On March 21, 2018 the New York Times reported that the White House was going to take aggressive action against China for illegal trade practices as well as intellectual property theft. The administration is right to do so.
Drive thru middle America and you’ll see closed factories whose products are now manufactured in China. For the past few decades China has implemented an aggressive policy of stealing manufacturing technology and then providing zero interest loans to Chinese companies to re-create American products. The transfer of wealth to China from the United States directly due to stolen products is in the order of $Trillions. More recently Chinese companies have moved into Silicon Valley to steal technology from leading edge start-ups before they even go to market.
The Chinese government utilizes three techniques to identify and steal technology in Silicon Valley. First, Silicon Valley is famous for meet ups to discuss new technologies. Every night there’s one or more events, often at a bar or coffee shop, to discuss new ideas such as machine learning or cybersecurity. Chinese operatives are regularly seen at all these events listening to ideas as well as identifying the people behind them. Second, once “smart” people have been identified, Chinese operatives utilize email password phishing attacks to access all of their correspondence. Third, if the company is viewed as valuable, Chinese operatives will launch a direct attack on server infrastructure to take source code, product designs and marketing information including customer lists.
Irrespective of how the next few months play out with China, here are some countermeasures you should implement now to protect your intellectual property:
Multi-factor Authentication: Email phishing attacks is the most common technique used by Chinese intelligence because it works. Thus you should implement some form of multi-factor authentication to make sure email isn’t stolen.
Server Isolation: After email, direct attacks on server infrastructure is the most common technique. Subsequently all Internet-facing servers should be locked down as well as connectivity between frontend and backend servers.
Certificate-based Mutual TLS VPN: Hacking WiFi hot spots is a popular technique. Given that R&D personnel love to go to coffee shops and check email or do some coding this is a big attack vector. Thus implement a certificate-based mutual TLS VPN to ensure the connections to corporate assets cannot be hijacked.
Application Layer Access: Only allow application layer access to authorized personnel and their devices. This way if attackers are able to steal an employees credentials or install malware on their devices the ability to install code on servers or laterally move within the data center is limited.
Do not let your company’s intellectual property be used against America.