Critical Infrastructure Security, Threat Intelligence, Incident Response, TDR

ICIT Report: Despite pact with U.S., China continues to steal intellectual property

A new report released today from the Institute for Critical Infrastructure Technology (ICIT) warns that China's five-year plan for the years 2016-2020 is heavily reliant upon the digital theft of Western nations' intellectual property, despite the 2015 Sino-U.S. pact to eliminate cyberattacks against corporate assets.

Entitled China's Espionage Dynasty: Economic Death by a Thousand Cuts, the paper looks to paint a comprehensive portrait of China's cyberspy program through the aggregation of reports from the U.S. government, cybersecurity firms and independent sources. The ICIT will present its findings in Washington D.C. on July 28 before an audience of federal agencies and critical infrastructure private-sector organizations.

In September 2015, the U.S. and China publicly agreed not to digitally spy on each other for commercial gain. “While it is possible that China has reduced its targeted attacks against American organizations, it seems more likely that it restructured its cyber operations to assert greater control over its operatives,” the report concludes. In other words, the report states, China may have reined in its most obvious threats, while continuing to infiltrate Western businesses with more advanced, virtually undetectable advanced persistent threat (APT) attacks.

“I think that the only part of Chinese hacking that has slowed down are the independent patriot script kiddies,” said author Scott, a senior fellow at the ICIT, in an interview with SCMagazine.com. “I believe that since that ‘agreement,' the Chinese have moved forward with a more targeted attack model and have replaced much of the 'smash and grab' hacking they are known for, with an attempt to be more covert and stealthy.”

The paper claims that China's ongoing APTs are designed to help the country achieve the objectives of its latest five-year plan, which places a heavy emphasis on “cutting-edge technology and socioeconomic reform.” It then goes on to profile 15 known state-sponsored Chinese APT groups that allegedly steal intellectual property and spy on various Western organizations in order to stay economically competitive.

In another section that could prove controversial, the report's authors issued a warning about Chinese Student and Scholar Associations (CSSAs) – organizations that help Chinese students studying abroad to acclimate to Western university life. The report contended that at least some these organizations are acting on behalf of the Chinese government by asking often unwitting students to report details of their research, which can later serve as actionable intelligence.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.