Wikisource

Threats to U.S. Networks/Section 3C

< Threats to U.S. Networks
Section III, B
Threats to U.S. Networks: Oversight of Chinese Government-Owned Carriers
by the Permanent Subcommittee on Investigations
Section IV

C. The United States Government Has Highlighted National Security Concerns Associated with Chinese State-Owned Carriers Operating within the United States

In recent years, the U.S. government has highlighted national security concerns raised by China's state-owned telecom carriers operating in the United States. The U.S. National Counterintelligence and Security Center ("NCSC") notes that foreign telecom companies are often subject to foreign state influence because they "provide valuable services that often require access to the physical and logical control points of the computers and networks they support."[1] Chinese state-owned companies are subject to an added layer of state influence in that they must comply with strict laws regardless of where they operate.[2] These laws underscore the concern that the Chinese government may use state-owned carriers to assist in its cyber and economic espionage activities, particularly those targeted at the United States.[3]

This section discusses the Chinese government's history of cyber and economic espionage efforts against the United States. It then discusses some of the recent laws the Chinese government has enacted by which it could force companies to comply with Chinese government requests to assist in cyber and economic espionage efforts. Finally, this section discusses how a Chinese carrier might assist the Chinese government-through disrupting and rerouting internet and communications data. These "hijacking" efforts are possible because Chinese carriers have established operations in the United States and built interconnections with U.S. carriers.

1. The Chinese Government Engages in Extensive Cyber and Economic Espionage Efforts against the United States

According to the NCSC, "foreign intelligence services—and threat actors working on their behalf—continue to" be the most persistent and pervasive cyber threat.[4] The NCSC concluded that China is among the most capable and active actors in this area, aggressively targeting and collecting sensitive economic and technological information to support its strategic development goals, including in the area of telecommunications.[5] Similarly, in the 2019 Worldwide Threat Assessment, the Director of National Intelligence warned that "China presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems."[6] As Team Telecom recently highlighted, "China is the first country identified by name" in the 2019 Worldwide Threat Assessment given the threat it poses.[7]

The U.S. government is one of the leading targets of China's cyber espionage efforts.[8] A 2013 report by the Department of Defense concluded that China "is using its computer network exploitation . . . capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs."[9] Following the arrest of a Chinese officer on economic espionage charges, DOJ's National Security Division warned of China's "'overall economic policy of developing China at American expense,' often through illegal means."[10]

Several instances demonstrate China's use of cyber espionage to attack U.S. government agencies and contractors to bolster its national security and economic priorities.[11] As part of China's "strategic plan" to increase its intelligence collection efforts, state-sponsored hackers have reportedly targeted U.S. networks containing large amounts of data on American intelligence personnel and government employees.[12] For example, in 2014, U.S. intelligence officials revealed that hackers associated with the Chinese government infiltrated Office of Personnel Management databases, which held personnel records and security-clearance files for former and current federal employees, their families, and friends; defense contractors' records were also obtained.[13] Over 22 million individuals were affected by the breach.[14] Former FBI Director Comey described the data as a "treasure trove of information about everybody who has worked for, tried to work for, or [currently] works for the United States government," making the breach a major national security concern.[15] Later that year, the Intelligence Community suspected that Chinese state-sponsored hackers were behind a breach of the U.S. Postal Service's computer networks—exposing data containing sensitive information on more than 800,000 employees.[16] Cyber policy experts concluded that the attack was part of the Chinese government's effort to build its inventory of information on U.S. persons for counter-intelligence and recruitment purposes.[17]

Chinese hackers have also targeted U.S. government contractors and the private sector. For example, in 2014, Chinese state-sponsored hackers allegedly breached the computer network of U.S. Investigation Services ("USIS"), which was then one of the government's largest contractors for providing federal background and security clearance investigations.[18] The breach resulted in the loss of more than 25,000 records belonging to DHS employees.[19] In 2018, Marriott's Starwood chain hotel reservation system was allegedly infiltrated by hackers working on behalf of China's Ministry of State Security.[20] The breach exposed personal information and travel details of up to 500 million people.[21] Earlier this year, DOJ charged four individuals associated with the Chinese People's Liberation Army for hacking Equifax in 2017.[22] As detailed in the Subcommittee's March 2019 report, the Equifax breach resulted in the release of personal identifying information of over 145 million Americans;[23] FBI Deputy Director Bowdich described it as "the largest theft of sensitive [personally identifying information] by state-sponsored hackers ever recorded."[24]

