Economic Espionage by China Continues in Every Sector in the United States
Economic espionage efforts by China continue to pose a serious threat to the United States in both public and private sectors. In the public sector hacking groups backed by the People’s Republic of China have infiltrated local and federal agencies. These persistent attacks seem to be focused on gathering information. According to an article by CNN, these agencies have included the Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Agency (CISA).
In the private sector Cyberreason has reported that China is conducting a global cyber espionage program to steal trade secrets, intellectual property, and sensitive information from companies in North America, Europe, and Asia. Many organizations that have suffered these data breaches, which go back to 2019, are not even aware that their computer networks have been compromised.
These attacks have exploited vulnerabilities in a wide array of tools including the Microsoft Common Log File System (CLFS). They often utilized multi-stage infection chains to remain undetected. Other attacks have involved more standard forms of malicious software including spear-phishing emails.
A Call to Action Against Cyberattacks
While China is not the sole nation to threaten U.S. interests with cyberattacks, its activities have, unlike others, focused on economic espionage and intellectual property theft. Clearly China intends to be the dominant economic global force by any and all means available. U.S. businesses therefore must engage in effective strategies to protect their interests and remain vigilant.
The FBI has warned U.S. executives of partnering with Chinese parties as vendors or customers. Christopher Wray in a speech in February of 2022, pointed out that no nation presents a greater danger to the U.S. than China. He went on to say that they are using hacking tools of increasing sophistication to cause indiscriminate damage. Often these campaigns are conducted with the help of independent cyber criminals.
He mentioned the Microsoft Exchange hack in which over 10,000 American companies were attacked as an example of China’s efforts to steal information to create industrial bases in desired sectors. He also stressed the enormity of China’s efforts exceed those of all of our other adversaries combined.
Mixed Responses from the Federal Government
The federal government’s responses to state sponsored cyber threats have had mixed results. Recently the National Security Division of the Department of Justice announced it was terminating its “China Initiative” to counter an report on threats posed by China. Efforts, in the way of proposed legislation, have been proposed to hold the agency accountable in its efforts to prosecute Chinese nationals involved in efforts to endanger U.S. national and economic security.
Meanwhile, the Department of Defense’s efforts to protect Controlled Unclassified Information (CUI) under the auspices of the Cybersecurity Maturity Model Certification has had an uneven start. Changes in its management and dissatisfaction from companies striving to comply with costly cyber security solutions have led to revisions and delays in a final release of the program.
Indeed, federal officials have shown limited abilities in preventing foreign governments from accessing government computer systems. According to The 2021 Thales Data Threat Report, 47% of federal government respondents stated that they had experienced data breaches in the last calendar year. These incidents included the DoD and CISA.
Assuming Responsibility in the Prevention of Cyberattacks
Organizations in the private sector have begun to realize the enormous threat that cyberattacks pose. Their responses however, have been slow, and the levels of cybersecurity maturity attained thus far are leaving proprietary and sensitive data vulnerable. While numerous advances in IT tools are available in assisting organizations in their fight against cyberattacks, organizations require management tools to evaluate risks, implement plans, and coordinate control mechanisms.
For many small to medium businesses, a severe data breach could spell the end of their enterprises. Their challenges are confounded by the need to share data with suppliers, customers and other third parties.
Clearly, the path forward is not likely to get easier for those involved in the protection of data. It is therefore the duty of all organizations to assume responsibility for their best interests and shape their entities to protect their futures.
CVG Strategy Can Help
Information Security Management Systems
CVG Strategy can assist your organization in implementing and maintaining a viable and dynamic Information Security Management System (ISMS) by achieving ISO 27001 certification. An ISMS is a comprehensive approach to securing data that involves all stakeholders in a risk assessed managerial approach.
It involves processes, facility security, people, and IT systems to engage in best practices. It also involves a constant improvement approach so that threats can be continually assessed and addressed as they evolve. This business system can help your organization remain vigilant against economic espionage and cyberattacks conducted by China and other nation states.
CMMC for Department of Defense Contractors
CVG Strategy is committed to the goals of CMMC in securing our defense manufacturing supply chain’s information secure. As industry leaders in cyber security, ITAR, and risk based management systems. We have experience with companies of all sizes and understand the importance of innovating flexible approaches to meeting the requirements CMMC, establishing effective programs, and achieving certification.
Many organizations find it beneficial to integrate CMMC requirements into an Information Security Management System (ISMS) such as ISO 27001. The basis of ISO 27001 requires ongoing risk assessment and asset management.
It requires information security incident management to anticipate and respond to information security breaches. It requires a regular and systematic internal audit to review that management. ISO 27001 also requires the implementation of training and awareness throughout the organization to create a code of practice.
An ISO Information Security Management System (ISMS) is a comprehensive approach to keep confidential corporate information secure. It encompasses people, processes and IT systems and helps your business coordinate your security efforts consistently and cost effectively.