Ahhh, the Chinese. We've been unable to enjoy a week's news cycle during past months without getting a [usually non-]update about our relationship with China. We two political, military, and commercial powerhouses are at odds in many ways. The Chinese are very much distinct from us in at least those many different ways. The mere notion of a government's control over the number of children families may have is foreign, to say the least. Incidentally, for 35 years or so, since the 1980s, Chinese families were prohibited from having more than one child without penalty (some penalties much more lasting than money fines, for instance). Now, after big changes in President's Jinping's administration, they're allowed two.
China's culture and beliefs differ from ours in other ways as well. None as personal as family design, but meaningfully in other ways that affect the world (for how its population control paradigm rippled across the globe see John Oliver's take for a balance of horror and humor). One thing, as a cybersecurity expert and attorney, that quickly comes to mind is its unabashed procurement of our inventions. The rash of intellectual property thievery is impressive. Apple, IBM, General Electric, and numerous other S&P 500 companies have been victimized here. Counterfeit Legos, Mercedes, and Louis Vuittons pervade international commercial norms. A CNBC report from March summarized that one of every five North American-based companies have been victimized by the Chinese purveyors of ideas, patents, trademarks, and other intellectual property. Sadly, whenever you buy a bona fide version of any such product or service, the inventor--i.e., the company--first must bake into its price some recompense from the illegal actions committed nearly as far away from us as is possible.
China was also not immune from our cries of "Foul!" during and after the 2016 election, when it, Israel, North Korea, and, let's see … who else? Oh yeah, Russia, all were on the offensive trying to upend the election process. Whether it's stealing trade secrets or votes, China's technological sophistication doesn't stop at the point of creating good for the world. Not that Silicon Valley's full of altruistic do-gooders. It's just that China's misdeeds are at an entirely crazy level.
The other thing that vastly sets China apart from our homegrown bad guys, such as hackers, data thieves, and attackers is that, for the most part, our black hats are worn by individuals, or organized groups of individuals. China? Sure, the keyboard pluckers are individuals, but the government of China is wielding the power behind them. The Chinese government has been and will continue to be on our radar as a leading force of internet crime, fraud, and abuse. It's particularly effective in its attacks of so-called managed service providers. That phrase, managed service providers, is basically the group of companies that other firms outsource limited services to. Think of the ever-present Amazon Web Services. Amazon's AWS branch provides cloud-computing services to countless government agencies and private companies. When China wants to get at the IP of two, 10 or 3,000 American organizations, it needn't go farther than exploiting but one AWS vulnerability, in theory. Thankfully, in practice, AWS is one of the most secured managed service providers, but you can see the efficiency in mastering how to break into AWS rather than trying to circumvent the security systems of dozens of its clients.
The Department of Homeland Security is onto China and its managed services provider tactics. For 13 years, for example, China's Ministry of State Security has, beknownst to DHS, provided support and resources to a group known as APT10, the "APT" standing for the cybersecurity phrase, "advanced persistent threat." The APT10 is high on DHS's list of culprits, and a couple actors from the group have been prosecuted. It's stolen security and commercial information from NASA, the Department of Energy, the Navy, and dozens of industry firms in aviation, pharmaceuticals, technologies, and manufacturing among other sectors. Last year, DHS took note of the shift in APT10's activities and processes. They're getting even stronger and more organized.
Much like the aftermath of the 9/11 tragedies, one component of DHS's fight against these elusive state-sponsored criminals is to empower us, Joe Average Americans. They've created educational materials and videos trying to inform private companies about recognizing the Chinese attacks and plots. Regrettably, it's the standard cops-and-robbers scenario: The good guys are always chasing the bad guys. In other words, after a new Five Year Plan was discovered within APT10 intelligence, they're on the path to continue growing the chasm between the two warring forces, the robbers from China and the cops in America. The jury's still out about whether the somewhat familiar "See Something? Say Something." model behind the public empowerment is effective.
One thing is for sure. We need partnership and collegiality with China. We're both too big of global forces to be over weighted with animus. There will always be that, and more of it when we're leaning more nationalistically. But, there must be balance among us. I don't think that we want to take the wait-and-see approach to let China fix its own devious nature as to cyberthreats and cybercrime. And, we simply cannot, amongst our democratic and rule-of-law selves, try to match their acts. We could. We're certainly smart enough. And, I've explained in the past the truth that we, too, meddle in elections. Again, it's balance though.
The DHS, and the remainder of the intelligence community, has its work cut out. These are years-long, complex issues to solve. They require diplomacy and actions, balanced yet again and still. If there's one nation that has the gumption and wherewithal to compete with the goals of the Chinese, dishonorable or forthright, it's us.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at email@example.com.