Pursuant to China's efforts to modernize its military and diminish the U.S. military's technological advantage, state-sponsored hackers have also engaged in a comprehensive campaign to steal information about U.S. advanced weapons technology.[25] For example, in 2012, a cyberattack on NASA's Jet Propulsion Laboratory was traced back to a Chinese IP address; during the incident the hackers "had full functional control over [the Laboratory's] networks."[26] Two years later, Chinese government-affiliated hackers stole military secrets, including the designs for Boeing's C-17 Globemaster and Lockheed Martin's F-35 and F22 stealth fighters.[27] More recently, Chinese state-sponsored hackers breached the computer network of a U.S. Navy defense contractor, stealing massive amounts of highly sensitive data, including secret plans for the development of a supersonic anti-ship submarine missile.[28]

China is also focused on commercial sectors critical to U.S. infrastructure, but vulnerable to cyberattack.[29] The U.S. Trade Representative recently warned that "cyber theft [was] one of China's preferred methods of collecting commercial information because of its . . . plausible deniability."[30] Many of the targeted companies operate in sectors that China believes are important for future innovation, such as information technology.[31] In 2014, then-Director of the National Security Agency, Admiral Michael Rogers, warned that China was capable of shutting down the U.S. electric grid and other critical infrastructure systems via cyberattack.[32] Just last year, cyber security experts attributed a cyberattack on the National Council of Examiners for Engineering and Surveying to Chinese state hacker-group APT10.[33] These experts warned that the attack was indicative of a specific threat to U.S. utility providers—the attacks were highly targeted and designed to steal intellectual property or to plant vulnerabilities in sectors essential to everyday national operations, such as energy, utilities, and telecommunications.[34]

China's cyber and economic espionage efforts are not expected to subside in the coming years. The Director of National Intelligence has advised that the Chinese government "will authorize cyber espionage against key U.S. technology sectors when doing so addresses a significant national security or economic goal not achievable through other means."[35] In a recent hearing before the Senate Committee on Homeland Security and Governmental Affairs, David J. Glawe, Undersecretary of the Office of Intelligence and Analysis at DHS, testified that China "will remain aggressive" in its cyber efforts against the United States and will continue to use its cyber capabilities to "undermine critical infrastructure, target our livelihoods and innovation, steal our national security secrets, and threaten our democratic institutions."[36]

2. Chinese State-Owned Companies are Subject to Control by the Chinese Government

China "enlist[s] the support of a broad range of actors spread throughout its government and industrial base" to carry out its strategic goals.[37] The Director of National Intelligence recently expressed concern about China's potential use of "Chinese information technology firms as routine and systemic espionage platforms . . . ."[38] In recent filings with the FCC, Team Telecom officials warned that Chinese telecommunications carriers, among other state-owned entities, are subject to control by the Chinese government because the entities must comply with strict national security laws.[39]

The Chinese government has enacted multiple laws obligating Chinese citizens and companies to support, assist, and cooperate in the government's intelligence and national security efforts.[40] The National Intelligence Law of 2017, for example, requires that all "organization [s] or citizen [s] shall support, assist and cooperate with the state intelligence work in accordance with the law, and keep the secrets of the national intelligence work known [sic] to the public."[41] The law also reserves the right for the state intelligence services to commandeer the communications equipment and other facilities of organizations and government organs.[42] The Chinese Cybersecurity Law of 2016, which became effective in June 2017, similarly provides that "network operators shall provide technical support and assistance to public security organs . . . ."[43] Under the 2015 National Security Law, all citizens and organizations are required to "obey [ ] . . . provisions of the Constitution, laws, and regulations regarding national security," "provid[e] conditions to facilitate national security efforts and other assistance," "provid[e] public security organs, state security organs or relevant military organs with necessary support and assistance," and "keep[ ] state secrets they learn of confidential."[44] The 2014 Counter-Espionage Law similarly provides that, during the course of a counter-espionage investigation, "relevant organizations and individuals shall truthfully provide information and must not refuse."[45]

