not have any indication that our system has been infiltrated."

Request for briefing

Vice Speaker Tina Muña Barnes, legislative oversight chair for regional and foreign affairs, is asking federal officials for more insight on any digital threat the island faces.

Attacks on Docomo and the hospital were “troubling,” given government services are conducted online, Barnes wrote in a letter to Rear Adm. Benjamin Nicholson, commander of Joint Region Marianas, and Jessica Egli, U.S. Department of Homeland Security senior intelligence officer assigned to the Mariana Regional Fusion Center.

“In light of recent international news media reports of malware installed in critical systems in Guam, I hope you can help me understand Guam’s information technology vulnerabilities and how our government can improve its IT infrastructure,” Barnes wrote.

Nicholson told the vice speaker he was “happy to discuss the this matter" in an email, but said “I am not an expert on cyberdefense.”

The admiral offered to work with U.S. Indo-Pacific Command to “have the appropriate experts brief you on this matter.”

“JRM is aware of the cyberthreats to Guam and is working with the appropriate organizations to protect Guam’s infrastructure,” Maj. Jonathan Camire, of media and current operations for U.S. Indo-Pacific Command Public Affairs in Hawaii, told the Post.

'A secure as we can be'

No compromise of the government of Guam computer network has been detected, at least among executive branch agencies, GovGuam chief technology officer Frank Lujan said.

“That can always change. Are we being attacked? Yes. ... We don't see it internally. But we do see it externally, and we're continually mitigating, doing our own mitigations to avoid those ... vulnerabilities.”

Some of GovGuam’s outdated computer systems, such as the AS-400, are harder to compromise, according to Lujan. Much of the vulnerability in a computer system comes from poor practices by users who access it and hard-to-access, old-school computer networks make access tougher, he said.

Vulnerability increases as government infrastructure moves toward more updated, cloud-based computer software, and “those risks are everywhere.”

But, according to Lujan, there’s no vector he can see where Volt Typhoon attackers can get into GovGuam’s system. Autonomous agencies such as the local utilities aren't under his oversight, he said, but have very good security protocols.

“We are as secure as we can be with the resources that we have in place,” he said.

The local Offices of Homeland Security and Civil Defense said they are monitoring news about Chinese attacks, along with the Mariana Regional Fusion Center.

The offices of Homeland Security and Civil Defense “continue to monitor open-source reports and is unable to provide any further information on the matter,” spokesperson Jenna Blas said.