Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

U.S. Intelligence Agencies Warn About the Cyber Threats Posed by the Chinese Government

/
/
Security

According to the United States Federal Bureau of Investigation (FBI), confronting the threat of counterintelligence and economic espionage from the Chinese government, officially known as People’s Republic of China (PRC), is FBI’s top counterintelligence priority. FBI Directory Chrisopher Wray has been talking about this threat to American economic security, and by extension, to our national security from the Chinese government for many years.

FBI has gone out of its way to ensure that Americans understand that the economic espionage and long-term threat to our information and intellectual property from China is not from the Chinese people, it’s from the Chinese government. In his speech at Hudson Institute on July 7, 2020, FBI Directory Wray said, “This is not about the Chinese people, and it’s certainly not about Chinese Americans. Every year, the United States welcomes more than 100,000 Chinese students and researchers into this country. For generations, people have journeyed from China to the United States to secure the blessings of liberty for themselves and their families—and our society is better for their contributions. So, when I speak of the threat from China, I mean the government of China and the Chinese Communist Party.”

The Chinese People are Not Our Adversary

The FBI Director and other agency officials have made it very clear that when they talk about the threat to our national security from China, it has nothing to do with the Chinese people, people of Chinese descent or heritage, and Chinese Americans. They’re specifically referring to the Chinese government and the Chinese Communist Party (CCP).

The Impact on the U.S. Economy

In the past, FBI shared these concerns with the other U.S. intelligence agencies, military, government officials, state and local law enforcement agencies, etc. Now the threat from PRC is so grave that FBI is encouraging all of the private sector to play a much bigger part and work with the FBI to counter the threat. While there are many ways PRC achieves its goal of stealing the American intellectual property and data, cybersecurity attacks and cybercrimes are a major part of PRC’s strategy.

“If you are an American adult, it is more likely than not that China has stolen your personal data.” (FBI Director Christopher Wray, July 7, 2020)

When you look at the numbers, it’s easy to understand the enormity of theft and the magnitude of impact on the U.S. economy and businesses. In 2020, Newsweek reported that, “‘The theft of intellectual property by the People’s Republic of China costs America as much as $500 billion a year,’ William Evanina, Director of the National Counterintelligence and Security Center, told Newsweek. ‘That’s like taking $4,000 to $6,000 annually from every family of four in America.'”

In 2019, CNBC reported that, “One in five North American-based corporations on the CNBC Global CFO Council says Chinese companies have stolen their intellectual property within the last year. In all, 7 of the 23 companies surveyed say that Chinese firms have stolen from them over the past decade.”

“The theft of intellectual property by the People’s Republic of China costs America as much as $500 billion a year”, Newsweek reported. “That’s like taking $4,000 to $6,000 annually from every family of four in America.” (Newsweek, September 16, 2020)

PRC’s Plan for Global Market Domination

The U.S. intelligence agencies believe that using cyberattacks and other techniques to steal American intellectual property are all part of PRC’s plan for global market domination. The FBI claims that, “The Chinese government is seeking to become the world’s greatest superpower through predatory lending and business practices, systematic theft of intellectual property, and brazen cyber intrusions.” Although this is old news for most North American businesses by now, especially those of us in the cybersecurity business, PRC is getting so aggressive in its efforts that the FBI has decided to release a film called Made in Beijing: The Plan for Global Market Domination. The purpose of the film is to help the private sector understand the urgency of protecting its intellectual property against the ongoing attacks and industrial espionage by the PRC. The 30-minute film was produced by the FBI’s Counterintelligence Division. You can watch the film on FBI’s website.

Made in Beijing: The Plan for Global Market Domination

Department of Homeland Security (DHS)

The FBI is not the only intelligence agency in the U.S. that’s concerned about the threats posed by the PRC. All other U.S. intelligence agencies are on the same page and share the same concerns. Last year, the U.S. Department of Homeland Security (DHS) published a 28-page study about the threats posed by the PRC titled DHS Strategic Action Plan to Counter the Threat Posed by the People’s Republic of China. The DHS action plan focuses on the following four areas.