Chinese companies operating in the United States have denied that they are bound by Chinese law.[46] Government officials and other commentators, however, point to the broad language of the laws to argue otherwise: the laws contain no geographic limitation and require that all organizations and citizens comply with requests from the Chinese government.[47] Further, while the laws are limited to "national security," "intelligence," and "counter-espionage" activities, these concepts are not defined.[48] Thus, commentators argue that the Chinese government could use these provisions to justify instructions to state-owned carriers to engage in cyber and economic espionage on behalf of the Chinese government.[49] Further, given the state ownership, it is unlikely that the carriers would protest any such requests by the Chinese government.[50]

3. Chinese State-Owned Carriers Can Facilitate the Chinese Government's Espionage Efforts by Hijacking Data through Their Relationships with U.S. Carriers

Data transported across global networks are vulnerable to interception or interference by hostile actors.[51] The networks were created with minimal security, which allows malicious actors to "target, alter, block, and re-route" communications.[52] As the U.S. government has warned, "the deepening integration of the global telecommunications market has created risks and vulnerabilities in a sector replete with a broad range of malicious activities."[53] The telecommunications industry has been particularly susceptible to cyber espionage.[54] One report estimated that nearly half of telecommunications organizations were the target of malware attacks between 2017 and 2018,[55] and these organizations are increasingly subject to hijacking attacks, wherein third parties capture and reroute information.[56]

Hijacking attacks occur when information is routed from one point to another, usually when it is routed through different carriers' networks.[57] In routing, "information is sent across intervening [networks] as small data 'packets' with their destination IP addresses attached. Each router in the transited networks looks at the destination IP address in the packet and forwards it to the next and closest [network]," seeking the shortest and most efficient route from the start point to the end point.[58] The Border Gateway Protocol ("BGP") is the central routing protocol. See, e.g., What is BGP Hijacking, CloudFlare, https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/; Yashin Huang, Internet Outrage Caused by Verizon Shows How Fragile the Internet Routing Is, Medium (July 2, 2019), https://medium.com/hackernoon/internet-outrage-caused-by-verizon-shows-how-fragile-the-internet-routing-is-a367241130e8. Administrators of each network are responsible for announcing the IP addresses associated with their networks on the BGP. See, e.g., What is BGP Hijacking, CloudFlare, https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/. The BGP, however, is notoriously complex, and "errors can occur given the complexity."[59] It is these errors that open up opportunities for malicious actors to hijack traffic.[60]

In practice, if a malicious actor announces through the BGP that it owns an IP address block that actually is owned by Network 1, traffic destined for Network 1 will be routed to or through-the malicious actor's network.[61] After receiving and inspecting the misdirected traffic, the malicious actor redirects it to the original destination point, and the traffic is delivered to its intended destination.[62] Because of the hijack, the malicious actor can access an organization's network, steal valuable data, add malicious implants to seemingly normal traffic, or simply modify or corrupt valuable data.[63] If diverted and copied even for a small amount of time, encryption can be broken.[64] Further, detecting the attack can be extremely difficult.[65] Given that traffic is continuously flowing, it is possible that the end-recipient might not notice any increase in "latency that results from the interception."[66]

Researchers allege that the Chinese government is increasingly using its state-owned telecommunications carriers to carry out hijacking attacks.[67] Chinese carriers have not established independent transmission facilities and networks outside of China.[68] Rather, as China Mobile stated in a recent SEC filing, the carriers are dependent on "interconnection arrangements and access to other networks."[69] Through these interconnection arrangements, the Chinese carriers can promote and allegedly have promoted-false routes on the BGP.[70] Particular allegations of hijacking by Chinese state-owned carriers are discussed more below.

