American critical infrastructures are vulnerable to Chinese sabotage and the federal government is taking steps to mitigate the threats, according to the lead U.S. cybersecurity agency.

The Cybersecurity and Infrastructure Security Agency on Tuesday launched a new program called “CI Fortify,” a program to help civilian utilities and other infrastructure stakeholders “prepare to operate through a crisis or conflict, continuing vital service delivery even as their systems are under attack.”

“In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering — at a minimum — crucial services,” CISA Acting Director Nick Anderson said in a statement.

“They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise,” he said.

The CI Fortify program will seek to strengthen security against adversaries, notably the Chinese state-run cyber intrusions that have been detected inside some of 16 critical U.S. infrastructures, including electric grids and financial computer networks.

Most critical infrastructure computer networks are not government-owned, making securing them more difficult from sophisticated cyber penetrations.

The new CI Fortify web page states that Chinese hackers have successfully pre-positioned malware and access points across critical infrastructure that can be used to “disrupt and destroy the operational technology (OT) running the United States.”

The page contains a link to a security advisory from CISA, the FBI and National Security Agency identifying Chinese government hackers as working to pre-position themselves in information technology networks for disruptive or destructive cyberattacks on critical infrastructures in a crisis or conflict with the United States.

The advisory said Chinese hackers were detected inside infrastructure networks mainly related to the communications, energy, transportation and water and wastewater sectors in the continental U.S. and on Guam.

China’s Volt Typhoon, a state-sponsored hacking group, seeks to disrupt functions and operations, the advisory said.

U.S.-China relations remain unsettled over Beijing’s decades-long cyberattacks that have penetrated both government and private systems for theft of data — useful for Beijing’s artificial intelligence development — and prepositioning prior to a conflict.

The attacks have continued with little or no response from Congress or from multiple U.S. presidential administrations.

China also is opposing new U.S. arms sales to Taiwan — a major flashpoint in relations with the potential to erupt into a military confrontation over Beijing’s threats to annex the island by force.

Relations also are soured over U.S. tariffs on Chinese goods and China’s loss of energy resources from Venezuela and Iran, which have impacted the flagging Chinese economy.

Despite the ongoing tensions, President Trump is set to visit Beijing next week for talks with Chinese President Xi Jinping. 

Since last year, Mr. Trump has downplayed differences with China and repeatedly said that ties with Beijing are strong and that his relationship with Mr. Jinping borders on friendship.

The new CI Fortify initiative is a response in part to ongoing Chinese pre-positioning hacking activity known by the code name Volt Typhoon.

Volt Typhoon hackers have been detected operating inside U.S. and other foreign networks since mid-2021. The group has been linked by U.S. intelligence agencies to the People’s Liberation Army Cyberspace Force.

The goal of Volt Typhoon operations is said to be focused on developing pre-war capabilities that could disrupt or slow U.S. military mobilizations in the event of a Chinese invasion of Taiwan.

U.S. military and intelligence leaders have said China is preparing to take over Taiwan in the coming years and have warned that a military assault could take place as early as next year, based on Mr. Xi’s directive to the PLA to be ready for war then.

The CISA CI Fortify program warns that hackers could use their access to telecommunications networks to “take out phone and internet services.”

Ownes of critical infrastructure are being urged to fortify cybersecurity on their networks that will allow for vital U.S. services during a geopolitical conflict.

“Investing in isolation and recovery capabilities today is essential to maintaining service delivery during a future crisis, when an adversary may disrupt communications and manipulate control systems,” the CISA website said.