HAGÅTÑA (The Guam Daily Post) — Following an update with the U.S. Department of Homeland Security last week, Vice Speaker Tina Muña Barnes said she is “even more” concerned about the damage that could be done by persistent and advanced cybersecurity threats directed toward Guam.
“Whether the end goal is data smuggling or interrupting critical communications for the island, our neighbors or allies – the mere fact that as much as 75% or more of information relayed over the internet transitions through one of the island’s undersea cables should be enough reason for our local and federal governments to make and fund drastic improvements of our efforts to combat these bad actors,” the vice speaker told The Guam Daily Post.
Threats to Guam from the cyber front have perhaps been no more visible than within this year.
In March, the Guam Memorial Hospital Authority detected unauthorized access to its hospital network, prompting a network shutdown that lasted more than a week, and resulting in investigation by federal authorities. Later that month, the telecom company Docomo Pacific fell victim to a cyberattack that required certain servers to be shut down in order to isolate the intrusion, affecting service for many home internet subscribers.
Then, in late May, around the same time Typhoon Mawar struck Guam, Microsoft released a report stating that a state-sponsored hacker group based in China had targeted critical infrastructure organizations in Guam and elsewhere in the U.S.
Earlier this month, the Microsoft Threat Analysis Center published another report, stating in part that multiple China-based threat groups continue to target the U.S. defense industrial base, with Guam being one of the most frequent targets of these campaigns.
Barnes leads the legislative committee overseeing federal and foreign affairs, as well as the Office of Technology. Earlier this year, she wrote to military and regional intelligence officials hoping to gain more insight on cybersecurity, as reports of cyberattacks on Guam emerged.
Following the release of the September Microsoft report, The Guam Daily Post reached out to Barnes to ask what she had learned about the island’s cyber vulnerabilities, ways to improve infrastructure and what avenues regarding cybersecurity could be explored moving forward. The vice speaker said her work in the near term will include measures that will help the government of Guam refocus toward capacity building, strategic planning and protection protocols.
“Specifically, this will include hearings with relevant stakeholders who deal with cybersecurity threats every day and legislation that addresses risk management in local procurement, especially when there is a potential to purchase goods or services from known adversaries of America,” Barnes said.
Guam is said to be a major target for China, given its relevancy in any potential conflict with the United States, due to the military infrastructure on island. For local residents, the plan to build a 360-degree Enhanced Integrated Air and Missile Defense System is likely the most visible indication of the U.S. military’s acknowledgement of the looming threat of attack from China.
And in view of the island’s importance to U.S. force projection in the Asia-Pacific region, it should be assumed that attempts to exploit any cyber vulnerabilities on Guam will continue to take place, according to Leland Bettis, a member of the think tank Pacific Center for Island Security.
Microsoft reported that Chinese state-affiliated threat groups have targeted critical U.S. infrastructure, including telecommunications, inclusive of satellite communications and fiber-optic systems. This would be the most strategic target, and a successful attack could have significant effect on a range of U.S. capabilities, including disruptions to intelligence surveillance and reconnaissance throughout the region, and interruptions to a wide range of tactical and strategic communications, as well as interruptions to more mundane equipment operations that depend on computer systems for loading and unloading supplies, according to Bettis.
He added that disrupting space operations and linked segments, such as undersea cables, would likely be a high-value target given Guam’s significance in this area and the significance of these activities to the United States’ force projection from Guam. Although, “one has to assume” that the Chinese strategy for space disruption would be generally similar to the U.S. strategy, Bettis said, pointing to the September report on space policy from the Department of Defense, which noted that operations to deny an adversary’s use of space could originate in any domain and target on-orbit, ground, cyber and/or link segments.
Of course, allegations involving cyberthreat activities are not one-sided, with China and the U.S. regularly lobbing accusations against each other.
China said this year’s attack on an earthquake monitoring center in Wuhan was government-backed and came from the U.S. Chinese authorities also have accused the U.S. of infiltrating servers belonging to Huawei Technologies Co., a Chinese multinational technology corporation.
Bettis noted that the Microsoft reports and recent allegations from China came ahead of the U.S. Department of Defense releasing its annual cyber strategy summary earlier this month. That summary was the point of discussion in a meeting held in late September between U.S. defense officials and defense officials with the People’s Republic of China.
“The U.S. release of its cybersecurity strategy at this time of the year is fairly regular. And the Chinese have sort of released the whole Huawei allegation that goes back for a very long time. It’s almost like posturing. So, some of the stuff you see going back and forth may be posturing leading up to that conference about the U.S. cyber strategy,” Bettis said. “I mean there’s posturing that goes on. And I suspect that may be part of what we’ve seen in the last month.”
With cyberattacks appearing to be an ongoing issue for the foreseeable future, Bettis said “cyber hygiene” is something people need to be cognizant of.
“There are places that (are) going to be more important than others, … if you work at the Port Authority of Guam, if you’re working at the airport, those sorts of places. Obviously, if you work on a military base, or are a military contractor, … you have to be extra diligent,” Bettis said.
He added that he expects there will be significant amounts of federal funding coming to Guam for training against cyberthreats in the next year or so.
“I think there’s an awareness of it, and I think you’re going to see more resources put into improving cybersecurity hygiene in Guam,” Bettis said.
The Federal Emergency Management Agency announced in August that about $1 million will be made available to shore up cybersecurity in the government of Guam. The Post does not know the status of that funding, but the Guam Homeland Security adviser said this month that Guam is nearing the completion of a plan to protect against cyber-related threats, and is working to build up response capabilities with training.
Barnes noted that cybersecurity threats extend to private businesses and every resident on Guam.
“I encourage every resident to reach out to Guam Homeland Security and the Office of Civil Defense for tips on how to protect your sensitive information from hackers. Please report any security breaches, particularly when blackmail or other threats have been made, to the Marianas Regional Fusion Center. All complaints and reports will protect the identities of any victims who come forward,” she added.
Vice Speaker Tina Muña Barnes asks a question during continuing budget hearings Tuesday, Aug. 29, 2023, in the Session Hall of the Guam Congress Building in Hagåtña.