  1. Nat'l Counterintelligence & Sec. Ctr., Foreign Economic Espionage in Cyberspace 14 (2018).
  2. See, e.g., National Intelligence Law of the People's Republic, Art. 7 (adopted June 27, 2017), http://cs.brown.edu/courses/csci1800/sources/2017_PRC_National_IntelligenceLaw.pdf (discussed infra).
  3. See generally Redacted Executive Branch Recommendation to Deny China Mobile International (USA) Inc.'s Application for an International Section 214 Authorization, FCC No. ITC-214-20110901-00289, at 7 (filed July 2, 2018), https://licensing.fcc.gov/myibfs/download.do?attachment_key=1444739 [hereinafter Executive Branch Recommendation re China Mobile USA]; Redacted Executive Branch Recommendation to Revoke and Terminate China Telecom's International Section 214 Common Carrier Authorizations, FCC Nos. ITC-214-20010613-00346, ITC-214-20020716-00371, ITC-T/C-20070725-00285 (Apr. 9, 2020) [hereinafter Executive Branch Recommendation re CTA].
  4. Nat'l Counterintelligence & Sec. Ctr., Foreign Economic Espionage in Cyberspace 5 (2018).
  5. Id. ("China has expansive efforts in place to acquire U.S. technology to include sensitive trade secrets and proprietary information.").
  6. Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence, 116th Cong. 5 (Jan. 29, 2019) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence).
  7. Executive Branch Recommendation re CTA, supra note 56, at 2 (citing Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence, 116th Cong. 5 (Jan. 29, 2019) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence)).
  8. Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 6 (Feb. 13, 2018) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence) ("Most detected Chinese cyber operations against US private industry are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide.").
  9. U.S. Dep't of Def., Annual Report to Congress: Military and Security Developments Involving the People's Republic of China 36 (2013).
  10. Sam Karson, Caught Between Superpowers: Alaska's Economic Relationship with China Amidst the New Cold War, 36 Alaska L. Rev. 47, 56 (2019) (quoting John Demers, Assistant Attorney Gen., Nat'l Sec. Div., Dep't of Justice). See also Press Release, Dep't of Justice, Chinese Intelligence Officer Charged with Economic Espionage Involving Theft of Trade Secrets from Leading U.S. Aviation Companies (Oct. 10, 2018), https://www.justice.gov/opa/pr/chinese-intelligence-officer-charged-economic-espionage-involving-theft-trade-secrets-leading.
  11. Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 6 (Feb. 13, 2018) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence).
  12. Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say, Wash. Post (July 9, 2015).
  13. Id.
  14. The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation, H.R. Comm. on Oversight & Gov't Reform, Majority Staff Rep., 114 Cong. 1, v n.1. (Sept. 7, 2016).
  15. Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say, Wash. Post (July 9, 2015).
  16. Ellen Nakashima, China Suspected of Breaching U.S. Postal Service Computer Networks, Wash. Post (Nov. 10, 2014).
  17. Id.
  18. Ellen Nakashima, DHS Contractor Suffers Major Computer Breach, Officials Say, Wash. Post (Aug. 6, 2014); Cory Bennett, Report: China Hacked Security Contractor, The Hill (Nov. 3, 2014).
  19. Stephanie Stamm & Kaveh Waddell, A Timeline of Government Data Breaches, The Atlantic (July 6, 2015).
  20. Ellen Nakashima, U.S. Investigators Point to China in Marriot Hack Affecting 500 Million Guests, Wash. Post (Dec. 11, 2018).
  21. Id.
  22. Criminal Indictment, United States v. Zhiyong et al., No. 2:20-CR046 (N.D. Ga. Jan. 28, 2020). See also Devlin Barrett & Matt Zapotosky, U.S. Charges Four Chinese Military Members in Connection With 2017 Equifax Hack, Wash. Post (Feb. 11, 2020).
  23. S. Permanent Subcomm. on Investigations, How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach, 116 Cong. 1 (Mar. 6, 2019).
  24. Eric Geller, U.S. Charges Chinese Military Hackers with Massive Equifax Breach, Politico (Feb. 10, 2020).
  25. See Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 6 (Feb. 13, 2018) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence). See also China's Non-Traditional Espionage against the United States: The Threat and Potential Policy Responses: Hearing Before the S. Comm. on the Judiciary, 115 Cong. 3 (2018) (statement of Peter Harrell, Adjunct Senior Fellow, Center for a New Am. Sec.).
