WASHINGTON — Successful Chinese cyberattacks on critical infrastructure in Guam or other Indo-Pacific footholds could cripple U.S. military capabilities in the region, the leader of the National Security Agency and U.S. Cyber Command said.

Guam is a key outpost for U.S. forces in the increasingly competitive area, where Washington thinks a fight with Beijing could erupt. The island serves as a logistics and munitions hub, as well as an intelligence, surveillance and reconnaissance node.

An assault on the networks and information technology that support Guam’s distribution of electricity, water, food and emergency response could “have a very significant impact” on the options available to military commanders at the time, said Gen. Paul Nakasone.

“Communications, an ability to leverage our most lethal weapon systems — these are all areas that we would rely on,” he said during a Jan. 31 hearing held by the House Select Committee on the Chinese Communist Party. “We have to operate every day, we have to have vigilance, we have to have offensive and defensive capabilities.”

The Five Eyes intelligence-sharing alliance — made up of Australia, Canada, New Zealand, the U.K. and the U.S. — in May warned a Chinese espionage group slipped past digital defenses in Guam and other locations. Microsoft detected the intrusion and attributed it to a group known as Volt Typhoon.

U.S. officials have long considered China a serious cyber hazard, with the International Institute for Strategic Studies think tank placing it in the second tier of its cyber powerhouse rankings alongside Russia. The Pentagon’s 2023 cyber strategy warned Beijing is prepared to unleash cyberattacks on critical infrastructure and defense networks, should war break out.

U.S. Cyber Command boss Gen. Paul Nakasone speaks at the AFCEA TechNet Cyber conference in Baltimore, Maryland, on May 2, 2023.

Such tactics are meant to foment confusion, divert precious resources and hamstring military mobilization.

Nakasone on Wednesday said when hackers are found lurking around critical infrastructure, the “first thing that we need to do is make sure that we get them out.” As head of CYBERCOM and the NSA, the general is in close contact with the Cybersecurity and Infrastructure Security Agency, which falls under the purview of the Department of Homeland Security, among other players.

“We need to have a vigilance that continues onward,” Nakasone said. “This is not an episodic threat that we’re going to face. This is persistent.”

Rep. Mike Gallagher, the committee chairman, told reporters before the hearing he had seen reports that China is shifting some of its attention away from traditional economic espionage and toward targeting critical infrastructure.

That move signals an eagerness to sabotage, according to the Wisconsin Republican, as there is “no economic value in pre-positioning on oil and gas pipelines or water utility companies — there’s no intellectual property to steal.”

Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

More In Cyber