Safeguarding Critical Infrastructure against Threats from the People’s Republic of China


By Eric Goldstein, Executive Assistant Director, CISA

As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organization of all sizes at home and around the world. CISA regularly shares actionable information to help security professionals and leadership manage risk and protect their systems against a range of threats. 

Today, we joined our partners at the Federal Bureau of Investigation and National Security Agency to release a joint cybersecurity advisory detailing various Chinese state-sponsored cyber techniques used to target U.S. and allied networks.  With the Department of Justice unsealing indictments related to Advanced Persistent Threat 40 (APT40) cyber actors, CISA and FBI published a joint advisory providing technical details of their malicious activities and how to mitigate this threat. Accompanying both of these technical advisories is the latest CISA Insights, which provides specific actions for leaders to take when making long-term cybersecurity decisions about their business or organization.

These actions include:

  1. Drive a culture of cybersecurity investment and strategy, including ensuring everyone in your organization knows to follow best practices related to cybersecurity;
  2. Ensure your organization has incident response plans, and that all personnel know how to follow them; and
  3. Stay informed about the latest malicious cyber activity, such as the activity described in today’s joint advisory.

CISA Insights provides a number of resources for all three actions.  In order to help you stay informed on nation-state cyber activity, all of CISA’s alerts, advisories and resources are available at our dedicated page.  This includes mitigation techniques and information on how to report an incident.

Whether we’re talking about the threat from the PRC or elsewhere, one thing is clear – everyone has a role to play in cybersecurity.  CISA is here to provide information and resources to help your organization avoid becoming the next victim.  I encourage you to review the joint cybersecurity advisory, the latest CISA Insights, and visit our page regularly for update.