  26. Investigating the Chinese Threat, Part I: Military and Econ. Aggression: Hearing before the H. Comm. on Foreign Affairs, 112 Cong. 36 (2012) (statement of John J. Tkacik, Jr., Senior Fellow, Int'l Assessment & Strategy Center).
  27. Wendell Minnick, Chinese Businessman Pleads Guilty of Spying on F-35 and F-22, Defense News (Mar. 24, 2016), https://www.defensenews.com/breaking-news/2016/03/24/chinese-businessman-pleads-guilty-of-spying-on-f-35-and-f-22/.
  28. Ellen Nakashima & Paul Sonne, China Hacks Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare, Wash. Post (June 8, 2018).
  29. Zack Doffman, Chinese State Hackers Suspected of Malicious Cyber Attack on U.S. Utilities, Forbes (Aug. 3, 2019); U.S.-China Econ. & Sec. Review Comm'n, 2016 Report to Congress 1, 298–300 (Nov. 2016) (defining critical infrastructure to include the information technology sector).
  30. 2018 U.S. Trade Representative Report, supra note 15, at 153.
  31. Council on Foreign Relations, A New Old Threat: Countering the Return of Chinese Industrial Cyber Espionage (Dec. 6, 2018).
  32. Ken Dilanian, NSA Director: China Can Damage U.S. Power Grid, Associated Press (Nov. 20, 2014).
  33. Zack Doffman, Chinese State Hackers Suspected of Malicious Cyber Attack on U.S. Utilities, Forbes (Aug. 3, 2019).
  34. Id.
  35. Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 5 (Jan. 29, 2019) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence).
  36. Threats to the Homeland: Hearing before the S. Comm. on Homeland Sec. & Governmental Affairs, 116 Cong. (2019) (statement of David J. Glawe, Undersec'y, Office of Intelligence & Analysis, U.S. Dep't of Homeland Sec.).
  37. Nat'l Counterintelligence & Sec. Ctr., Foreign Economic Espionage in Cyberspace 14 (2018).
  38. Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 4 (Jan. 29, 2019) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence).
  39. See generally Executive Branch Recommendation re China Mobile USA, supra note 56; Executive Branch Recommendation re CTA, supra note 56, at 38-40 (Apr. 9, 2020).
  40. See National Intelligence Law of the People's Republic, Art. 7 (adopted June 27, 2017), http://cs.brown.edu/courses/csci1800/sources/2017_PRC_National IntelligenceLaw.pdf. See also Murray Scot Tanner, Beijing's New National Intelligence Law: From Defense to Offense, LawFare Blog (July 20, 2017), https://www.lawfareblog.com/beijings-new-national-intelligence-law-defense-offense. Other relevant Chinese laws obligating citizens and organizations to assist in "national security" efforts include the laws on Counterespionage (2014), National Security (2015), Counterterrorism (2015), and Cybersecurity (2016).
  41. National Intelligence Law of the People's Republic, Art. 7 (adopted June 27, 2017), http://cs.brown.edu/courses/csci1800/sources/2017_PRC_National IntelligenceLaw.pdf.
  42. See id. at Art. 17 ("According to the needs of the work, according to the relevant national regulations, the staff of the national intelligence work agency may preferentially use or legally requisition the means of transport, communication tools, sites and buildings of relevant organs, organizations and individuals . . . .").
  43. Cybersecurity Law of the People's Republic of China, Art. 28 (effective June 1, 2017), https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/. The law also requires "critical information infrastructure operators purchasing network products and services that might impact national security" to comply with a Government-led national security review. See id. at Arts. 35, 49. China Telecom Corporation Limited ("CTCL") has acknowledged that the 2017 Cybersecurity Law could require it to be subject to a "security review," which would be organized and conducted by China's Ministry of Industry and Information Technology and would "focus on the security and controllability of network products and services." China Telecom Corp. Ltd. Annual Report Pursuant to Section 13 or 15(d) of the Sec. Exch. Act of 1934 for the Fiscal Year Ended December 31, 2019 (Form 20-F), Comm. File 1-31517, at 30 (filed Apr. 28, 2020), https://www.sec.gov/Archives/edgar/data/1191255/000119312520123302/d851335d20f.htm [hereinafter China Telecom FY2019 Form 20-F].
