A recent U.S. government report shows that many key industrial sectors in the United States continue to be the target of foreign espionage—most notably from China.
On July 26, the National Counterintelligence and Security Center (NCSC) released a report titled “2018 Foreign Economic Espionage in Cyberspace,” which identified three countries—Russia, Iran, and China—as the most “active cyber-actors” posing a threat to U.S. industries.
“Our goal in releasing this document is simple: to provide U.S. industry and the public with the latest unclassified information on foreign efforts to steal U.S. trade secrets through cyberspace,” William R. Evanina, director of the NCSC, said in a press release.
The report identifies six key sectors that are of the highest interest to foreign attackers, such as biotechnology, alternative energy, and information technology (IT) and communications technology. In the biotechnology industry, biopharmaceuticals, biomaterials, and new vaccines and drugs are greatly sought-after targets.
Meanwhile, in the realm of up-and-coming advanced technologies, artificial intelligence (AI), high-end computer chips, and the internet of things (appliances and devices that can be connected to the internet) are the focus.
The theft of U.S. technology and know-how is one of China’s national strategic development goals, in order to achieve its own advancements in science and technology, military militarization, and economy policy objectives, according to the report. This also was the primary critique by the U.S. administration of China’s unfair trade practices, which have led to the United States’ planned tariffs on Chinese goods.
In particular, the report indicates that China’s 2017 cybersecurity law makes U.S. companies doing business in China extremely vulnerable to intellectual-property theft by Chinese entities. The law requires that all technology companies doing business in China pass the authorities’ national security reviews. In addition, companies’ data must be stored within China, and government approval is required before companies can transfer any data out of the country.
Chinese cyberactivity especially poses a serious threat to U.S. defense contractors and IT and communication firms, according to the report. APT10, a China-associated cyberespionage group, has conducted operations against companies around the world, including the United States.
In June, U.S. cybersecurity firm Symantec warned that sophisticated hacking campaigns carried out from computers in China have burrowed into defense contractors and satellite operations in the United States and throughout Southeast Asia, according to Reuters.
Chinese companies with ties to the military often carry out the attacks. The report cites the case of Wu Yingzhuo, Dong Hao, and Xia Lei, Chinese nationals who were charged by U.S. prosecutors in November 2017 for cyber-crimes, including computer hacking and theft of trade secrets. They were employees of Guangzhou Bo Yu Information Technology Company, a cybersecurity services firm with ties to the Army Unit 61398, according to Reuters. Siemens AG, Trimble, and Moody’s Analytics were among the companies that were hacked between 2011 and May 2017.
In addition, Chinese participants have taken advantage of popular applications such as CCleaner, a program that cleans up unwanted computer files. The report said that the British-built app is now unsafe because of a built-in backdoor that is found to have links to Chinese cyber-criminals.
How China Acquires US Technology
In addition to cyberattacks, the report described 10 different tactics that China uses to collect U.S. technology and realize its strategic goals. Three of these tactics involve first forming partnerships—business joint ventures, research partnerships, and academic collaboration.
The most prominent case in recent years, which involves Duke University, is described in the book “Spy Schools: How the CIA, FBI and Foreign Intelligence Secretly Exploit America’s Universities,” authored by journalist Daniel Gordon. Liu Ruopeng, a Chinese student studying for a doctorate at Duke, brought back to China his professor’s invisibility coat technology and established KuangChi Science, a company valued at $2 billion when it went public on the Hong Kong Stock Exchange in 2017.
Another tactic is the recruitment of overseas talents—both Chinese and foreign—in order to make use of their knowledge of key technologies.
Both the Chinese central government and local governments have their own versions of financial packages aimed at wooing talent to work in China, such as the Thousand Talent Plan established by the central government in 2008, which targets science and tech fields China wishes to further develop, as outlined in national policies such as “Made in China 2025.”
Another chief strategy is through mergers and acquisitions with American firms.
In recent months, the U.S. administration has become more alert about the potential for national security threats and has blocked several Chinese deals. For example, in September last year, the inter-governmental Committee on Foreign Investment in the United States and U.S. President Donald Trump stopped a Chinese state-owned firm from acquiring Lattice Semiconductor Corporation, a maker of semiconductor chips based in Oregon.