Chinese cyber attacks could bring the West to a standstill
10:22 Share

If you work as a manufacturing facilities engineer, installing a new piece of equipment can be as complex as the machinery itself. From prep work to alignment and testing, it's your team's job to put it all together. That's why it's good to have Grainger on your side. With industrial-grade products and next-day delivery, Grainger helps ensure you have everything you need close at hand through every step of the installation. Call 1-800-GRAINGER, clickgrainger.com, or just stop by. Grainger, for the ones who get it done.

Work management platforms. Ugh. Endless onboarding. IT bottlenecks. Admin requests. But what if things were different? We found love.

Monday.com is different. No lengthy onboarding. Beautiful reports in minutes. Custom workflows you can build on your own. Easy to use, prompt-free AI. Huh. Turns out you can love a work management platform. Monday.com, the first work platform you'll love to use.

Welcome to The World in 10. In an increasingly uncertain world, this is The Times' daily podcast dedicated to global security. I'm Laura Cook with

with Toby Gillis. Last month, a total power cut across Spain and Portugal left the two nations and the wider world with more questions than answers. Still, with both having ruled out a cyber attack, it's not clear why it happened. Yet the carnage it caused prompted The Times' security expert Edward Lucas to analyse a future in which a cyber attack leaves much of the West in the dark.

In it, he references a recent warning by the so-called Five Eyes Intelligence Sharing Alliance of Australia, Britain, Canada, New Zealand and the United States that China has a team preparing to do just that. The vision Edward paints sounds apocalyptic. It documents just how reliant on power we are and crucially how such warnings are going unheeded. And Edward joins us now.

Your writing, frankly, has left me scared. How vulnerable are the power grids of the West, would you say? I think there's two dimensions to the fragility. One is what kind of engineering do we have that gives us the ability to withstand what one might call bumps in the road, which would be changes in the sun or wind, technical breakdowns and so on. And then the second element to this is

what happens if these breakdowns are weaponized, if someone is actually attacking us deliberately? And we still don't know what the real cause of the Spanish and Portuguese breakdown was. Clearly, a lot of things went wrong all at the same time. Whether someone was giving a helping hand or not, we don't know. They got back on...

online amazingly quickly. This is a remarkable achievement in engineering terms to do what's called a black start, getting a sort of dead grid up and running again within a few hours. And simulations in Britain of this sort of breakdown suggest it would be days before we got back. So hats off to them for that.

But it still shouldn't have happened in the first place. People pay their electricity bills and the expectation that the power will stay on all the time. And so there's lessons for all of us in this about what we do in terms of storage, in terms of redundancy. Also planning to make sure that when something does go wrong, you don't respond just by pulling plugs out, but you have a backup plan that keeps you online and keeps the power flowing.

Whether Spain and Portugal's outage was sabotage or not, your piece focuses on the potential for that. And China in particular has a team of hackers planning an attack on Western infrastructure. What exactly are they capable of?

Well, this is the name Volt Typhoon. It's not called that in Chinese, but this was the subject of a very detailed and urgent warning from the so-called Five Eyes. That's Britain and the United States, Canada, Australia, New Zealand. And their intelligence services said, wash out. We can see that these Chinese hackers are all over the...

The networks that run our critical national infrastructure, so that's telecommunications, power, water, sewerage, those things, they are able to lurk pretty much undetected and therefore it's very hard to get them off the network and to be sure they're off the network.

They are there to find out how it works and in preparation for sabotage. And that was a pretty blunt warning from people who normally work in the shadows, people like Britain's GCHQ, America's National Security Agency. Obviously, they don't give away too much. They don't want to alert the Chinese to how it is that we know that they're there. But this is pretty serious. This is the equivalent of having

landmines and sea mines planted in our territory and in our harbours and sea lanes with the ability to turn them on remotely if needed. So it's not actually an act of war, but it would make war, when it happens, go very badly for us if we weren't able to counter that. And so we should take that warning very seriously.

When Covid struck, it emerged that a lot of warnings about the potential for a pandemic had gone unheeded. If these go in a similar direction, could it be equally, if not more, catastrophic?

Yes. COVID was bad. It could have been a lot worse. And this would be catastrophic for me if the whole payment system goes down. If you imagine the power grid going down as it did in Spain and staying down, that's pretty much the end of civilized life. We're only a couple of days away from food riots and vigilantes and all sorts of other unpleasantness.

So we need to ask very hard questions of the authorities. Are you ready for this? And what plans do you have if it happens? In your piece, you mentioned that the Chinese have already compromised American communications of energy, transport, water and sewage systems. If the Five Eyes know about this, can't they stop it?

