10 Reports on Chinese cyber practices

China Tech Threat recommends the following reports from experts, think tanks, and government agencies that carefully outline the scope and threat from Chinese cyberattacks and cyber theft.

The New Cyber Insecurity: Geopolitical and Supply Chain Risks From the Huawei Monoculture, Recorded Future, June 2019

  • “Huawei does not just exist within an authoritarian state with a one-party system; as a company, it has benefitted from that system, supported that repressive rule, and is intertwined with the success of that government’s policies.”

How Chinese Companies Facilitate Technology Transfer from the United States, U.S.-China Economic and Security Review Commission, May 6, 2019

  • The Chinese government has utilized coordinated, government-backed cyber espionage campaigns to steal information from a variety of U.S.-based commercial firms, including those in the oil and energy, steel, and aviation industries.”

The Story Behind the Huawei Story – it’s not a Politically-Orchestrated Car Accident in Slow Motion. Strand Consult, December 19, 2018

  • “The media’s coverage of the Huawei story looks like a politically-orchestrated car accident in slow motion. The media bills the story as a front in a US-China trade war, but this is wrong. Other than a few mobile phones on Amazon, Huawei sells little in the United States. The fear that Chinese information technology can be abusedis not new; it dates to 2005, and many reports have been published about it.”
  • “Security threats are not isolated to network equipment. The political system needs to consider the users, devices and services, as well the market composition of incumbents, challengers, and backhaul providers. Security requires political attention in a world in which operators use network sharing and where they outsource parts of there business to technology and managed services companies.”

A New Old Threat: Countering the Return of Chinese Industrial Cyber Espionage, Adam Segal, Council on Foreign Relations, December 6, 2018

  • “For years, Chinese hackers carried out a massive campaign of cyber-enabled theft of intellectual property and trade secrets against U.S. companies.”
  • “[T]he United States should apply to Chinese cyber espionage the broad and coordinated model of attribution and sanctions it has developed with its intelligence partners and other allies in response to Russian cyber operations.”

Update Concerning China’s Acts, Policies and Practices Related to Technology Transfer, Intellectual Property, And Innovation, United States Trade Representative, November 2018

  • “China shows no sign of ceasing its policy and practice of conducting and supporting cyberenabled theft and intrusions into the commercial networks of U.S. companies. This illicit conduct provides the Chinese government with unauthorized access to intellectual property, trade secrets, confidential business information, technical data, negotiating positions, and sensitive and proprietary internal business communications.”

Understanding the Chinese Communist Party’s Approach to Cyber-Enabled Economic Warfare, Foundation for the Defense of Democracies, September 2018

  • “For years, the Chinese government has engaged in cyber-enabled economic espionage and other covert and clandestine activities to strengthen China’s economic competitiveness and strategic position. China is estimated to be responsible for 50 to 80 percent of cross-border intellectual property theft worldwide, and over 90 percent of cyber-enabled economic espionage in the United States.”

Foreign Economic Espionage in Cyberspace, National Counterintelligence and Security Center, Office of the Director of National Intelligence, July 24, 2018

  • “Most Chinese cyber operations against U.S. private industry that have been detected are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide.”

How China’s Economic Aggression Threatens the Technologies and Intellectual Property of the United States and the World, White House Office of Trade and Manufacturing Policy, June 2018

  • “In a 2012 study of cyber intrusions, Verizon, in cooperation with 19 contributing private organizations and government agencies, analyzed over 47,000 security incidents that resulted in 621 confirmed data disclosures and at least 44 million compromised records. Of the data disclosures that focused on economic espionage (as opposed to financially motivated incidents), 96% of the cases were attributable to “threat actors in China.”
  • China uses security reviews to force foreign enterprises to disclose proprietary information. At risk are source codes, encryption algorithms, and other sensitive IP. Chinese use of security reviews dates back to older laws like China’s 1999 ‘Commercial Encryption Regulation’ which classified encryption as a state secret. In recent years, China has increased its use of security reviews to target emerging high-technology industries.”

The Cost of Malicious Cyber Activity to the U.S. Economy, White House Council of Economic Advisors, February 2018

  • “We estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.”

The Theft of American Intellectual Property: Reassessments of the Challenge and United States Policy, IP Commission, February 2017

  • “We estimate that the annual cost to the U.S. economy continues to exceed $225 billion in counterfeit goods, pirated software, and theft of trade secrets and could be as high as $600 billion.”