America’s potential Achilles’ heel in a cyber battle with China: Guam

Maggie Miller
·5 min read

Chinese hackers have found a dangerous vulnerability in U.S. military computer networks nearly 8,000 miles from the Pentagon — on the serene South Pacific island of Guam.

They attacked essential infrastructure in the military outpost in May, infiltrating networks in the U.S. territory closest to China. Lawmakers and federal officials fear these attacks, which used a new method that allows intruders to linger undetected, could threaten security in the volatile region and sabotage any U.S. response to a Chinese invasion of Taiwan.

It’s a scenario that has gotten little attention in the media amid Chinese hacks into U.S. government agencies and threats against Taiwan, but one that is becoming increasingly worrying to those in Washington tracking Chinese preparations for conflict.

Chinese state-sponsored hackers “have been slowly testing their limits with Guam,” Del. James Moylan (R-Guam) said in an emailed statement. “These attacks … are clear signs that China wants to gain an edge over the U.S., starting with Guam.”

Residents on the island of 170,000 people, about 20,000 of whom are U.S. military, felt those effects viscerally in May when Guam was hit by two simultaneous gut punches: A Category 4 typhoon made landfall on the island the same day Microsoft warned that Chinese government hackers were infiltrating critical networks, including those used to communicate with the mainland.

The two incidents proved the fallibility of these systems, which are crucial both for those who live in Guam, and for ensuring the U.S. is able to swiftly deploy troops to Taiwan, should that be needed. It was a wake-up call for the island — and the broader U.S. military.

“The storm knocked out power, water, all of our utilities including internet, and it was a double whammy where not only do we have the physical effects of the storm, but we had the cyberattacks,” said Mark Scott, spokesperson for the Guam National Guard. “It was a real eye-opener for us.”

The Microsoft report made clear the serious cyberthreats facing Guam’s networks,detailing how Chinese state-sponsored hacking group Volt Typhoon targeted unnamed critical infrastructure organizations on the island, including those in communications, maritime and government sectors. The Cybersecurity and Infrastructure Security Agency, the FBI and security agencies in Australia, New Zealand, Canada and the United Kingdom issued a joint alert warning of the hacking campaign.

And the targeting has only continued since May. This month, Microsoft detailed how three Chinese government-affiliated hacking groups are working to target the U.S. defense industrial base in Guam, in particular the satellite communications and telecommunications groups housed on the island.

“We see that as very troubling,” Mieke Eoyang, deputy assistant secretary of Defense for cyber policy, told reporters last week. “The living off the land techniques, and what that suggests about where China is prepositioning, suggests a theory of disrupting military mobilization, but also of sowing chaos in the United States.”

Security researchers worry that the attacks on Guam reflect a new tactic by Beijing: break into systems and then hibernate, giving China an opening for cyberattacks on critical systems when conflict with the U.S. erupts.

“It was a fundamental change or shift to their tactics, techniques, procedures,” said Jon Condra, head of the Strategic Persistent Threats team at Massachusetts-based cyber intelligence group Recorded Future. “It makes a lot of sense to go after Guam's networks and try to sever communication lines,” he said, because then it will be harder for the U.S. to deploy troops to respond to incidents in East Asia.

The ballooning threat to Guam has drawn federal officials and lawmakers to the island. A bipartisan group of House members, including the leaders of the House Armed Services Committee, visited Guam this summer as part of an Indo-Pacific trip focused on deterring Chinese aggression. And this month, House Natural Resources Chair Bruce Westerman (R-Ark.) traveled to the island, saying in a statement during the trip that the China-linked hack “shows that Guam is on the frontlines of the fight against this threat.”

The Guam National Guard convened a cybersecurity conferencein the wake of the attacks, which included a range of officials, from U.S. Cyber Command to the FBI. The island will host a follow-up conference sometime this year, said Scott, and include officials from neighboring areas, such as the Northern Mariana Islands and the Philippines.

The concern over China’s potential cyber inroads in Guam has spurred officials to act. Esther Aguigui, Guam’s homeland security adviser, said the government is “near completion” on creating a cybersecurity strategy focused on creating an “all of Guam” approach to managing cyber risks from nation states and cybercriminals alike. The government is working to bolster local cyber resources and training, and to better shore up infrastructure against natural threats like typhoons.

Guam is aware of “the strategic importance of our location in the Western Pacific,” she said.

But even with the heightened focus on cybersecurity, the island’s infrastructure remains vulnerable to attacks. Experts consider China one of the most advanced nations in cyberspace, and just this year state-sponsored hackers accessed email accounts at the Commerce and State departments. Officials also have raised concerns that the Chinese government can disrupt operations at U.S. ports and other military transport systems.

The attacks caught the attention of the Biden administration, too. The Department of the Interior has awarded $500,000 to Guam’s Office of Technology to create a cyber resiliency program, on top of more than $150,000 given to Guam in 2021 for cybersecurity efforts.

The federal government is still coming to terms with what the recent Chinese activity directed at Guam and other U.S. territories means, particularly these new kinds of attacks.

“I am very concerned, and we are addressing, the issues that we made public in May of this past spring about China living off the land,” Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency, said at the Center for Strategic and International Studies earlier this month.

Officials in Guam welcome the help.

“When it comes to not just cyber, but our critical infrastructure as a whole, it's important to realize that we are isolated,” Scott said. “We have proximity to the pacing threats, and we don't have a lot of the resources on our own to self-sustain.”