Tuesday, July 30, 2013

Aviation companies twice as likely to be hacked if they do business in China

The COMAC C919 Passenger Jet
In anticipation of speaking at the AIAA conference in Los Angeles on August 12-14, I've been researching aviation companies with joint ventures in China and how many of them have reported being the victim of a cyber attack (successful or not). I identified 11 U.S. companies who were working with Chinese partners on the COMAC C919 aircraft and of those 11, 7 (64%) have publicly acknowledged being the victim of a cyber attack at some point in the last few years. No aggressors were named and some of the acknowledgments had to do with unsuccessful attempts only.

That percentage, in itself, didn't seem too surprising so I decided to look at 11 more randomly selected U.S. aviation companies and of those, only 3 (27%) publicly acknowledged being the victim of a cyber attack. However, after digging a little further, I learned that of those 3 companies, 2 (67%) also had joint ventures in China! Our sample suggests that aerospace companies who have joint ventures in China are being attacked more than twice as often as aerospace companies who don't have joint ventures in the PRC.

We aren't suggesting that China is behind the attacks. Rather, that technology which is valuable to China is also valuable to international hacker groups who believe that they can find a buyer for the stolen data.

As far as I know, this is the first study of its kind to demonstrate that a specific industrial sector (Aerospace) of high value to the Chinese government yields an increased risk of cyber attack to U.S. aerospace companies who are doing business in China. I'll be discussing the implications of this study during my presentation at the AIAA conference on August 12th and will be taking a deep dive into our research at a Suits and Spooks luncheon event in McLean, VA on Sept 10th. Our venue in McLean has limited seating so register early. 

Tuesday, July 16, 2013

Taking a Deep Dive into China's Cyber Threat Landscape

The cyber threat landscape is so much more complex than is commonly reported by the media, the government, and especially by information security vendors. China is no different. The goal of the Suits and Spooks conference in New York City is to begin the process of diagramming the most complete cyber threat landscape that has ever been done by bringing together 15 international authorities on different geographical regions to discuss and debate the issues.

One of our panels is "Cyber Attacks and China: Who Should Be Held Responsible", and includes:
  • Joel Brenner (moderator): former National Counterintelligence Executive at the Office of the Director of National Intelligence and former Senior Counsel at the NSA
  • Peiran Wang: Ph.D. candidate, The Center for Economic Law and Governance, Faculty of Law and Criminology, Vrije Universiteit Brussel 
  • Peter Mattis: Editor, Jamestown Foundation China Brief 
  • Mihoko Matsubara: Cybersecurity analyst at Hitachi Systems and Adjunct Fellow at Pacific CSIS
  • Tom Creedon: Chief Researcher, East Asia Cyber Threat Intelligence, Verisign-iDefense
  • Sheena Chestnut Greitens, Ph.D.: Fellow, Harvard’s Fairbank Center for Chinese Studies
  • Roel Schouwenberg: Sr. researcher, Kaspersky Labs' Global Research and Analysis Team
In addition to serving on this panel, each of the above panel members will be giving their own talks on related subjects. A full agenda for this two day event will be published soon. In the meantime, you may want to register for this unique and important conference before it sells out.

Thursday, July 11, 2013

Chinese and Russian Information Security and Aeronautics R&D Luncheon

Announcing the first Suits and Spooks Adversary R&D luncheon at the Ritz Carlton Tysons Corner in McLean, VA on Sept 10, 2013 from 11:30am – 1:30pm. A limited number of attendees will enjoy a delicious lunch and receive a briefing on Chinese and Russian R&D priorities in the areas of Information Security and Aerospace.