  44. National Security Law of the People's Republic of China, Art. 77(1), (4)–(6) (adopted July 1, 2015), https://www.chinalawtranslate.com/2015nsl/?lang=en.
  45. See Counter-Espionage Law of the People's Republic of China, Art. 22 (adopted Nov. 1, 2014), https://www.chinalawtranslate.com/en/anti-espionage/.
  46. See, e.g., Samantha Hoffman & Elsa Kania, Huawei and the Ambiguity of China's Intelligence and Counter-Espionage Laws, Australian Strategy Policy Inst. (Sept. 13, 2018), https://www.aspistrategist.org.au/huawei-and-the-ambiguity-of-chinas-intelligence-and-counter-espionage-laws/.
  47. See National Intelligence Law of the People's Republic, Art. 7 (adopted June 27, 2017), http://cs.brown.edu/courses/csci1800/sources/2017_PRC_National IntelligenceLaw.pdf; 5G: The Impact on National Security, Intellectual Property, and Competition: Hearing Before the S. Comm. on the Judiciary, 116th Cong. 2 (May 14, 2019) (testimony of Christopher Krebs, Dir., Cybersecurity & Infrastructure Sec. Agency, U.S. Dep't of Homeland Sec.) ("Chinese laws on national security and cybersecurity provide the Chinese government with a legal basis to compel technology companies . . . to cooperate with Chinese security services."). See also Yuan Yang, Is Huawei Compelled by Chinese Law to Help with Espionage, Fin. Times (Mar. 4, 2019); Amnesty Int'l, China: Submission to the NPC Standing Comm.'s Legislative Affairs Comm. on the Draft "National Intelligence Law" 4-5 (2017).
  48. See Gov't of Canada, China's Intelligence Law & the Country's Future Intelligence Competitions, https://www.canada.ca/en/security-intelligence-service/corporate/publications/china-and-the-age-of-strategic-rivalry/chinas-intelligence-law-and-the-countrys-future-intelligence-competitions.html; Yuan Yang, Yuan Yang, Is Huawei Compelled by Chinese Law to Help with Espionage, Fin. Times (Mar. 4, 2019); Samantha Hoffman & Elsa Kania, Huawei and the Ambiguity of China's Intelligence and Counter-Espionage Laws, Australian Strategy Policy Inst. (Sept. 13, 2018), https://www.aspistrategist.org.au/huawei-and-the-ambiguity-of-chinas-intelligence-and-counter-- espionage-laws/; AMNESTY INT'L, CHINA: SUBMISSION TO THE NPC STANDING COMM.'S LEGISLATIVE AFFAIRS COMM. ON THE DRAFT "NATIONAL INTELLIGENCE LAW” 4–5 (2017).
  49. Cf. 5G: The Impact on National Security, Intellectual Property, and Competition: Hearing Before the S. Comm. on the Judiciary, 116th Cong. 2-3 (May 14, 2019) (testimony of Christopher Krebs, Dir., Cybersecurity & Infrastructure Sec. Agency, U.S. Dep't of Homeland Sec.).
  50. Cf. Samantha Hoffman & Elsa Kania, Huawei and the Ambiguity of China's Intelligence and Counter-Espionage Laws, Australian Strategic Policy Inst. (Sept. 13, 2018), https://www.aspistrategist.org.au/huawei-and-the-ambiguity-of-chinas-intelligence-and-counter-espionage-laws/.
  51. See, e.g., Cybersecurity & Infrastructure Sec. Agency, U.S. Dep't of Homeland Sec., Alert (TA16-250A): The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations (last modified Sept. 28, 2016), https://www.us-cert.gov/ncas/alerts/TA16-250A ("The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. . . . For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors."). Cf. 5G: The Impact on National Security, Intellectual Property, and Competition: Hearing Before the S. Comm. on the Judiciary, 116th Cong. 1 (May 14, 2019) (testimony of Christopher Krebs, Dir., Cybersecurity & Infrastructure Sec. Agency, U.S. Dep't of Homeland Sec.) ("Risks to mobile communications generally include such activities as call interception and monitoring, user location tracking, attackers seeking financial gain through banking fraud, social engineering, ransomware, identity theft, or theft of the device, services, or any sensitive data. . . . Risks to the mobile Data on 5G networks will flow through interconnected cellular towers, small cells, and mobile devices that may provide malicious actors additional vectors to intercept, manipulate, or destroy critical data. Malicious actors could also introduce device vulnerabilities into the 5G supply chain to compromise unsecured wireless systems and exfiltrate critical infrastructure data.").
  52. Executive Branch Recommendation re China Mobile USA, supra note 56, at 10.
