Six months before Mandiant Corp. released its report on Chinese cyber espionage I had a long conversation with Richard Bejtlich, Mandiant Corp.'s chief security officer, on this very topic. Much has been written in the last week about Mandiant's analysis and report asserting that the People's Liberation Army Unit 61398 has been responsible for electronic break-ins at 140 companies with the intent of stealing intellectual property data.
But Bejtlich's comments offer additional perspective about the reasons behind the attacks, the fact that even some supposedly "friendly" countries are in the IP theft game, and the policy implications for the U.S. government of what he says amounts to a cyber war on U.S. interests.
To Bejtlich, the aggressive theft of U.S. intellectual property from the U.S., allegedly by actors in the Chinese government, is a deliberate attempt to keep the Chinese economy growing rapidly, in order to keep its people happy, in order to keep the party in power. But the government also has a broader agenda, he claims, to regain China's place as the preeminent power in the world.
Mandiant, founded in 2004, makes its money by finding and shutting down intrusions into the computer systems and networks of large businesses and government organizations. Attacks emanating from China are a substantial part of its business.
Much of our original conversation centered around protecting critical infrastructure. But Bejtlich said IP is a far bigger problem, with much broader consequences than worrying about attacks on power plants or financial system computers.
Here are some key takeways from that discussion.
State sponsored theft of intellectual property is a bigger threat to the U.S. than worries about attacks against critical infrastructure.
"There are groups of Congress people who are afraid of a blackout or [critical infrastructure] attack that collapses the financial system. I think that area is exaggerated. The area you can’t possibly exaggerate is state-sponsored espionage. Power and finance problems are more concentrated than the sapping of America’s economic strength by having its intellectual property siphoned off to China."
China is the biggest, but not the only, actor in state-sponsored IP theft.
"The amount of data being stolen from US companies is outrageous. We estimate that 30% to 40% of the Fortune 500 have an active Russian or Chinese intrusion problem right now. The Chinese are #1. The Russians are #2.
The Chinese are looking for intellectual property. The Russians stay more in the realms of traditional espionage, but there’s a criminal element there as well."
The U.S. is at a disadvantage because our government doesn't engage in this type of espionage.
"When I was wearing the uniform and saw foreign governments trying to get into the [government computers] I wasn’t outraged because that’s the way the game is played. But for the last 10 years the Chinese and the Russians have prosecuted this widespread campaign against illegitimate targets. Starting in about 2003 they expanded into the defense industrial base. Then they started targeting financials, and then big pharma and all of these targets that traditionally had nothing to do with espionage.
The US, UK, Canada, Australia and New Zealand work together on intelligence and have a policy of not spying on companies in other nations. That’s not the case with allies such as the French or the Israelis.
We do plenty against legitimate targets, such foreign governments, but you’d never see the U.S. government stealing pharma data to give to a U.S. firm."
Legislation won't help much. But a "realistic" approach to foreign policy just might.
"I don't have as much faith in legislation. It could provide liability protection in exchange for reporting [intrusions]. I’d like to see companies have an annual review of their intrusion posture.
It is a foreign policy issue to some extent. There are two schools of thought. One has dominated and that’s the peaceful rise school, which says the Chinese are not a threat, and the more you talk about it the more you’ll make them a threat.
On the other side you have the realistic school of thought that has taken a look at what has been going on and has seen strategic surprise after surprise.
The Chinese suddenly have a strategic satellite capability. They’re not supposed to have a next-generation stealth fighter and suddenly there are J-20s flown for all the world to see. Their maritime capabilities aren’t that great, and then they surface a sub next to an American aircraft carrier without anyone noticing. The way they work is they stay quiet and once the capabilities are real they tell you about it and make a statement about it.
Prior to the Industrial Revolution the Chinese were the preeminent power in the world. They see the last 200 years as an aberration.
The solution will not be found in technical defense but at the policy level in governments."
Taken together, the activities amount to a cyber war against the U.S.
"I don’t care at all what people in the West say war is. When you’re trying to figure out what’s happening, read the other guy’s dictionary. By their definition they are conducting a cyber war against us right now.
But in the U.S. we’re focused on bullets and bombs.
No, Bejtlich doesn't think he's overstating the problem.
"I get accused of being anti-Chinese. But I’m just basing this on what I see. They are active to a degree we’ve never seen before. They are exceptionally aggressive and unrepentant.
The US has a great history of coming back. Unfortunately with something like cyber it [may be] too late because all of the damage has been done, the data has been stolen and you find yourself at the mercy of the adversary."