Bloomberg Audio Studios, podcasts, radio news.
Seventeen hundred miles off the coast of Taiwan in the middle of the Pacific Ocean, Melvin Quek is hard at work at the Guam Power Authority or GPA.
My role is a Chief Information Technology officer for Guampaw Authority.
A few months ago, he showed Bloomberg reporter Katrina Manson around.
So where are we now?
We're going to process some control center.
GPA is the only power utility on the small tropical island. In addition to the roughly six hundred thousand tourists who flock there for its white sand beaches each year, GWAM is home to about one hundred seventy thousand people, and over twenty one thousand of them are US service members and their families. Nearly a third of the island is taken up by Air Force, Marines, naval and other military bases. Everyone on the island depends on GPA paws, including the military.
They're one of our top customers. We supply constant and reliable powers in him.
Six years into the job, Melvin was pretty happy with his work. He'd made progress on connecting GPA's customers to a remote digital grid. But in twenty twenty two, US federal agents ky knocking. It seemed they wanted to check GPA's network for signs of foul play. The US government is increasingly concerned about hackers getting access to civilian critical systems that the US military relies on, particularly hackers from China.
In recent weeks, US officials say Chinese hackers infiltrated Treasury Department computers, and a state sponsored Chinese hacking campaign breached nine telecommunications firms. Some officials have been raising the alarm for the past year or so that hackers may have already breached systems in Guam, and you're preparing for an attack not just on its data, but on its critical infrastructure. The island, which is a US territory, is three times
clear to Shanghai than it is to Los Angeles. So for Melvin and his four person cybersecurity team, keeping the lights on is a matter of national security.
Of China's access to this, then that would be a really bad situation because then they could disrupt communications.
And do you have the sense that you all a target for China?
Oh, I'm sure we are. We see on our network every day, multiple ips trying to come in, trying to get into our network.
Do you feel like if you've got it on the control bigs?
I hope. So this is the big take DC from Bloomberg News. I'm David Gura today on the show Inside the cybersecurity threats that are impacting Guam and what's at stake for the rest of the country if the US government's worst fears about the island's vulnerabilities come true. To understand Guam's significance to the US right now, it's important to understand how it's related to the ongoing conflict between
China and Taiwan. For decades, China has claimed Taiwan as part of its territory and denied the island's self governing status. China's president Chi Chimping has said he wants his military to be capable of taking Taiwan by twenty twenty seven, without saying that he intends to do so by then.
According to Bloomberg Katrina Manson, if China tried to invade Taiwan, Guam could be a kind of staging post for the US to push back if it decided to, Katrina says one Washington think tank has gained out what could happen.
In twenty four out of the twenty four scenarios they modeled. China sents a missile direct to Guam, and in fact these missiles are nicknamed the Guam Keller. North Korea has them, China has them. The point is they can reach Guam, so Guam is a target, and of course for the island, that's very fraud.
Gwam holds a lot of strategic importance to the US. It's the country's westernmost point. The US is building a new marine base there and planning a network of missile des systems. The island is often considered by military strategists as a critical piece of US influence in Asia, and the people who live there often feel that geopolitical pressure.
There are people that are concerned about increased militarization here.
That's Guam's governor, Lord is Afflequis Leon Guerrero.
Gwam geographically is in a line of commerce and trade in the waters, and superpowers are fighting for that control.
But beyond Guam's geographically vulnerable position, Governor Guerrero told Katrina there is another concern at the top of her mind.
My biggest priority is cybersecurity.
And she isn't alone. A missile strike is a concern.
But Rare Admiral Huffman, who's the top military commander on the island, told me, and we think cyber attacks are more likely. This is a more effective way to undermine the US military's ability to move about to stage any kind of defense turn posture. When it comes to Taiwan.
Cyber threats on the island aren't just theoretical. There's one campaign that has experts particularly concerned. Researchers have dubbed it volt Typhoon. Katrina says. Cybersecurity experts first noticed it in twenty twenty one when Microsoft researchers were investigating a cyber attack on a port in Texas.
And several months later, in January twenty twenty two, they started seeing similarities at a telecommunications company on Guam, and then they kept pulling on the thread, and in summer that year there was another telco that seemed to have been affected by the same thing. And then some other security researchers saw that this same kind of pattern was occurring on the Guam government's network and also another ISP.
So there was a particular concentration on telecommunications companies on Guam, and that started to get people.
Thinking thinking about why hackers might want to infiltrate QUAM systems and what they could do if they decided to exploit that access. Vult Typhoon is not focused on stealing data like a typical hacker you might imagine. Instead, its hackers are targeting operational technology systems think water systems, satellites, and rail lines. They're gaining access to these systems that control critical infrastructure and they're just waiting, but for what.
Eventually the government came to the conclusion that these hackers were there waiting for the moment that it might be useful to disrupt services. So you can disrupt a network and take things data from a network that's usually used for spying. Or you can try and move over to what's called the operational technology system and actually stop something from moving. Stop the sewage from working in the right way, poison the water, interrupt electricity supply, stop phones from working.