  53. Executive Branch Recommendation re China Mobile USA, supra note 56, at 2-3.
  54. See, e.g., Critical Infrastructure and Communications Security, Fed. Commc'ns Comm'n, https://www.fcc.gov/general/critical-infrastructure-and-communications-security ("The number of incidents of documented attacks on computer-based systems and communications systems increases on a daily basis. These range from unsophisticated access attempts by curious hackers to the malicious attempts to extract financial gain by criminal enterprises. The growth of malicious activities grew in the wake of the Telecommunications Act of 1996 as perpetrators capitalized on the 'openness' of networks, particularly the public Internet. The end result of these activities though can be catastrophic to the normal operations of communications and control systems and may threaten our national security."); Worldwide Threat Assessment of the U.S. Intelligence Community Statement for the Record to the S. Select Comm. on Intelligence 6 (Feb. 13, 2018) (statement of Daniel R. Coats, Dir. of Nat'l Intelligence) ("Most detected Chinese cyber operations against US private industry are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide."); DNS Security—The Telecom Sector's Achilles' Heel, EfficientIP (Nov. 27, 2017), https://www.efficientip.com/dns-security-telecom-sector/ (finding that, per a 2017 survey, telecom organizations suffered more attacks than any other industry surveyed).
  55. Mike Robuck, Report: Telecommunications Industry Woefully Unprepared for Cyberattacks, Fierce Telecom (Nov. 21, 2018).
  56. Jim Cowie, The New Threat: Targeted Internet Traffic Misdirection, Dyn (Nov. 19, 2013), https://dyn.com/blog/mitm-internet-hijacking/; Juha Saarinen, Internet Traffic Hijacking on the Rise, ITNews (Nov. 21, 2013), https://www.itnews.com.au/news/internet-traffic-hijacking-on-the-rise-365006. "Hijack attacks expose a network to potentially critical damage because it is not a hack of the end-point but of the critical exchanges carrying information between end points." Yuval Shavitt & Chris C. Demchak, China's Maxim-Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking, 3 Military Cyber Affairs 1, 4 (2018).
  57. See U.S.-China Econ. & Sec. Review Comm'n, the Nat'l Sec. Implications of Invs. & Prods. from the People's Republic of China in the Telecomm. Sector 42-43 (Jan. 2011); Shavitt & Demchak, supra note 109, at 4. Because different networks serve as the start and end points, a mechanism is needed to transport the traffic from one carrier to the other carrier for final delivery to the destination. Shavitt & Demchak, supra note 109, at 4.
  58. Shavitt & Demchak, supra note 109, at 2.
  59. Shavitt & Demchak, supra note 109, at 3.
  60. See Shavitt & Demchak, supra note 109, at 3.
  61. See What is BGP Hijacking, Cloudflare, https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/.
  62. See Cowie, supra note 109.
  63. Shavitt & Demchak, supra note 109, at 4.
  64. Shavitt & Demchak, supra note 109, at 4.
  65. See Cowie, supra note 109; BGP Hijacking Overview: Routing Incidents Prevention and Defense Mechanisms, Noction (Apr. 24, 2018), https://www.noction.com/blog/bgp-hijacking.
  66. Cowie, supra note 109.
  67. See, e.g., Doug Madory, China Telecom's Internet Traffic Misdirection, Oracle: Internet Intelligence (Nov. 5, 2018), https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection; Shavitt & Demchak, supra note 109, at 3; Jesus Diaz, China's Internet Hijacking Uncovered, Gizmodo (Nov. 17, 2010), https://gizmodo.com/chinas-internet-hijacking-uncovered-5692217; Andree Toonk, Chinese ISP Hijacks the Internet, BGPMon (Apr. 8, 2010), https://web.archive.org/web/20190415002259/https://bgpmon.net/chinese-isp-hijacked-10-of-the-internet/.
  68. See, e.g., TT-DOJ-045-60; TT-DOJ-001-15.
  69. China Mobile Ltd. Annual Report Pursuant to Section 13 or 15(d) of the Sec. Exch. Act of 1934 for the Fiscal Year Ended December 31, 2019 (Form 20-F), Comm. File No. 1-14696, at 16 (filed Apr. 28, 2020), https://www.sec.gov/Archives/edgar/data/1117795/000119312520122124/d825927d20f.htm#toc825927_5 [hereinafter China Mobile FY2019 Form 20-F].
  70. See, e.g., Shavitt & Demchak, supra note 109.
Retrieved from "https://en.wikisource.org/w/index.php?title=Threats_to_U.S._Networks/Section_3C&oldid=14521823"