From the many threats to the U.S. intelligence community, I have chosen to analyze and discuss the massive issue of cyber espionage, specifically honing in on Chinese attackers, specifically military and private sector cyber spies who are conducting several cyber-attacks against the U.S.’s federal and military branches by hacking into databases that contain classified information only meant for those within the system.
From further analysis on this issue, I have found that the Chinese use their cyber espionage capabilities in an attempt to steal intellectual property from the U.S. to try and gain an upper hand in economic negotiations as well as put pressure on foreign governments. According to FBI estimates, “China employs around 30,000 military cyber spies and around 150,000 private sector “cyber experts” who aim to gain access to U.S. military and technological secrets that would eventually allow them to advance rapidly, enabling them to overtake the U.S. in key industries and gain military advantages for themselves” (Maza, 2018). Chinese espionage is a more common problem than we realize.
With these hackers gaining access to the U.S. databases to find classified information for their own advancements, the U.S. must start making drastic changes within the intelligence community to reduce and completely dissolve the issue. We must start by addressing the underlying root issue in an effort to understand why the hackers target specific databases to gain this information. The U.S. must come up with a plan to stop them from executing their plans to advance as a country as well. From analysis of the threat as a whole, the issue is currently still in its peak stage. By the U.S. intelligence community implementing security measures such as cyber-risk insurance and cybersecurity regulations, I believe we could soon see a large reduction in attacks on the U.S. from the Chinese.
As mentioned above, China has been conducting many cyber-attacks on the U.S. in recent decades by hacking into databases that contain various forms of classified and confidential material from within the U.S.’s federal government and military databases. It has become a widely addressed issue within the U.S. intelligence community as it is costing U.S. companies an estimated $300 billion annually, according to a report by the Washington, D.C. based think tank Foundation for Defense of Democracies.
Today’s IC takes this specific issue very seriously because “China is said to be responsible for 50-80% of cross-border intellectual property theft worldwide, and over 90% of cyber-enabled economic espionage in the U.S.” (Maza, 2018). It is a significant matter because the information that the Chinese are obtaining is not only costing the U.S. billions of dollars in damages and revealing confidential information, but also exposing U.S. military strategies, plans and top-secret missions involved within the databases. “Covert espionage is the main Chinese cyber threat to the U.S., while disruptive cyber-attacks that cause overt damage, like destroying data or causing power outages, are less common in today’s IC” (Denning, 2017).
The sources I used in conducting my research and analysis on this issue are a compilation of blogs, news reports from official government sites and, statements from security intelligence agencies and their analysts. Together, they all provide a summary of the issue of cyber espionage attacks from the Chinese and how to prevent them from happening in the future. In order to prevent, protect, and mitigate this problem going forward, the U.S. must ensure antivirus programs are up-to-date and active, turn on integrated product support systems, use email filtering, patch operating system and software, as well as inform users to be aware of the risks.
To give an example of evidence, in 2003 a series of attacks took place and lasted for up to 3 years. The U.S. Government nicknamed “Titan Rain,” they were “highly coordinated attacks on American computer systems that exposed potentially fatal information on the U.S.’s side” (Thornburgh, 2005). This seems to be acknowledged as the beginning of cyber espionage attacks from China, and it was undetermined how the hackers were “able to target high-profile targets such as NASA, the U.S. Army Information Systems Engineering Command, the Defense Information Systems Agency, the Naval Ocean Systems Center, and the US Army Space and Strategic Defense Installation” (Wegilant, 2013).
The Chinese claim that they target this information to help themselves advance as a country, but by such attacks, it is made clear that they are capable of obtaining the specific technology required to break into secure United States defense networks. The question now is, how much further do we think they are going to try and advance? One would think an effective solution would be cooperation between the countries and treaties, but it has been tried in the past and it has not done much to protect attacks of this magnitude from happening. Cybersecurity regulations, “could be implemented to help identify web addresses that send and receive suspicious data” (Gonsalves, 2014). Although it would be nearly impossible to detect and prevent all cyber-attacks from happening in the future, we can guarantee that if security measures such as ones like these were implemented, a reduction would follow shortly behind.
The following examples are evidence of Chinese cyber-attacks threatening the U.S. federal and military servers by exploiting strategic military plans and information on the federal level. In June 2015, The United States Office of Personnel Management suffered being the target of a data breach that ended in the outcome of hackers attaining the records of as many as 4 million people. According to an article titled “Chinese Hackers Violated Systems at the Office of Personnel Management,” the information the hackers had stolen from the OPM were records of people’s personal information who had undergone government background checks, although it did not state if they were currently or formerly working for the government.
