During CyberSecurity Connect in Monte Carlo SC Media UK sought to comply with the exhortation to make 10 'new friends', to provide a variety of perspectives and insights on the issues facing the industry or their organisation.
In the second such interview, SC spoke to John Kenkart, chief strategy officer/managing partner, Cyber Team Six, LLC and until recently chief, FBI intelligence operations section counter intelligence, who provided insight on the state threat from China.
Kenkart drew particular attention to how the Chinese state is using commercial proxies for IP theft and other criminal activities. He explained, "There are a lot of (Chinese-owned) companies that provide a viable product at a fair or even subsidised price," but that does not mean they are not also engaged in IP theft or even espionage.
In response to US manufacturing trade association criticism of Chinese influence on US trade policy, Reuters reported China’s Ministry of Foriegn Affairs categorically stating, "China opposes all forms of hacking." However it would appear no-one involved in cyber-security in the west believes that statement.
Kenkart adds that it is contradicted by its own output: "As a communist state, China loves five-year plans. Its 13th - with its ‘made in China 2020 to 2025’ strategy defines the areas in which it wants world dominance, therefore if you are in those industries identified, working with say new energy vehicles, quantum mechanics, airospace, robotics, power equipment, biotech - pharma - especially geriatic drugs; agricultural machinery..(among others) then China is targeting your IP."
In Kenkart’s opinion, based on his experience, you are vulnerable to Chinese state hacking if you are engaged in cutting edge research, if you operate in China, if you partner with or manufacture or are dependent upon a Chinese supply-chain. He notes how Huawet wanted to move IP out of the US to sanctioned countries such as Sudan, and how China uses front companies to avoid US sanctions.
He also notes how there are official documents showing a concerted effort by a Chinese multinational, with a system to evade the laws of another country. "Is this a company you want to do business with?" he asks, adding that it is the strategy and design of some countries to evade other countries’ laws, to conduct illegal activities.
Kenkart also noted how it has been alleged that Huawei designed internal systems to evade sanctions to sell to Iran.
He asks, "Why else would companies take decisions that do not make sense on a balance sheet?" and in response to his question, suggests such moves underpin pre-positioning to be world dominant, so they are not normal business decisions, but fit into government policy. If other vendors don’t understand the decision making, he suggests that there is likely something off the balance sheet, adding that if you view the actions as part of the intent of the government of China, then the actions may add value to the nation state.
An insider can even be part of the HR supply chain, or the actual supply chain, where the adversary finds commercial proxies to conduct IP theft and pre-position itself to impact its adversary in the event of war. Its clearly not far-fetched considering the US did exactly this for the Stuxnet attack. "Its another vector you have to consider," says Kenkart, "How do we manage HR hiring and vetting, as it becomes (part of) your product.
As to what you should do you do about it, it’s suggested that you take action one for two steps down from exfiltration. This includes more thorough due diligence on SMEs, knowing and understanding the true risk, establishing and understanding business controls in the light of where a higher level of threat control is needed; check arrangements; change your mindset, assume violations are going to occur regardless of what is the product is.
"I’m not saying you can’t do business in China. But go in with your eyes wide open," concludes Kenkart.