The most dangerous cyberattack America may ever face has probably already begun. Not with a bang, not with ransomware demands or data breaches splashed across headlines — but with silence. Patient, deliberate, years-long silence.
That is the operating doctrine of Volt Typhoon, a Chinese state-sponsored hacking group that U.S. intelligence agencies have assessed is not trying to steal data. It is trying to position itself to cause catastrophic disruption to American critical infrastructure at the moment of Beijing's choosing — most likely during a military confrontation over Taiwan.
Living Off the Land
Volt Typhoon's defining characteristic is what security researchers call "living off the land" — a technique where attackers avoid deploying custom malware and instead use the legitimate tools already present in a target's environment. Windows built-in utilities. Standard network diagnostic commands. Credentials harvested from inside the network itself.
The advantage is near-invisibility. Traditional cybersecurity defenses look for malicious software signatures, unusual programs, foreign code. When an attacker uses the same tools a system administrator would use on a Tuesday afternoon, those defenses generate no alerts. The attacker blends into the noise of normal operations.
Volt Typhoon has been observed inside U.S. networks for at least five years. The FBI, NSA, and CISA issued a joint advisory in 2023 confirming the group had successfully infiltrated communications infrastructure, energy systems, water utilities, and transportation networks across the continental United States and its territories — including Guam, which would be a critical logistics hub in any Pacific military conflict.
They were not stealing anything. They were mapping. Waiting. Building access they could activate later.
The Target Set
What Volt Typhoon is targeting tells you everything about its strategic intent. This is not a criminal enterprise seeking financial gain or an intelligence operation harvesting diplomatic cables. The target set reads like a list of systems you would want to disable before launching a military operation against an adversary.
Power grids. Water treatment facilities. Telecommunications networks. Ports and rail infrastructure. Emergency services communication systems.
These groups are known for infiltrating high-value targets and laying dormant for months or even years before activating. Once inside, attackers move laterally across networks, jumping from traditional IT systems into operational technology — the actual physical systems that run pumps, turbines, switches, and valves.
That crossover is the critical threshold. A compromised IT network means stolen data. A compromised OT network means a city without water, a region without power, a port that cannot function.
The Taiwan Timeline
The strategic logic becomes clear when you map it against Beijing's stated objectives. Chinese leadership has made reunification with Taiwan a central national priority. Senior U.S. military officials have assessed the window of greatest risk as the late 2020s, when the PLA's military modernization program is expected to reach peak capability.
Volt Typhoon is not preparing for a cyberwar fought in isolation. It is preparing a supporting campaign for a potential kinetic conflict — one designed to complicate America's ability to mobilize, respond, and sustain operations in the Pacific. If the United States moves to defend Taiwan, and American cities simultaneously experience power outages, communications blackouts, and disruptions to port operations, the calculus for intervention changes.
The Structural Problem
America's critical infrastructure presents a structural problem that no single policy or technology solution fully addresses. The vast majority of it is privately owned. Power companies, water utilities, telecommunications providers, and port operators are private entities operating under a patchwork of sector-specific regulations with inconsistent security requirements.
Incentive structures in the private sector do not naturally produce the level of security investment required to defend against nation-state adversaries. The cost of hardening operational technology is significant. The cost of a successful attack — measured in public safety, economic disruption, and strategic consequence — is incalculable.
The gap between those two calculations is where Volt Typhoon lives.
What to Watch
Any significant deterioration in U.S.-China relations over Taiwan should be read as a potential trigger condition. Unexplained outages or anomalies in critical infrastructure warrant scrutiny. Congressional movement on mandatory OT security standards is a lagging but meaningful indicator.
The deeper issue is one of strategic patience. Volt Typhoon has it. American policymakers and private sector operators, operating on quarterly earnings cycles and two-year congressional terms, structurally struggle to match it.
The access is there. The intent has been assessed. The timeline is driven by geopolitical developments outside anyone's full control.
The question is whether the United States will find and remove these footholds before Beijing decides it is time to use them — or whether the first sign that something is wrong will be the lights going out.