The problem with Vult Typhoon, as I said at the beginning, is that it lurks on networks. It's very hard to be absolutely sure that you've scrubbed a network clean from this kind of very advanced malware, and it may be lurking in a printer somewhere or in some neglected and unused bit of the system, and it can activate very quickly, and it can be very hard to know, short of throwing every single program and every single computer away all at the same time, starting from scratch. It's very hard to know

that you've completely cleaned your system. I think it depends very much what the Chinese are trying to do. People don't launch cyber attacks just for the fun of it. It's there to deter decision makers from taking steps or to punish them for the steps that they've taken.

So you might well see, if it was a scrap over Taiwan, that the biggest attack would be on Taiwan to disable its defence. There'll be something happening in the United States to say, stay clear. And maybe something happening in Europe just to warn us that we're vulnerable too. Now, of course, the trouble with cyber weapons is that once you use them, then people start noticing what you've done and taking countermeasures. So they're kind of one-shot attacks.

one-shot weapons to some extent. So that brings me on to perhaps the other really important thing is deterrence, that we can't absolutely prevent China doing this sort of stuff to us.

What we can say is if you do this to us, we can do it to you. And so there's a huge and very secret part of this world, which is the sort of offensive cyber operations, which is making sure that the other side knows that we have our capabilities as well. And that is a huge priority for our service and for the American and other counterparts. Edward, presumably if the Chinese have the capability to close off power grids, they also have the capability to restore power, right?

You mentioned Taiwan earlier, and in your piece as well, it does appear to be the perfect storm for blackmail, doesn't it?

Yes, I mean, a lot of this is about exercising pressure. You don't actually want to bring, you know, reduce your target country to the Stone Age, probably because it may be quite an important business partner for you. And, you know, for the Chinese, it would be a disaster if America went back to the level of the 1820s with horse transport and no electrics of any kind. That would be a disaster for the Chinese economy too. So we're all sort of tied in together. So it's more about...

exercising pressure and making the other side think we can't win this one so we better talk and in the case of

United States, they want to make sure that America doesn't attack China and they want to make sure that America doesn't go to war to defend Taiwan. In our case, in Britain, the main target is to make sure we don't do anything that China doesn't like or do anything that China doesn't know about in terms of spying on China, competing with China, allowing anti-Chinese Communist Party activists, whether it's Tibetans or

Taiwanese or religious activists or whatever to operate in Britain. So there's lots of, you know, there's a big agenda for China, even though we're not in any danger of getting into a shooting war. And one almost passing comment you made about how we're ever closer to a cashless society really struck me. If none of us have cash and the power goes down, we can't use our cards. So doesn't society just collapse?

And it's not just card only. It's electronic card only. I'm old enough to remember the days when credit cards were embossed and you put it in a machine and they take an imprint of the credit card and you'd sign it. And I would be happy if we still had that as a backup. It's well worth asking the question, where's the redundancy? Where's the backup in the payment system? It's very good to have lots of different

sorts of grit. We need to, I think, be willing to accept a bit more cost and a bit more inconvenience as consumers to make sure that when things do go wrong that it's only a temporary blip. We'll never be able to stop things going wrong completely, but we need to make sure we avoid catastrophic risk and demand every

everybody you do business with, do you have a plan? Do you have a contingency plan for disasters? Do you test it? Do you have exercises? Are the exercises tough exercises? Do you test to the point of failure and then learn from that failure so you don't fail next time?

OK, Edward Lucas, Times security columnist, thank you. Well, Taiwan was mentioned there and under Donald Trump, the US does have a policy to protect the province. We looked at the ramping up in the region last month. Scroll back to April the 7th for that episode. For now, thank you for taking 10 minutes to stay on top of the world with the help of the Times. See you tomorrow.

If you work as a manufacturing facilities engineer, installing a new piece of equipment can be as complex as the machinery itself. From prep work to alignment and testing, it's your team's job to put it all together. That's why it's good to have Grainger on your side. With industrial-grade products and next-day delivery, Grainger helps ensure you have everything you need close at hand through every step of the installation. Call 1-800-GRAINGER, clickgrainger.com, or just stop by. Grainger, for the ones who get it done.

Welcome to It Takes Energy, presented by Energy Transfer, where we talk all things oil and natural gas. Oil and gas drive our economy, ensure our country's security, and open pathways to brighter futures.

Did you know that the majority of progress the U.S. has made in reducing emissions over the past decade has come from the oil and gas industry? With more electrical power generation now coming from natural gas versus coal, the air we breathe today is cleaner than it has been since the 90s, according to a report from the EPA.

Clean burning natural gas is also a reliable source of power for more than just our electrical grids. It is also used to power data centers, hospitals, schools, and so much more. Look around and you'll see the essential role oil and gas plays in our lives. Our world needs oil and gas, and people rely on us to deliver it. To learn more, visit energytransfer.com.