China’s Hacking Continues, Targeting Universities, Military Contractors
In early November, we wrote about the rise of state actors in cybercrime. pointing out the particular interests and strategies of Iran, Russia, North Korea, and China in their attacks on U.S. targets. A few days ago, The Wall Street Journal reported on a new cybersecurity assessment of the U.S. Navy which revealed what military and private analysts believe to be extensive attempts by China to penetrate the networks of Navy contractors and subcontractors.
Back in November, we wrote:
“The level of [cybersecurity] threats is rising, since [nation-state] attackers have far deeper pockets, expertise, and better training than the private-sector criminals motivated purely by economics… more and more attacks are so-called ‘advanced persistent threats,’ in which the attackers’ aim is to remain undetected within a network for an extended period of time, sometimes years, in order to conduct political or industrial espionage. Analysts believe that four states are now responsible for the lion’s share of these APT attacks: North Korea, Iran, China, and Russia. Fully half of attacks originate with the last two…
“China is focused closely on industrial espionage, although that focus has branched out into educational institutions. This is a strategy known as ‘island hopping.’ … Given the highly and chaotically networked character of political, commercial, and educational entities, attackers focus on weak links. Educational institutions such as universities are relatively soft targets, with less stringent security than government or industry. However, once inside a university, attackers can use the university network’s connections to ‘island hop’ to more well-defended networks — and the deepening collaboration between research universities and industrial firms can offer many opportunities.”
Analysts say that the U.S. Navy and Air Force present particularly attractive targets for hackers who are looking for data about advanced and innovative military technology. However, as noted above, Chinese hackers apparently prefer targets softer than the U.S. military — so they target contractors, subcontractors, and educational institutions engaged in research related to advanced military projects.
Former Homeland Security advisor Tim Bossert noted:
“It’s extremely hard for the Defense Department to secure its own systems. It’s a matter of trust and hope to secure the systems of their contractors and subcontractors.”
Analysts note that contractors, subcontractors, and universities often lack the resources to secure themselves — and that the military often does not do enough to maintain security standards and hold these subordinates responsible for meeting those standards. We suspect that “trust and hope” will increasingly be replaced by more stringent, expensive, and verifiable security standards — which will drive sales for leading U.S. cybersecurity firms.
China is motivated, they say, not simply by the desire to acquire technology and actionable data about U.S. military operations, but also by the desire to send a message that beyond the conventional battlefield, China is capable of mounting asymmetrical attacks that could damage U.S. assets or interests. A variety of publicly known and classified clues lead U.S. investigators to assign responsibility for these intrusions to Chinese government-sponsored teams.
In 2015, former U.S. President Barack Obama and Chinese President Xi Jinping signed a pact to refrain from cyber-espionage activities. The Chinese hacker entity implicated in several recent breaches, “Temp.Periscope,” reduced its activity around that time — only to reappear in the middle of 2017. Several U.S. officials have confirmed that China is no longer abiding by the 2015 pact.
We’ve often noted that President Trump’s determination to hold China to account, and to redress economic wrongs, is a longstanding priority, dating back to opinions he expressed publicly in the 1980s. While some aspects of the President’s agenda are more malleable and subject to negotiation or revision, we do believe that he is determined to succeed where other U.S. leaders have failed to bring China to heel. His concern about Chinese cybercrime is likely an area that he views as a critical part of his future Presidential legacy.
Investment implications: We believe major private U.S. cybersecurity firms will ultimately be beneficiaries of the current administration’s emphasis on responding to Chinese cybercriminals and hackers. As the U.S. government tightens security standards for their vendors and for the universities who conduct research for them, those vendors will resort to the products and services of major U.S. cybersecurity firms in order to comply. As the U.S. market continues in a corrective phase, investors should keep cybersecurity leaders on their buy lists as their elevated valuations drop towards more attractive levels.