Plenty more information was taken such as, SSN’s, names, dates and places of birth as well as residing addresses for these people. The same article mentioned above stated that after the hack, the FBI “arrested a Chinese national suspected of helping create the malware used within the breach,” (Paganini, 2017). This is when they were able to link it together with evidence, back to the Chinese hackers in August 2017, which was two months after the initial attacks. The U.S. was able to prove that it was the Chinese behind the attack by discovering through analysis that at least one worker, who was physically located in China had root access to every row, which represents a set of related data, on every database, with another web contractor who had two employees with Chinese passports.
The Chinese did not cover their tracks well, as we were able to trace to where the attack came from. Ultimately, although we were able to prove a point, the attack had still compromised highly classified U.S. information. This hack set us back as security clearance information was included within this personal information that was exposed, such as SF 86 Forms which are Questionnaire’s for National Security Positions, and fingerprints from secret agents.
If cybersecurity regulations and measures had been taken beforehand, attacks such as the OPM Data Breach could have easily been prevented. With such highly classified information on these servers that hackers are obtaining access to, there should be no chance of any of this information being compromised by hackers, which is another reason cyber-risk insurance should be heightened as a measure to be implemented onto these databases that are containing the classified information.
During the Obama administration, President Barack Obama made an executive order that authorized sanctions, to reduce diplomatic ties between the United States and China. It was after the sanctions were made, the two countries had finally decided to reach an agreement on several cybersecurity matters in order to remove the sanctions. In an article by William Banks from Emory Law Journal, he wrote “previous allegations against Chinese hackers had been dismissed by many, as the Chinese appeared to not have understood their lack of significance and viewed them similarly to sanctions” (Banks).
China then agreed to cooperate according to law enforcement matters in the “cyberspace world,” and also reversed their policy position and committed to not engage in commercially-motivated cyber espionage. The agreement they came upon also included provisions, which if they were to violate could lead to more sanctions under Obama’s executive order. This is when we began to see progress with agreements made between China and the U.S. involving cyber espionage, the U.S. believed the Chinese would hold up their end of the bargain, which is where they made their first mistake. The U.S. took no security measures, such as implementing cyber-risk insurance or any cybersecurity regulations on any of their databases, including those most often hacked into, being federal and military servers.
After further analyzing cyber espionage from the Chinese as a threat to the U.S. intelligence community, we move forward with caution and must make drastic changes within the system to be able to detect and prevent attacks from happening again, or to at least lessen the hit on the IC from the attacks. “Changes must be made in national regulation such as implementing different cybersecurity regulations for industrial systems” (Kaspersky Lab, 2017).
Security assessments need to take place regularly and often, which will guarantee an increase in protection and awareness for users. If we, as a country, can begin to do that, we will most likely see new vulnerabilities found and threats being disclosed. As another security measure that needs to be taken is, the U.S. setting aside a larger budget for defense measures, to invest in industrial cyber insurance would help prevent and block such attacks. “Industrial cyber-risk insurance is slowly becoming an integral part of risk management for enterprises.
If the U.S. is to invest in cyber-risk insurance, this will guarantee the increase of number of audits/assessments and incident responses undertaken, raising cybersecurity awareness as a whole among leaders and operators. The global cost of cybercrime is expected to reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion and this is why the U.S. needs to implement and invest in these regulations and systems” (Laberis, 2016). It is found that in order to decrease the rate of cybercrime and cyber espionage, organizations need to focus on the initial detection and their response to it, rather than only focusing on preventative approaches.
This threat is significant to the U.S. intelligence community and warrants the attention of U.S. policy and decision makers because it is costing them several billions due to the information that is being compromised. Having these hackers gain access to, as well as reveal, classified government information and U.S. military plans for attacks and secret missions is not only compromising the information but government official’s personal information, as well. Some mitigations recommended for the U.S. intelligence community to approach would be data policy, which is simply just overlooking who has access to the critical information.
After assessing who has eyes to the information, to protect the critical information, you must separate the network holding the classified information from the corporate network to only the individuals that are allowed access, which is one simple cybersecurity regulation that would help prevent and defend the U.S. IC from yet another cyber-attack (Zwienenberg, 2012). It is an issue that matters and needs to be acknowledged greater than it is due to the high likelihood of it continuing to be a threat to the U.S. intelligence community and their own advancements if security measures are not taken.
The U.S. needs to implement different cybersecurity regulations for industrial systems as well as invest in cyber-risk insurance to attempt to reduce the amount of cyber-attacks from the Chinese hackers. As we have known the Chinese to be the initial aggressors of the attacks that have taken place in the past, even with the security measures that have been given as recommendations, we need to expect future attacks and be better prepared to not only try and prevent the future attacks but also prepare automated responses to these attacks that will better fend off the hackers and their attacks into our U.S. government and military systems.