Click Here Podcast Summary Episode: "A Typhoon hits Massachusetts" | Released: April 29, 2025

Introduction to Littleton and Nick Lawler

The episode opens with a picturesque portrayal of Littleton, Massachusetts—a quaint town of approximately 10,000 residents characterized by its rural charm and tight-knit community. Host Dena Temple-Raston introduces listeners to Nick Lawler, the dedicated manager of Littleton's municipal utility, which provides essential services such as light, water, and power.

Nick Lawler [00:55]: "I always love the public power model. It's great to go to a place every day that you provide an essential service to the residents you serve and then to have their appreciation for that back."

Nick emphasizes the fulfillment derived from serving the community, highlighting the direct satisfaction that comes from such a public service role.

The Suspicious Call

On a typical Friday afternoon in the fall of 2023, Nick receives an unusual phone call while maintaining his lawn. The caller, claiming to represent the FBI, urgently instructs him to contact the FBI and provide his personal email address followed by clicking a link.

Nick Lawler [01:13]: "We need your personal email address. So if you can give us your personal email address, that'd be great. We then want you to click on a link."

Despite the alarming nature of the call, Nick remains composed. His extensive background in cybersecurity and familiarity with common scams prompt him to hang up and continue his day undisturbed.

Nick Lawler [02:50]: "That you know, this is ridiculous. I'm getting a scam right now, but."

Nick's skepticism is further reinforced by his proactive approach to cybersecurity within the municipal utility, which has been recognized at national conferences for its preparedness against cyber threats.

Verification and the Arrival of Agents

Unsure about the legitimacy of the initial call, Nick takes the prudent step of directly contacting the local FBI field office. The response he receives deepens the mystery and urgency of the situation.

Nick Lawler [03:19]: "What is going on here?"

Shortly after, on the morning before Thanksgiving, two individuals presenting themselves as Homeland Security and FBI agents arrive in Littleton. Their professional demeanor and provision of a pamphlet about Volt Typhoon, a notorious Chinese state-sponsored hacking group, signal the gravity of the situation.

Nick Lawler [07:02]: "They're the top priority in the federal government... Littleton, Massachusetts, population 10,001 substation a top priority."

Understanding Volt Typhoon

Volt Typhoon is revealed as a sophisticated cyber threat targeting critical infrastructure across the United States. Unlike typical cyberattacks, Volt Typhoon operates stealthily, avoiding obvious signs such as ransomware demands or overt messages. Instead, they infiltrate IT systems to position themselves within networks, laying the groundwork for potential future disruptions.

Nick Lawler [07:08]: "They put a pamphlet in front of me. It's got nation state, actor, Volt Typhoon."

John Burns from Dragos, a cybersecurity firm, explains that Volt Typhoon’s methods involve minimal footprints, making detection challenging. His team uses a comprehensive list of malicious IP addresses to identify and mitigate the threat within Littleton's systems.

Sue Gordon [08:25]: "I went in and started looking, and I very quickly was able to see that there was some really weird traffic going from a couple of their servers to some malicious IPs were geolocating to China."

The Breach and Its Implications

The breach in Littleton occurred through a commonly exploited vulnerability: a third-party IT vendor failed to apply a necessary firmware upgrade, allowing Volt Typhoon to gain access. Fortunately, the segregation between IT and Operational Technology (OT) systems in Littleton's infrastructure prevented the hackers from accessing critical physical control systems.

Nick Lawler [09:38]: "They never did gain access to any customer information or our OT systems."

In response, the municipal utility swiftly overhauled its cybersecurity measures, including changing IP addresses, restructuring networks, implementing multi-factor authentication, and upgrading firewalls. A subsequent stress test by the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the effectiveness of these defenses.

Nick Lawler [11:30]: "We changed IP addresses, we changed structure, we got multi Factor authentication across the board. Now new firewalls."

Broader Impact of Volt Typhoon

Volt Typhoon's infiltration is not an isolated incident confined to Littleton. The group has compromised approximately 200 other U.S. utilities, positioning themselves to potentially disrupt vital services nationwide during geopolitical crises or conflicts. This advanced and methodical approach to cyber warfare underscores the evolving nature of threats faced by critical infrastructure.

Dena Temple-Raston [14:24]: "Volt Typhoon was doing this quiet hack to pre position themselves on infrastructure networks across the country."

Experts like Sue Gordon from Dragos emphasize that small utilities serve as testing grounds for larger-scale attacks, allowing adversaries to refine their techniques before targeting more significant systems.

Sue Gordon [15:54]: "If I was an adversary and I was wanting to test my ability to make an attack on a bigger target, I think it's cheaper for an adversary to test their tools on a smaller target rather than put in place their own infrastructure to test their tools."

Challenges in Cybersecurity Awareness and Funding

Despite the severity of Volt Typhoon's activities, awareness within the utility sector remains limited. At a cybersecurity summit, only half of the attendees were familiar with Volt Typhoon, highlighting a significant gap in industry knowledge and preparedness.

Nick Lawler [20:01]: "And when I asked how many had heard of old Typhoon, only half the hands went up."

The episode also touches on the critical role of government funding and public-private partnerships in bolstering cybersecurity defenses. Sue Gordon expresses concern over potential cuts to cybersecurity grants, which are essential for maintaining and enhancing the security posture of utilities and other critical infrastructure.

John Burns [18:08]: "It's incredibly worrisome when that's the approach you take of a line item that you can't trace to some immediate benefit."

Nick Lawler's Reflection on Cyber Warfare

Reflecting on the incident, Nick acknowledges the pervasive nature of cyber threats and the reality of living in a state of constant vigilance.

Nick Lawler [20:26]: "The whole thing's mind blowing. ... this is cyber warfare."

He underscores the importance of transparency and communication within the industry to foster a collective defense against such sophisticated adversaries.

Nick Lawler [19:19]: "If we're not willing to talk about it as victims, then how do we expect our peers to ever hear of it?"

Conclusion

"A Typhoon hits Massachusetts" delves deep into the intricate and often invisible world of cyber warfare targeting critical infrastructure. Through Nick Lawler’s firsthand experience, the episode illustrates the vulnerabilities small-town utilities face from state-sponsored hackers like Volt Typhoon. It emphasizes the need for heightened awareness, robust cybersecurity measures, and sustained government support to protect the backbone of our digital and physical infrastructure.

Notable Quotes:

• Nick Lawler [00:55]: "I always love the public power model. It's great to go to a place every day that you provide an essential service to the residents you serve and then to have their appreciation for that back."

• Nick Lawler [02:50]: "That you know, this is ridiculous. I'm getting a scam right now, but."

• Nick Lawler [07:02]: "They put a pamphlet in front of me. It's got nation state, actor, Volt Typhoon."

• Sue Gordon [15:54]: "If I was an adversary and I was wanting to test my ability to make an attack on a bigger target, I think it's cheaper for an adversary to test their tools on a smaller target rather than put in place their own infrastructure to test their tools."

• Nick Lawler [20:26]: "The whole thing's mind blowing. ... this is cyber warfare."

This episode of Click Here masterfully weaves a narrative that not only highlights the specific challenges faced by Littleton's municipal utility but also sheds light on the broader implications of cyber threats to national infrastructure. It serves as a crucial reminder of the importance of cybersecurity vigilance in an increasingly interconnected world.