If you are an enterprise technologist you are probably pretty busy, right? And you are almost certainly numbed by the constant stories of cyber espionage, especially reports of data theft coming out of China. If you have been numbed with all the reporting please shake it off and dive into this current story. Something very important is happening. And it requires the reasoned context of a reputable analyst/thinker. With this post I want to highlight one of the most reputable, professional, powerful thinkers in the cybersecurity domain, Jason Healey.
Jason is the director of the Cyber Statecraft Initiative at the Atlantic Council. He is a founding member of the Cyber Conflict Studies Association and an alumni of the Department of Defense’s first truly joint command organization aimed at defending DoD computers and networks, the Joint Task Force for Computer Network Defense. Jason has spent time working cyber security issues at the White House and in the finance industry. He is also a frequent speaker at event like the FedCyber conference.
When Jay speaks we should listen, and when he writes we should read. So I was excited to see his latest piece which offers important advice on what the US should do about Chinese Cyber Espionage.
We have all known about Chinese Cyber Espionage for a long long time. But the topic has been brought to an even higher focus because of Mandiant’s reporting which proves beyond any shadow of a doubt that the Chinese military, through its unit 61398, is stealing terabytes of information from companies and governments. They are stealing information of value to us and to our economy and in doing so are hurting our economy. We have always known that, but now the proof is there for everyone to see. Here is a summary of this report as articulated by Jason in a recent USNews report:
- Nearly 90 percent of APT1’s operations targeted English-speaking countries, primarily the United States.
- APT1 targets organizations in IT, aerospace, government, satellites and telecommunications, scientific research and consulting, energy, transportation, and other sectors.
- They steal a wide range of information but especially product development and use, manufacturing procedures, and business plans.
- The size and structure of APT1’s operations accordingly implies not a stereotypical hacker group, but a large bureaucracy with dozens, if not hundreds of operators and support staff: fluent English linguists, developers of many variants of malicious software, and more.
- Mandiant observed APT1 connect to their espionage network nearly 2,000 times and over 97 percent of those connections traced directly back to Shanghai and used systems using simplified Chinese.
- Unit 61398 is a known cyberespionage unit, operating in Shanghai against English-speaking targets.
- Accordingly, Mandiant concludes APT1 is Unit 61398, though concedes the other possibility: somehow “[a] secret organization full of mainland Chinese speakers … is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.”
Jason goes on to provide more context in his article, titled “How the U.S. Should Respond to Chinese Cyberespionage” including a succinct list of actions I believe strongly the US should take. These are, according to Jason:
- The National Security Council should draft comments for the president to speak against Chinese espionage, as a follow up to his State of the Union speech and recently issued executive order.
- The intelligence community should follow Mandiant’s lead and release its own public reports on Chinese espionage. This should start with an unclassified version of the latest cyber National Intelligence Report followed by details on specific threat actors, especially declassified corroboration on Unit 61398.
- The United State Trade Representative should coordinate unilateral sanctions against companies associated with the People’s Liberation Army, especially those most associated with the General Staff Department. The U.S. Trade Representative should also start building a case with the World Trade Organization, since information of commercial value has been stolen, an approach long favored by Dmitri Alperovitch, senior fellow of the Atlantic Council.
- The Department of State should:
- Formally demarche the Chinese government for more information on Unit 61398 and demand it cease all activity against the United States or face escalating sanctions.
- Place visa restrictions on anyone associated with Unit 61398, based on information from the intelligence community.
- Coordinate action with other targets of Unit 61398, especially the United Kingdom and Canada, who should implement their own visa and trade sanctions.
- Convene an unclassified conference of like-minded nations to discuss policy carrots and sticks to stop this espionage. The conference should include the traditional “five-eyes” allies of the United Kingdom, Canada, Australia, and New Zealand, as well as others targeted by Chinese espionage like Japan, France, and Germany.
Please read Jason’s full report at How the U.S. Should Respond to Chinese Cyberespionage and then do what you can to ensure our government does not just sit by and let this keep happening, which they no doubt will do unless public opinion compels them to take this seriously.
And for more from Jason Healey, find him on Twitter at: @Jason_Healey
- Claude Shannon: Assume the enemy knows the system
- Your Reference To OODA Special Reports
- The Next Big Move In Trade: Restricting more tech exports to China and barring some investments
- An OODAcast Conversation with Dr. David Bray of the Atlantic Council Geotech Center (Part One) - April 3, 2020
- OODAcast– A Conversation with Dan Gerstein - April 1, 2020
- Update on The End Coronavirus Project and Need for Volunteers - March 28, 2020