U.S. urged to take comprehensive action on Chinese cyberespionage

A high-profile report showing that Chinese cyberespionage is increasingly focused on U.S. critical infrastructure adds urgency to the government using every tool it has to dissuade China from such activity, experts say.

Security company Mandiant released a report this week that showed a group of cyberspies it had watched closely for sometime was in all probability a secretive organization within the Chinese military. It described how the group was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, including the electrical power grid, oil and gas lines and waterworks.

While there's no evidence China is planning to launch a destructive attack, the fact that the country is behind gathering proprietary information from these companies is a reason for serious concern and a stepped up government response, experts say.

Paul Rosenzweig, a former deputy assistant secretary for policy at the Department of Homeland Security and the founder of Red Branch Law & Consulting, said the government should use everything it has to pressure China to stop.

Options include high-level diplomacy, financial and economic sanctions, using our own intelligence to embarrass the Chinese government, and prosecution of people involved in stealing data as well as Chinese companies that use stolen information.

Congress should also move faster in passing the Cyber Intelligence Sharing and Protection Act, reintroduced last week. The bill would establish rules for companies to share cyberthreat information with each other and government agencies.

"[Chinese spying] certainly adds oomph to the need for CISPA-like legislation, but it probably adds more oomph to the need for a concerted whole-of-government strategy for dissuading China from its current course of conduct," Rosenzweig said on Thursday.

[Also see: Chinese cyberespionage threatens U.S. economy, DoD says]

The Obama administration is already moving in that direction. On Wednesday, the White House released its strategy for preventing the theft of U.S. trade secrets.The plan includes increasing diplomatic efforts, supporting industry-led best practices for protecting proprietary information and continuing to make the prosecution of trade secret theft by foreign companies and governments a "top priority."

While China was not mentioned, the strategy would certainly cover activities outlined in the Mandiant report.

A recently published paper by consultancy Good Harbor Security Risk Management outlines steps countries can take to prevent the escalation of cyberespionage into a more serious confrontation. Initial steps could include sharing information about threats with the intent to tackle thorny issues, like spying, later.

Russia and the U.S., for example, have discussed establishing a cyber hotline to lessen the chances of activity leading to conflict. The hotline would be modeled after one used to prevent accidental nuclear war.

"The U.S. should address this in multiple ways, including seeking to hold diplomatic discussions and developing norms about not attacking critical infrastructure through cyber," said Jacob Olcott, principal for cybersecurity at Good Harbor.

Most experts believe that U.S. intelligence agencies were aware of the activities of Chinese cyberspying before the Mandiant report. However, the account is valuable in raising public awareness of the problem and adding pressure on lawmakers, Matthew E. Luallen, president and co-founder of CYBATI, which conducts professional classes on securing industrial control systems.

What the nation needs is more organizations, such as the North American Electric Reliability Corp. (NERC), to enforce security standards on manufacturers of critical infrastructure and on waterworks. In addition, he favors more regulation, such as the Chemical Facility Anti-Terrorism Standards from the DHS.

"Now that there's a public report, more people can actually understand why we need to have some of these additional regulations around protecting critical infrastructure," Luallen said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Tags: cyberespionage, Data Protection | Malware, applications, legal, software, data protection, Mandiant, cybercrime, cyberspying, Department of Homeland Security

Akamai admits its OpenSSL patch was faulty, reissues keys

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Security and Data Protection

Protect your computers and data.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.