China, in particular, was called out for engaging in “cyber-enabled economic espionage and trillions of dollars of intellectual property theft.”
Described as the first fully articulated White House policy in 15 years, the new National Cyber Strategy (PDF), signed by U.S. President Donald Trump on Sept. 20, outlines four pillars: defending the American people, the homeland, and the American way of life; promoting U.S. prosperity; preserving peace through strength; and advancing U.S. influence.
The offensive will focus on directly countering—through cyber and non-cyber means—malicious actors, including strategic adversaries, rogue states, territories, and criminal networks, to deter future cyber aggression. Examples include court prosecutions and economic sanctions.
The Trump administration also intends to empower federal departments and agencies with necessary legal authorities and resources to tackle transnational cyber-criminal activities, including “identifying and dismantling botnets, dark markets, and other infrastructure used to enable cybercrime, and combating economic espionage.”
A botnet is a system of hacked computers and internet-connected devices that can be controlled for illicit purposes, such as carrying out DDoS (Distributed Denial of Service) attacks, which flood the target with overwhelming traffic in order to disable a computer network.
In the strategy, four countries—Russia, Iran, North Korea, and China—are identified as undermining the U.S. economy and democracy, stealing U.S. intellectual property, and sowing discord in the American democratic process.
According to data by the Commission on the Theft of American Intellectual Property (also known as the IP Commission), theft of trade secrets costs the U.S. economy $180 billion to $540 billion annually.
“We’re going to do a lot of things offensively, and I think our adversaries need to know that,” said national security adviser John Bolton in a briefing on Sept. 20.
“Our hands are not tied, as they were in the Obama administration.”
In August, the Trump administration rescinded an Obama-era directive, known as the Presidential Policy Directive 20 (PPD-20), which established an exhaustive approval process that the military must navigate in order to launch hacking operations, according to Reuters.
The new cyber strategy calls for specific measures to protect government networks and contractor systems. For example, contractors’ risk management systems will be subject to review by the federal government for the purpose of safeguarding sensitive government information hosted on contractors’ networks.
U.S. networks have been attacked before by Chinese entities. In June 2015, the U.S. Office of Personnel Management (OPM) was breached by a cyber attack that compromised the personal records of roughly 4.2 million current and former federal employees. According to NBC News, the leading suspect behind that attack is China.
In June 2018, a hacking campaign launched from computers in China breached satellite operators, defense contractors, and telecommunication companies in the United States and southeast Asia.
Another measure listed in the Cyber Strategy is securing the government’s technology supply chain by creating a “supply-chain risk assessment shared service,” which will allow better information sharing among departments and agencies.
In April, the U.S.-China Economic and Security Review Commission found that the top seven U.S. IT equipment suppliers to the federal government get 51 percent of their tech parts from China—which the commission said poses a great risk to U.S. national security.
The administration also will work with the private sector to protect seven key U.S. sectors: national security, energy and power, banking and finance, health and safety, communications, information technology, and transportation.
Lastly, the White House seeks to work with Congress to update cybercrime-related legislation, including to “law enforcement’s capabilities to lawfully gather necessary evidence of criminal activity, disrupt criminal infrastructure through civil injunctions, and impose appropriate consequences upon malicious cyber actors.”
Just two days prior to the White House’s release, the Pentagon released its own document calling for a proactive and all-out approach to counter cyber threats from Russia and China. The Defense Department said it would engage in “day-to-day competition to preserve U.S. military advantages and to defend U.S. interests.”
Communist China’s Secret Blueprint to Destroy America
Communist China is quietly waging a war against the United States