How much do you think Chinese state-sponsored cyber spies steal from the US each year? No, you’re way off. It’s in the region of $5 trillion – 30% of GDP – according to one expert interviewed in a new exposé of Beijing-backed cyber attacks by the Epoch Times.
I covered this one for Infosecurity and IDG Connect because although most of the info for the article came from publicly available sources, it had some interesting insight from various industry experts and tied together the whole shadowy web of guanxi-tinged goings-on in the Middle Kingdom very well.
Particularly illuminating were claims that there are hundreds of state-backed “tech transfer centres” whose mission is to earmark IP they want, send scientists abroad to study in relevant industries and then reverse engineer products from stolen IP. It’s China investing in state-sanctioned theft because it’s quicker, easier and way cheaper than doing R&D the legal way. It’s happening on an industrial scale, to feed the country’s military aspirations and economic growth – many of the products are produced cheaply and sold back to the West at a fraction of the cost of the originals.
It’s thoroughly depressing but fascinating stuff and will make for frustrating reading if you’re a US tech CEO. If you haven’t been breached yet, you will be – or maybe you just haven’t found out about it yet.
China can do this, of course, because there’s a very fine line between government, academia, military, state-owned enterprise and even private business. All organisations must have a CCP committee which some believe sits even higher than the board. And all are expected to pull together for the betterment of Team China. But while the report calls out state-owned enterprises, there is in fact little in the way of evidence that private businesses have capitalised on stolen IP to accelerate R&D and produce cheap kit with which to flood Western markets.
Report author Josh Philipp told me that evidence was hard to find – even the US indictment of five PLA hackers last year referenced only SoEs. IP theft does happen, however, especially by contract manufacturers making products for US firms, although this is slightly different from the cyber espionage/tech transfer cycle mentioned in the report.
“Any private company involved would likely be running a small-scale counterfeit operation, which would be hard to pin down,” Philipp told me.
What is clear is that despite recent exhortations from the top to create an “innovation driven” country – an admission in itself that hitherto China’s economic growth and military might has been built on theft – the Chinese communist regime is unlikely to change things around anytime soon.
Western firms must get better at deflecting these attacks – and in so doing force up the size of investment needed by Beijing into cyber espionage activity, so that attack campaigns are just not worth the return in many cases. If they don’t, we can expect the same old breach headlines to continue ad infinitum.