These are the absolute daily pieces of critical infrastructure that daily life relies on, and also so do military bases, because maybe you can't go up against a military in war, but maybe you can undermine every single thing about how they work.
And in a moment of crisis, like a potential invasion of Taiwan, those systems going down could compromise the US ability to react.
And I think, as we've seen with the invasion of Ukraine, whether you are able to achieve your target or not may or may not come down to how quickly you can mobilize your forces. And so the idea that in the American mind, China might be able to impede a US military response simply by undermining its own ability to move a military because you can't call your forces, you can't get the planes going, you can't refuel them. Any of those things will be potentially very significant.
The US has concluded that China was to blame for the hacking campaign, but it hasn't shared much information publicly about how it came to that conclusion. They've laid the blame at China. What has China said in reply?
China has four years denied doing any kind of hacking campaigns of this sort. China has that actually this is ransomware actors, this is not US, and absolutely denied it. And in fact, I said, the US is making these claims just to try and convince Congress to send funding their way.
With the threat of a large scale vault Typhoon attack on GWAM looming, what are lawmakers in the US doing to prevent the worst? That is after the break. US officials are worried that GWAM could face a crippling cyber attack that would put everything from its infrastructure to military capability in danger. They've been sounding the alarm about an ongoing hacking campaign dubbed vault Typhoon. Bloomberg reporting found that the US has already discovered more than one hundred intrusions
across the country connected to the wide ranging campaign. Some cybersecurity experts say these hackers are slowly making their way into GUAM systems, waiting for the right moment to attack.
The US has been very front forward about brief and Congress about telling the security community, please go look for this and we need your help to see where it may be because it won't interrupt your systems until it's too late. So almost a year after vault Typhoon was announced to the world, a series of intelligence chiefs briefed Congress in January twenty twenty four, saying this could be an everything everywhere, all at once scenario.
Here's Jenn Easterly, director of the Cybersecurity and Infrastructure Security Agency, testifying in front of Congress.
This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes, all to ensure that they can incite societal panic and chaos and to deter our ability to marshal military might and civilian will.
It really is the stuff of movies, the idea that not just at electricity, but also hospitals, also telecommunications, every single element that our lives rely on could go wrong. And their point is, please check your systems, Please work with us, Please let us check your systems. We really need to find this, and it's very difficult to find.
The way Guam's networks are set up makes it particularly difficult. They're run by a patchwork of privately owned companies. Some of these companies, like Guampower Authority, have been cooperating with the federal government. Bud Katrina says companies are not always eager to invite the FBI to snoop around their systems, especially when the government isn't forthcoming with information about these threats because of security and legal concerns.
US intelligence officials make the point, we are not able to get onto domestic networks. We cannot find where the enemy the adversary. Maybe we need private companies to do that. They own the domestic networks, and so there's a real appeal to private companies, which are often small, underresourced, or not thinking in terms of national security. What on earth should we do and why should we do it? And even the governor complained to me. I asked for a briefing.
I asked Microsoft, I asked the government. I asked the telecommunications companies what has happened? And she said they shrugged it off. They said, something happened, but everything's fine now.
They were very mum about it. Really, there was never any briefing. It was yes, it happened, but we've addressed it.
And so even for the people whose job it is to come up with these plans, they often don't have the full picture. And that kind of coordination I think has proved really tricky.
With Donald Trump's return to the White House US China relations and the government's approach to cybersecurity could be set to change. I asked Katrina what that might mean for Guam and the threat of volt typhoon.
I think it'll be really interesting to see how the Trump administration handles the entire question of Taiwan. This is an administration that has set it really believes into terrence. It wants to make a big point with the US military.
It doesn't want wars. But clearly President elect Trump has said he wants the US military to be the most lethal in the world, and he's very focused on China, obviously, So I think the idea that these kind of cyber threats will continue is clear, and wrangling this relationship between the private sector and the government interest will continue to
be difficult. And of course, the Trump administration also doesn't really like regulation, so the idea that you'll be able to compel companies to participate also seems quite remote to me. I would imagine it remains rather difficult for national security people to get what they want in Guam.
Thank you very much, thanks for having me. This is the Big Take DC from Bloomberg News. I'm David Gerra. This episode was produced by Julia Press. It was edited by Aaron Edwards, Josh to A Brustein, Andrew Martin, and Nick Wadhams. It was mixed and sound designed by Alex Sagura, fact checked by Andreana Tapia. Our senior producer is Naomi Shaven. Our senior editor is Elizabeth Ponso. Our executive producer is Nicole beemster Boor. Sage Bauman is Bloomberg's head of podcasts.
If you liked this episode, make sure to subscribe and review The Big Take DC wherever you listen to podcasts. It helps people find the show. Thanks for listening. We'll be back tomorrow