Foreign Economic Espionage in Cyberspace/China
China: Persistent Cyber ActivitiesEdit
China has expansive efforts in place to acquire U.S. technology to include sensitive trade secrets and proprietary information. It continues to use cyber espionage to support its strategic development goals—science and technology advancement, military modernization, and economic policy objectives. China's cyberspace operations are part of a complex, multipronged technology development strategy that uses licit and illicit methods to achieve its goals. Chinese companies and individuals often acquire U.S. technology for commercial and scientific purposes. At the same time, the Chinese government seeks to enhance its collection of U.S. technology by enlisting the support of a broad range of actors spread throughout its government and industrial base.
China's Strategic GoalsEdit
|Non-Traditional Collectors||China uses individuals for whom science or business is their primary profession to target and acquire US technology.|
|Joint Ventures (JV)||China uses JVs to acquire technology and technical know-how.|
|Research partnerships||China actively seeks partnerships with government laboratories-such as the Department of Energy labs-to learn about and acquire specific technology, and the soft skills necessary to run such facilities.|
|Academic Collaborations||China uses collaborations and relationships with universities to acquire specific research and gain access to high-end research equipment. Its policies state it should exploit the openness of academia to fill China’s strategic gaps.|
|S&T Investments||China has sustained, long-term state investments in its S&T infrastructure.|
|M&A||China seeks to buy companies that have technology, facilities and people. These sometimes end up as Committee on Foreign Investment in the United States (CFIUS) cases.|
|Front Companies||China uses front companies to obscure the hand of the Chinese government and acquire export controlled technology.|
|Talent Recruitment Programs||China uses its talent recruitment programs to find foreign experts to return to China and work on key strategic programs.|
|Intelligence Services||The Ministry of State Security (MSS), and military intelligence offices are used in China’s technology acquisition efforts.|
|Legal and Regulatory Environment||China uses its laws and regulations to disadvantage foreign companies and advantage its own companies.|
The Intelligence Community and private sector security experts continue to identify ongoing Chinese cyber activity, although at lower volumes than existed before the bilateral September 2015 U.S.-China cyber commitments. Most Chinese cyber operations against U.S. private industry that have been detected are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide. Examples of identified ongoing Chinese cyber activity include the following:
- According to several cyber intelligence companies, in 2017 the China-associated cyber espionage group APT10 continued widespread operations to target engineering, telecommunications, and aerospace industries. APT10 targeted companies across the globe, including the United States, using its exploitation of managed IT service providers as a means to conduct such operations.
- Cybersecurity researchers have found links between Chinese cyber actors and a back door in the popular CCleaner application that allowed the actors to target U.S. companies, including Google, Microsoft, Intel, and VMware.
- In November 2017, PricewaterhouseCoopers (PWC) reported that the China-based APT, known as KeyBoy, was shifting its focus to target Western organizations. According to PWC, the targeting likely was for corporate espionage purposes. KeyBoy previously focused on Asian targets, according to commercial cybersecurity reporting.
- According to FireEye, in 2017 TEMP.Periscope continued targeting the maritime industry as well as engineering-focused entities including research institutes, academic organizations, and private firms in the United States. FireEye has detected sharp increases in targeting in early 2018 as well.
We believe that China will continue to be a threat to U.S. proprietary technology and intellectual property through cyber-enabled means or other methods. If this threat is not addressed, it could erode America’s long-term competitive economic advantage.