  1. Border Security and Immigration
  2. Trade and Economic Security
  3. Cybersecurity and Critical Infrastructure
  4. Maritime Security

In this article, I’ll only address the area in which I work: Cybersecurity and Critical Infrastructure. You can read about the other areas in the aforementioned DHS study. In the United States, Cybersecurity and Critical Infrastructure falls under the auspices of Cybersecurity and Infrastructure Security Agency (CISA).

USA and People's Republic of China

Cybersecurity and Infrastructure Security Agency (CISA)

CISA is a division of DHS. It’s responsible for leading the national effort to reduce risk to the cyber and physical infrastructure in the United States. Its goal is to provide, “A secure and resilient critical infrastructure for the American people.” CISA is a relatively new organization (established in 2018) and is run by its Director Jen Easterly. Ms. Easterly was appointed to her post in April 2021 by President Biden. She is only the second CISA Director.

CISA is the U.S. cyber defense agency. Organizations of all sizes should know what CISA is, what it has to offer, how they can utilize the free resources available to them, which department is designated as their Sector Risk Management Agency, and why they should really stay connected with CISA. The CISA website is like a gold mine of cybersecurity resources. It offers a plethora of services to the nation. In fact, it offers so many services that it has a full catalog of services called CISA Services Catalog. The catalog is available for download as a PDF. CISA services are not just for the organizations that are part of the U.S. critical infrastructure, they are available to Federal Government; State, Local, Tribal and Territorial Government; Private Industry; Academia; and NGO and Non-Profit stakeholders. The CISA Fact Sheet is a good summary of what CISA has to offer.

CISA is for every U.S. organization, regardless of its size. Whether you want information on Active Shooter Preparedness, Risk Assessments, Chemical Security, or School Safety & Security; you’ll find excellent resources at CISA.gov. Because I work in the cybersecurity field and am involved with organizations such as FBI’s InfraGard, I would really like to see more organizations across the United States get involved with CISA to protect their business assets, which in turn will protect the U.S. critical infrastructure. CISA is the hub for cybersecurity information in the U.S.

The days when only IT was responsible for cybersecurity are over. Now cybersecurity is everyone’s business.

At the time I wrote this article, the following four countries were listed by CISA as the Nation State Cyber Threat. Each of the individual links for the country will take you to the threat overview and advisories for that country and the latest report on its malicious cyberactivity. Because the current threat from these nations is high, all cybersecurity professionals will benefit from the information provided by CISA, especially those in leadership roles, such as Chief Information Security Officer (CISO), Vice President of Information Security, Director of Information Security, Directory of Cybersecurity & Privacy, etc.

Nation State Cyber Threats

If you want to protect your organization from cyber threats posed by People’s Republic of China, Russia, and other nations, visit CISA.gov.

According to CISA, “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. ” Here’s a list of the 16 infrastructure sectors and their descriptions.

U.S. Critical Infrastructure Sectors

For organizations that belong to sectors that are considered Critical Infrastructure, CISA offers free Critical Infrastructure Vulnerability Assessments. CISA also offers training. For example, CISA will train you on topics related to critical infrastructure security at no charge. The training is provided through various means, such as virtual instructor-led training, in-person training, independent study courses, etc. Most of the free services are offered to the critical infrastructure organizations. Did you know you can even request a CISA speaker to speak at your event?

Organizations can report anomalous (unexpected, abnormal) cyber activity 24/7 to CISA via email (report@cisa.gov), or by calling 888-282-0870.

CISA Resources

Article Updated: December 1, 2023

Thanks for reading my article. If you are interested in me speaking at your event, please reach out to me. Visit ZubairAlexander.com for information on my professional background.

Copyright © 2022 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar