CYBERSECURITY: FOREIGN ECONOMIC ESPIONAGE
Tampa, FL – February 06 – Protecting what matters: the current threat China poses on Intellectual Property (IP) and its impact on technology developers and automakers.
Our interconnected world provides new opportunities for collaboration and reaching customers. However, it also provides access for external attackers, bent on stealing IP. Many nation-states, and especially China, have figured out that it is much easier and more cost-effective to steal IP via cyber-theft than to conduct your R&D. In the past year, especially, perhaps due to escalating trade tensions between China and the US, we have seen information gathering attempts by Chinese nationals increase exponentially.
Should technology developers and automakers be concerned about potential threats to their intellectual property by cyber espionage? How can the safety of this technology be ensured? Let’s look at some of the players involved according to the National Counterintelligence and Security Center (NCSC) below:
As of December 04, 2018, China has ensured that there will be punishments for any of its companies that commit intellectual property theft. According to Bloomberg News, “China says violators would be banned from issuing bonds or other financing tools and participating in government procurement. They would also be restricted from accessing government financial support, foreign trade, registering companies, auctioning land, or trading properties.”
However, this recurring issue should have stopped when China became a part of the World Trade Organization in 2001. Almost two decades later, China has not stood by many of the promises it made; one of which was the significant reduction of IP theft. According to a 2017 report by the US Commission on the Theft of American Intellectual Property, it’s estimated “that the annual cost to the US economy continues to exceed $225 billion in counterfeit goods, pirated software, and theft of trade secrets and could be as high as $600 billion.” What’s more, the Commission has named China the world’s principal IP infringer.
Earlier this year, the US oversaw a significant case against the Chinese company Sinovel and their conviction of stealing copyrighted information, technology, and trade secrets from AMSC, an American company dealing in the manufacturing of wind turbines. Likewise, a previous employee of Apple, Xiaolang Zhang, was caught trying to flee to China in July with Apple’s prototypes for self-driving vehicles after resigning to work for the Chinese startup XMotors. Innovation is the very core of a company. It gets entirely undermined when theft comes into play, and it often gets taken for granted by companies.
In 2015 the US and China agreed to a truce to stop hostile cyber espionage, and while attacks declined, they also began to take on a different shape as Chinese hackers got craftier. An article from Wired in October of 2018 notes that, “cybersecurity researchers suspect China’s intrusions of American companies continues—including one recent, brazen breach that used a backdoor in the popular CCleaner security to target US companies including Google, Microsoft, Intel and VMware, and left behind a few tell-tale indicators of Chinese involvement. And other researchers say they’ve seen signs of earlier Chinese intrusions designed to siphon exactly the sort of corporate intel the US-China cybersecurity agreement was meant to protect.” The attacks have been changing form to ensure the utmost stealth with the only giveaways being minutes in comparison to older cyber-attacks. In the CCleaner breach, the hacker’s server time was set to the Chinese time zone, and aspects of the code were associated with a hacking group believed to be Chinese.
To make matters worse, in October of 2018, The Washington Post ran an article stating that “Yanjun Xu, a senior officer with China’s Ministry of State Security (MSS), is accused of seeking to steal trade secrets from leading aviation firms, top Justice Department officials said.” China’s Ministry of State Security, which the Washington Post described in that same article as “a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security” and has long been blamed for assisting in stealing IP and trade secrets from companies.
According to a 2017 report by The United States Trade Representative, China manages to steal information from other businesses using “export quotas and export duties maintained by China on various forms of 11 raw materials.” With China dominating in the production of raw materials, “…it appears that China is able to provide substantial economic advantages to a wide range of downstream producers in China at the expense of foreign downstream producers while creating pressure on foreign downstream producers to move their operations, technologies, and jobs to China.”
Tungsten and molybdenum are vital components for automotive manufacturing. While the World Trade Organization lifted export restraints on these materials in 2015, they’re still challenging China to remove restraints of other raw materials crucial to many manufacturers. These materials include antimony, chromium, cobalt, copper, graphite, indium, lead, magnesia, talc, tantalum, and tin.
By forcing companies to place their manufacturing centers on Chinese soil, IP can be stolen by fraudulent employees bought out by competing Chinese companies.
However, the most common way China engages in IP theft, according to the same report by The United States Trade Representative, is through “conducting or supporting unauthorized intrusions into commercial computer networks or cyber-enabled theft for commercial gains.” Phishing, whaling, and vishing (eliciting information via phone), all of which are done digitally by phone or computer, are becoming further threats to businesses.
In this digital age, it’s easy for fraudulent individuals to get away with such serious crimes as the demand for further innovation becomes increasingly more competitive.
Even with China’s insistence that IP theft will have greater punishments moving into the new year, does this guarantee the safety of the IP of companies at the forefront of technology?
Abacode Cybersecurity is fundamentally different than most Cybersecurity providers.
We address company risk from a business strategy first, and cyber-technologies second. This methodology ensures our clients’ technical (and non-technical) leadership are able to make strategic decisions that positively impact the entire organization.