HAGÅTÑA (The Guam Daily Post) — Guam, with its vast array of military infrastructure and key location in the Pacific, remains a target for cyberthreat actors, particularly as tensions remain between the U.S. and the People’s Republic of China over Taiwan.
Residents were largely made aware of specific activities targeting Guam in late May, after Microsoft published its observations of the China-backed hacker group Volt Typhoon. Microsoft reported that the Volt Typhoon group has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the U.S.
But, according to Frank Lujan, the chief technology officer at the Office of Technology, “other than knowing there were areas within Guam that was affected,” the office has yet to see evidence that infrastructure within Guam has been compromised by Volt Typhoon’s tactics.
“As I mentioned, it is very difficult to detect. We just know that it’s there. Where it is, that’s kind of the big question. Right now, we have all the tools in place to try and look for those indicators of compromise. But at this point, we still don’t see it,” Lujan told media Monday at a press conference during the 2024 Central Pacific Cybersecurity Summit, held at the University of Guam in Mangilao.
Volt Typhoon relies almost exclusively on “living-off-the-land” techniques, used to evade file-based detection systems, and hands-on keyboard activities, according to Microsoft.
At Monday’s summit, where Lujan was a speaker, the chief technology officer said Volt Typhoon stands out as a “stark reminder” of the “evolving threat landscape.”
“This advanced persistent threat employs sophisticated tactics, techniques and procedures, including the living-off-the-land strategy, which makes it particularly insidious. Volt Typhoon APT emphasizes its ability to operate within existing infrastructure, hiding in plain sight … and making their obscurity a formidable challenge to detect and mitigate,” Lujan said.
According to Lujan, a shortfall in skilled cybersecurity professionals exacerbates Guam’s vulnerabilities and underscores “the imperative” to invest in education, training and recruitment in the field.
At the press conference, Lujan said officials learned over the last year that “building from the ground up” is likely the best approach to addressing the local workforce shortage in cybersecurity. Bringing professionals in from off island tends to be very competitive, he added.
“We’re working on a number of different strategies and this summit, in itself, is kind of a start to help bridge that gap,” Lujan said.
Of course, Volt Typhoon isn’t the only threat actor targeting Guam. The Microsoft Threat Analysis Center published a report in September partly stating that multiple China-based threat groups continue to target the U.S. defense industrial base, namely Volt Typhoon, Circle Typhoon and Mulberry Typhoon. While the groups’ targets occasionally overlap, they utilize different infrastructure and have different capabilities, with Guam being one of the most frequent targets of their campaigns, according to Microsoft.
With cyberthreats not going away anytime soon, Vice Speaker Tina Muña Barnes introduced Bill 190-37, which proposes to create a “Marianas Cyber Security Working Group” to discuss such issues and possibly recommend laws and policies to protect systems and eliminate vulnerabilities.
Gov. Lou Leon Guerrero noted at the summit Monday that Guam has received more than $156 million in federal funding to increase access to high-speed internet on island.
“This just raises the level and the importance of cybersecurity,” Leon Guerrero said.
“Add to that artificial intelligence and our growing dependence on AI. For us here at home, we must be extra mindful. The rising geopolitical tensions over Taiwan have made us a greater target, and (are) why state-sponsored threat actors have shown an increased interest in Guam. Very scary,” the governor added.
Guam needs to prepare for attack and build cybersecurity capacity on the island, starting with the training and development of cybersecurity experts, Leon Guerrero said.
Speakers of the Central Pacific Cybersecurity Summit 2024 hold a press conference during the event Monday, Nov. 6, 2023, at the University of Guam in Mangilao.
