South China Sea: another cyber skirmish to worry aboutPosted: May 29, 2014 Filed under: Uncategorized | Tags: china, china cyber espionage, cold war, cybersquard, hacking, information security magazine, philippines, PLA, South china sea, threatconnect, vietnam, washington 1 Comment
I seem to have chosen the wrong time to come back from Hong Kong. Just a fortnight after landing back in Blighty, the US raised the stakes between the two superpowers, and mortally offended China’s honour, by indicting five PLA soldiers on charges of hacking US firms for economic gain.
I’ve written enough about it here and here already, so I won’t go into the pros and cons of this high risk strategy again. Safe to say that Beijing already appears to be retaliating in the most effective way possible; by making things decidedly difficult for US tech firms in the Middle Kingdom. Already reports have emerged that Cisco and IBM could be in trouble.
Is a new Cold War about to begin?
Well, if it does, one company it might be worth keeping an eye on is threat intelligence firm Cyber Squared. The firm’s ThreatConnect Intelligence Research Team has an interesting and very thorough analysis of new APT-style cyber attack campaigns in the disputed South China Sea (SCS) region, as I wrote about here.
“What’s that got to do with us?” you might ask. Well, potentially quite a lot, according to Cyber Squared chief intelligence officer, Rich Barger.
“There is a risk of increased data loss for Western firms that routinely work with Vietnamese, Filipino, and other SCS region companies,” he told me. “Unit 61398/APT1 operates on the whim of the PRC, and cyber espionage has been adopted as the preeminent ‘low risk – high payoff’ medium for strategic intelligence collection.
“We typically see companies that are infrastructure related being targeted. Industries such as energy, oil & gas, mining, and transportation may find themselves directly or indirectly impacted.”
The message is loud and clear; if you have any military, economic or geopolitical stake in the SCS region, be aware that Chinese cyber operatives are increasing their activity.
“China has had a long standing national and regional interest within the South China Seas region,” explained Barger.
“It offers them a strategic economic advantage in terms of regional and global energy development and trade. From a military perspective, a strong Chinese presence within the SCS also counters the US pivot to South East Asia where China’s military modernisation, especially its navy, and regional assertiveness have come to an intersection.”
Barger argued that the various disparate groups at risk in the SCS need to start sharing information on attacks and “observing both the technical picture and the geo-political context”.
“It is important for those within these targeted industries to actively invest in threat intelligence processes as a standard business practice that supports internal information security operations,” he concluded.
“It is equally important that technical leaders effectively interpret and articulate regional threats and the context surrounding them to corporate business leaders.”