US and UK law enforcement issue unprecedented warning over Chinese spy efforts | Foley & Lardner LLP
On July 6, 2022, officials from the US Federal Bureau of Investigation (FBI) and UK law enforcement MI5 issued an unprecedented joint statement warning of espionage and other economic threats from China. Addressing an audience of business leaders and senior university officials, FBI Director Christopher Wray said the threats to economic and national security posed by the Chinese Communist Party are “tremendous” and “breathtaking”, while MI5 chief Ken McCallum called them “a game-changer.” many sophisticated businessmen” and that China has interfered in politics, including recent elections. This statement was validated by the United States National Counterintelligence and Security Center in a separate statement stating that China has accelerated its efforts to influence U.S. policy-making through overt and covert means, ranging from overt lobbying to collecting personal information about leaders ts of states and local communities, and uses economic incentives to reward or punish public officials. MI5 chief McCallum further clarified that MI5 had more than doubled its countermeasures against Chinese activity in the past three years and was expected to double it again soon.
Director Wray told attendees that the Chinese government was “determined to steal your technology – anything that makes your industry work – and use it to undermine your business and dominate your market”. He further indicated that China uses a wide range of tools and that China has deployed cyber espionage to “cheat on a large scale”, engaging in a level of hacking activity that rivals any other major country. reunited. MI5 chief McCallum added that the Chinese Communist Party’s greatest risk is ‘the cutting-edge expertise, technology, research and commercial advantage developed and held by the people in this room, and others. like you,” and pointed out that the risks displayed by the Chinese government included clandestine theft, transfer of technology and exploitation of research.
As further evidence of the immediate threat, MI5 chief McCallum suggested that MI5 had thwarted a sophisticated threat against aerospace organizations and described sophisticated “recruitment” activities presented as job interviews designed to encourage technology experts to describe technical information about their work to Chinese intelligence officials. McCallum said information about cybersecurity threats has been shared with 37 other countries.
While the joint statement does not directly address the impact these cybersecurity attacks could have on critical infrastructure, many of the concerns also apply to organizations involved in critical infrastructure, and those organizations should take the Party’s threats Chinese Communist and other similar nation states. threat actors just as seriously.
Significance of statement
The joint statement is the first-ever joint public appearance between the two directors and an unusual statement for two of the western world’s largest domestic law enforcement agencies. This unprecedented statement highlights some of the key cybersecurity concerns that are often overlooked:
- Cybersecurity threats cross traditional international borders. Director Wray explained the international scope of the threat posed by China and said the Chinese government posed “the greatest long-term threat to our economic and national security – and by ‘our’, I mean our two nations. , as well as our allies in Europe and elsewhere.
- While companies often focus their cybersecurity efforts on threats to personal information, the intellectual property held by many organizations may be even more valuable to many nation-state threat actors in an effort to achieve economic superiority. .
- Defending against such threats may require a coordinated international response that includes sharing threat information between countries.
China has denied engaging in the activities claimed by Director Wray and MI5 chief McCallum, and said through a spokesperson for the Chinese Embassy in Washington, D.C., that the position Beijing is that it is an advocate of cybersecurity, that its government would never condone such activities, and that it is a victim of cybersecurity attacks. “to be a truly responsible player in cyberspace.
What businesses should do
Attacks from China (and other threatening nation-state actors) can occur at any time. In fact, they’re probably already happening – former FBI Director Robert Mueller once said, “I’m convinced there are only two kinds of companies: those that have been pirated and those that will be. And even they converge on a single category: companies that have been hacked and will be hacked again. To defend against such attacks, businesses of all kinds should consider the following actions to protect their intellectual property and critical infrastructure operations:
- Review patching policies and procedures. Nation-state actors quickly and easily exploit systems that have failed to patch known vulnerabilities.
- Dealing with insider threats. Although Director Wray was careful to clarify that the threat came from the Chinese government and the Chinese Communist Party and not from the Chinese people or Chinese immigrants, companies should be alert to the potential for insider cybersecurity threats from all their employees.
- Security audits and penetration tests. Hire an independent security company to perform penetration testing and cybersecurity auditing to verify the strength of the company’s cybersecurity defenses.
- Isolate critical assets on the network. Consider moving the most valuable technology and other trade secrets to isolated computer systems that do not have physical access to the public Internet. While this may not be practical for some organizations that are still working remotely, the “sneaker net” may still be one of the best security measures when practical for the business.
- Consider the risks for doing business in China. Exercise caution when doing business in China. Director Wray also highlighted Chinese laws and regulations that pose risks to foreign companies operating in China and encouraged business leaders to assess the risk of business interactions with Chinese partners. “Maintaining a technological advantage can do more to increase a company’s value than partnering with a Chinese company to sell into this huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation. “, did he declare.
- Examine the supply chain for technology risks. The US and UK governments have launched efforts to limit or eliminate Chinese equipment from next-generation 5G telecommunications networks due to concerns about potential malware and other malicious components. Organizations should examine their supply chain for the potential for the introduction of malware – not only for physical components, but also for software and other network components, such as firewalls, routers, hotspots. wireless access devices, laptop computers, telecommunications systems, anti-virus software, and other similar network devices that may touch or have access to data. Businesses should only purchase these products and services from trusted sources and avoid products that may come from organizations that may be associated with threatening nation-state entities in countries that may be aggressive towards economic interests. from the West, such as China, Russia and North Korea. Companies may wish to consult NIST SP800-161 and NIST’s Software Supply Chain Security Guidance for guidance on reviewing and mitigating risks to their supply chain.
- Plan for geopolitical supply chain disruptions. In addition to the supply chain risks posed by malware and other malicious code, companies must consider the potential impact to their supply chain due to geopolitical forces. Director Wray suggested that China was learning from Russia’s invasion of Ukraine to isolate the impact of economic sanctions that may be imposed on it by the West, and pointed out that China could disrupt the chains supply chain in an effort to hold Western organizations hostage, and the potential disruption that could result from a Chinese invasion of Taiwan or other economic retaliation would be far greater than that seen this year as a result of the Ukraine.
- Review disaster recovery plans. Although China’s goal is a bit different than traditional ransomware, China may attempt to gain an economic advantage over large corporations by deploying similar tactics used in double extortion ransomware, namely exfiltration of information and the company’s deprivation of the availability of information. In addition to the actions described above, companies should ensure that they have appropriate disaster recovery policies and procedures in place (including testing of backup and restore capabilities) to ensure that the company can recover previous progress and retain its business advantage.
- Review other cybersecurity policies and procedures. Conduct a tabletop exercise targeting intellectual property misappropriation and critical system disablement, and review and update other cybersecurity policies and procedures as necessary to further protect this important asset.
Perhaps the most heartening statement in the warning comes from Director Wray, who said, “I know this all sounds alarming. But if the threat is immense, that does not mean that harm is inevitable. Companies should take the steps outlined above to review and update their cybersecurity practices.