U.S. urged to take comprehensive action on Chinese cyberespionage

A high-profile report showing that Chinese cyberespionage is increasingly focused on U.S. critical infrastructure adds urgency to the government using every tool it has to dissuade China from such activity, experts say.

Security company Mandiant released a report this week that showed a group of cyberspies it had watched closely for sometime was in all probability a secretive organization within the Chinese military. It described how the group was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, including the electrical power grid, oil and gas lines and waterworks.

While there's no evidence China is planning to launch a destructive attack, the fact that the country is behind gathering proprietary information from these companies is a reason for serious concern and a stepped up government response, experts say.

Paul Rosenzweig, a former deputy assistant secretary for policy at the Department of Homeland Security and the founder of Red Branch Law & Consulting, said the government should use everything it has to pressure China to stop.

Options include high-level diplomacy, financial and economic sanctions, using our own intelligence to embarrass the Chinese government, and prosecution of people involved in stealing data as well as Chinese companies that use stolen information.

Congress should also move faster in passing the Cyber Intelligence Sharing and Protection Act, reintroduced last week. The bill would establish rules for companies to share cyberthreat information with each other and government agencies.

"[Chinese spying] certainly adds oomph to the need for CISPA-like legislation, but it probably adds more oomph to the need for a concerted whole-of-government strategy for dissuading China from its current course of conduct," Rosenzweig said on Thursday.

[Also see: Chinese cyberespionage threatens U.S. economy, DoD says]

The Obama administration is already moving in that direction. On Wednesday, the White House released its strategy for preventing the theft of U.S. trade secrets.The plan includes increasing diplomatic efforts, supporting industry-led best practices for protecting proprietary information and continuing to make the prosecution of trade secret theft by foreign companies and governments a "top priority."

While China was not mentioned, the strategy would certainly cover activities outlined in the Mandiant report.

A recently published paper by consultancy Good Harbor Security Risk Management outlines steps countries can take to prevent the escalation of cyberespionage into a more serious confrontation. Initial steps could include sharing information about threats with the intent to tackle thorny issues, like spying, later.

Russia and the U.S., for example, have discussed establishing a cyber hotline to lessen the chances of activity leading to conflict. The hotline would be modeled after one used to prevent accidental nuclear war.

"The U.S. should address this in multiple ways, including seeking to hold diplomatic discussions and developing norms about not attacking critical infrastructure through cyber," said Jacob Olcott, principal for cybersecurity at Good Harbor.

Most experts believe that U.S. intelligence agencies were aware of the activities of Chinese cyberspying before the Mandiant report. However, the account is valuable in raising public awareness of the problem and adding pressure on lawmakers, Matthew E. Luallen, president and co-founder of CYBATI, which conducts professional classes on securing industrial control systems.

What the nation needs is more organizations, such as the North American Electric Reliability Corp. (NERC), to enforce security standards on manufacturers of critical infrastructure and on waterworks. In addition, he favors more regulation, such as the Chemical Facility Anti-Terrorism Standards from the DHS.

"Now that there's a public report, more people can actually understand why we need to have some of these additional regulations around protecting critical infrastructure," Luallen said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyberespionageapplicationsData Protection | MalwarelegalsoftwareMandiantdata protectioncybercrimecyberspyingDepartment of Homeland Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts