Scepticism abounds about the efficacy of the United States-China Cyber Accord announced late September following a summit meeting between Chinese President Xi Jinping and US President Barack Obama. The accord, which amounts to little more than a pledge to curb state-sponsored cyber espionage towards each other, has no formal text and was not signed by the two leaders.
The accord does bring cyber espionage and digital security issues onto centre-stage, and not just for the world’s two largest economies. State-sanctioned commercial spying and hacking represent the new digital weaponry of the post-industrial era.
The reality is most countries’ governments and businesses — including Australia — are both victims and perpetrators of increasingly sophisticated, covert cyber activities. The nature of those activities range from espionage and surveillance (in which Western and non-Western governments engage) to wide-scale, state-sponsored and systematic theft of intellectual property — trade secrets, blueprints and personnel files.
While defining acceptable rules of engagement in the covert cyber realm is fraught with difficulty, it is becoming increasingly necessary.
Obama said during a joint press conference with Xi Jinping:
“We’ve agreed that neither the US nor the Chinese government will conduct or knowingly support cyber theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
The US has been increasingly public about the increasing frequency and sophistication of cyber attacks. The theft of 22 million security dossiers and 5.6 million fingerprints from the US government’s Office of Personnel Management, the agency that holds federal employees personnel records, was one recent and high-profile breach American officials attribute to the Chinese.
China denies the accusations of state-sponsored intellectual property theft, but Xi has publicly stressed that cyber power should be a national priority for China if the country is to reach its economic, societal and military potential.
It was surprising, then, that Australia’s tech-savvy Prime Minister Malcolm Turnbull stayed firmly in the physical realm when he was asked about the rise of China and national security concerns in his first in-depth interview on the ABC’s 7.30 recently:
“The pushing the envelope in the South China Sea has had the consequence of exactly the reverse consequence of what China would seek to achieve. You would think that what China would seek to achieve is to create a sufficient feeling of trust and confidence among its neighbours that they no longer felt the need to have the US fleet and a strong US presence in the Western Pacific.”
Phil Vasic, regional director for Australia and New Zealand at FireEye, a global cyber security firm, says “trust in cyberspace is difficult to accept on face value. In the digital era, military fleets include armies of cyber warriors, often state-sanctioned.”
Vasic adds that while the chief information officers of large Western corporations have long voiced their worries about the increasing role of cyber espionage and intellectual property theft, Australian business and government leaders have been slower to elevate public awareness of the extent of the cyber threat to Australian business and national security.
“The R&D, the trade secrets and the technological know-how that underpins a company’s — or a country’s — prosperity and competitiveness are high-value targets,” he said. “As long as Chinese companies are reliant on getting that intelligence from other places instead of indigenously growing their own, it will be very difficult to see a change in the cyber activity that we’ve been seeing for years.”
China’s highly organised threat
FireEye’s research has been a catalyst for the increased awareness and rising concern of the cyber threat in the US and elsewhere. Two years ago, a FireEye-owned security firm, Mandiant, published the first of several controversial reports identifying years of highly organised, economic cyber-espionage from China.
Through forensic investigation, the reports identified an elite group of the People’s Liberation Army code-named Unit 61398. According to the report, the cyber unit, known as APT 1 (for Advanced Persistent Threat) consists of thousands of people targeting hundreds of companies in more than 20 different industry verticals from energy, finance and telecommunications and defence.
The company presented detailed evidence about net addresses, net domains, attack techniques, tools and character sets used in the attacks spanning a decade.“If we all signed a global co-operation treaty for rules of engagement in cyberspace today … we would all be cheating before the ink dried.”
Australian business and government leaders have not yet called out a specific element of Chinese intelligence agencies for conducting these kinds of obsequious cyber activities. FireEye’s Vasic won’t discuss specific breaches for its domestic and government clients.
But the Chinese government is suspected of orchestrating an attack (in 2011) on the Australian parliamentary computer network, allowing unauthorised access to thousands of MPs emails and compromising the computers of several senior Australian politicians including then-prime minister Julia Gillard, foreign minister Kevin Rudd and minister for Defence Stephen Smith.
Chinese cyber-spies also stole key design information about Australia’s new Joint Strike Fighter, according to top secret documents leaked by former US intelligence contractor Edward Snowden. Several attacks have also been cited on Australia’s mining, media and legal firms.
In May, the recently established Australian Computer Security Centre set up under ex-PM Tony Abbott revealed the country’s online security was under “unrelenting” attack and urged government and business leaders to prepare for more attacks from myriad sources including criminals, foreign governments and terrorists.
The ACSC report claimed a 20% increase in the number of unlawful cyber intrusions to 1131 in 2014, with energy providers, banking systems and the communications sector the biggest targets. The report warns of growing activity by “foreign state adversaries”. It does not identify any countries specifically as perpetrators, although outside experts name China and Russia as the source of the most insidious online threats.
Cyber espionage and warfare is a reality of our post-industrial times. But there is some hope, however small, that the diplomatic talks between the US and China might force positive change and at least “normalise” the rules of engagement in cyberspace. In the weeks leading up to Xi Jinping’s US visit, FireEye threat specialists saw a decline in attacks emanating from China.
That may represent a fleeting reprieve. But the best defence is vigilance, says FireEye. At a May conference on internet governance and cyber security in Washington DC, Kevin Mandia, FireEye’s chief operating officer who has tracked cyber criminals for 20 years said:
“If we all signed a global co-operation treaty for rules of engagement in cyberspace today and every sovereign nation signed it, we would all be cheating before the ink dried.
“Nothing is going to change that way. But I do think you are going to see largely East versus West alignment there. It will ebb and flow and it will go largely unabated until there are risks and repercussions to the threat actors. The dialogue with China may change the rules of the game. We will see.”