Focus and Methodology:

In order to fully understand today’s threat landscape, Taia Global created the world’s first database on adversary state R&D called Chimera. Taia’s researchers collected intelligence on fifty State Key Laboratories (SKLs) in China and ten research centers and institutes in the Russian Federation. These laboratories are top-tier R&D centers that receive funding from the private sector and government-sponsored entities, including the People’s Liberation Army and IT firms such as Huawei and ZTE in China, and the Federal Security Service in Russia. SKLs focus their R&D efforts on strategic research priorities as defined by the central government of the PRC. These priorities range from geosciences to molecular chemistry. However, Taia’s researchers focused their initial collection efforts on laboratories researching and developing Information and Telecommunications Systems and aerospace capabilities.
After collection and translation, the team categorized the data into broad research areas (space systems, quantum cryptography, microelectronics, etc.) before then addressing specific projects, such as ground-based satellite telemetry encryption platforms or field-programmable gate arrays. This type of categorization allowed Taia Global to effectively identify Chinese and Russian research on U.S. export controlled technologies and systems as defined by the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).

Key Findings:

Chinese laboratories are centers of civil-military-corporate integration and nearly 40% of the labs are working on export-controlled technologies. A number of SKLs are working on classified military-specific R&D projects for the People’s Liberation Army. Not only do the SKLs work closely with the Chinese public and private sectors, they actively pursue joint-ventures and partnerships with foreign IT and aerospace companies.
Russian Federation institutes and research centers focus on civil and military developments and 50% of them are working on export-controlled technologies.

To Reserve Your Space

The luncheon and briefing will take place in the Plaza room of the Ritz Carlton Tysons Corner at 11:30am until 1:30pm. All attendees will receive a copy of the presentation along with recorded audio. Tickets are $128 and seating is limited to 48 people. Ensure your space by registering today.

Monday, July 1, 2013

My First-hand Experience with China's Most Successful Technology Transfer Campaign (better than hacking)

There's no doubt that China is on an aggressive technology acquisition track and has been for 20+ years. Way too much emphasis has been placed on the vacuuming of data from U.S. companies through targeted attacks (otherwise known by the marketing buzzword "APT"). That's actually a terribly inefficient way to conduct the scale of tech transfer that China needs and a lot of the data that gets scooped up has low value, which is partly why I believe that hacker groups from many different countries (including China) are the main instigators behind those attacks rather than the PLA or a Foreign Intelligence Service. Small scale hacker groups are like burglars breaking into peoples' houses. They take as much as they can carry and then try to fence the goods for whatever they can get.

The Chinese government has crafted a much more elegant, legal, and precise way to obtain the exact type of technology that they need. They offer tax incentives and access to the biggest market in the world to U.S. companies who open their Research and Development centers in China. To date, over 1200 companies have taken China up on that offer including Boeing, Microsoft, Dell, Cisco, Intel, GE and many, many more. Part of the deal is that these U.S. companies must hire a percentage of Chinese engineers, who stay for a year or two; learn everything they can about the technology of interest, and then leave to work for a Chinese national champion firm or state-owned enterprise.

Here's a recap of my own first-hand experience with this process. As I've mentioned before, Taia Global has a product in development called Chimera. We are building the world's first and largest commercial database of adversary states' research and development priorities, focusing on technologies that are U.S. export-controlled. These represent the creme de la creme of targets for acts of industrial and cyber espionage. I've been searching for a data scientist with a background in document-matching. Being an ex-Microsoft employee, I started with the Microsoft Research website and learned that almost all of the researchers working on NLP and Search topics are at Microsoft Asia (in Beijing). I identified a couple of researchers in the precise field that I was looking for and sent email introductions to both. It turned out that both had left Microsoft Research and went to work for Huawei's internal R&D lab.

The U.S. government fueled by testimony from InfoSec industry experts can complain about Spear Phishing, APT, and Chinese hackers day-in and day-out but that won't begin to address the much more serious problem of how so many top U.S. firms willingly give their intellectual property away for the promise of cheap research costs and lucrative access to a massive Chinese market. What complaining about the Chinese government hacking U.S. corporations will do is keep the conversation in a politically advantageous zone and away from the political minefield that represents US companies exporting their R&D overseas. If you're looking to blame someone for the estimated $300 billion in IP loss that the U.S. suffered last year, start by taking a hard, honest look at what U.S. companies are willing to risk in order to do business in China.


"China Operates the World's Most Successful Honey Pot"