In response to alleged Chinese ransomware attacks and intellectual property theft, the Biden administration is reportedly beefing up its cybersecurity policy.
“Today, the United States and our allies and partners are exposing further details of the PRC’s [People’s Republic of China] pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security,” the White House stated in a press release on Monday. The allies include the European Union, the United Kingdom, NATO, Australia, Canada, New Zealand, and Japan.
Why this matters? For the first time, such a powerful coalition of countries has accused China of carrying out malicious cyber activities and has urged Chinese authorities to address the situation. The EU stated that these cyber activities affected its “economy, security, democracy and society at large,” the US called China’s behavior” inconsistent with its stated objective of being seen as a responsible leader in the world”, the UK said that it holds the Chinese state responsible “for pervasive pattern of hacking,” and NATO reiterated its “willingness to maintain a constructive dialogue with China” on this issue.
“My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it. And maybe even accommodating them being able to do it.” – U.S. President Joe Biden, according to Reuters
“The U.S. has repeatedly made groundless attacks and malicious smear against China on cybersecurity. This is just another old trick, with nothing new in it,” a Chinese government spokesperson told Wall Street Journal.
Accusations against China
Hiring criminal contract hackers: The US has accused China of fostering an intelligence enterprise that includes “contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.” The press release points towards documents unsealed in October 2018 and July and September 2020, which revealed that hackers with a history of working for China’s Ministry of State Security (MSS) have engaged in “ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.”
Ransomware attacks against private companies: The US also stated that China’s government-linked cyber operators have conducted ransomware operations against private companies demanding millions of dollars in ransom.
Targeting government institutions and political organisations in the EU: The EU in its press release said that China-based hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 targeted government institutions and political organisations in the EU and member states “for the purpose of intellectual property theft and espionage.” The UK has meanwhile accused the same hacker groups of targeting maritime industries and naval defense contractors in the US and Europe, and the Finnish parliament in 2020.
Role in Microsoft Exchange hack: Earlier in March this year, Microsoft announced that Chinese hackers were trying to exploit vulnerabilities in its Exchange Server, a mail and calendar service used by corporates and organisations. The hack is said to have targetted 30,000 organisations in the US alone and many more worldwide. The US has now said that it can attribute with a “high degree of confidence” that malicious cyber actors affiliated with the Chinese government were behind the attack. “The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide, including in the member states and EU institutions,” the EU stated in its press release. “It is the most significant and widespread cyber intrusion against the UK and allies uncovered to date,” the UK stated in its press release.
Theft of critical public health information: The US also accused China of stealing Ebola virus vaccine research as well as other intellectual property, trade secrets, and confidential business information connected to critical public health information.
How has the US responded?
“We are not allowing any economic circumstance or consideration to prevent us from taking actions where warranted. And also, we reserve the option to take additional actions where warranted as well. This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.” – Jen Psaki, White House Press Secretary in press briefing
Criminal charges against Chinese hackers: Although no sanctions have been imposed on China as was in the case of Russia, the US Department of Justice announced criminal charges against four MSS hackers “addressing activities concerning a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in the least a dozen countries,” the release stated.
Responses to the Microsoft Exchange incident by the US government (according to the press release):
- Conducted cyber operations and proactive network defense actions to prevent compromised systems from being used for ransomware attacks or other malicious purposes.
- Introduced a new model for cyber incident response that includes private companies in the Cyber Unified Coordination Group.
- The National Security Agency, the Cybersecurity and Infrastructure Agency, and the Federal Bureau of Investigation released a cybersecurity advisory that provides additional details on cyber techniques used by China to target the US and its allies.
Steps to modernise federal networks and improve the nation’s cybersecurity:
- Executive order to overhaul cybersecurity: In May this year, the government announced an overhaul to its cybersecurity policy that focuses on improving threat information sharing between government and the private sector, modernisation, enhancing software supply chain security, establishing a Cybersecurity Safety Review Board, standardising response to cybersecurity incidents, improving detection of cybersecurity incidents on government networks, and improving investigative and remediation capabilities
- Funding modernisation efforts: As part of its cybersecurity overhaul, the US government is funding five cybersecurity modernization efforts across the federal government. These efforts cover implementing endpoint security, improving logging practices, moving to a secure cloud environment, improving security operations centers, and deploying multi-factor authentication, the release stated.
Working closely with the private sector: The US government is working closely with the private sector to address cybersecurity vulnerabilities of critical infrastructure. The Industrial Control System Cybersecurity Initiative and the Electricity Subsector Action Plan are initiatives on this front, the release stated.
Directive issued to critical pipeline owners and operators to adhere to cybersecurity standards: The Transportation Security Administration (TSA) issued a directive to owners and operators of critical pipelines that require them to report confirmed and potential cybersecurity incidents to the government and designate a Cybersecurity Coordinator, who is available 24 hours a day, seven days a week. The directive also requires pipeline operators to review their current practices and report the results to the government within 30 days, the release stated. TSA will soon issue another directive to further support the pipeline industry in enhancing its cybersecurity, the release added.
- ‘National Cyber Security Strategy Will Have Framework For Cyber Insurance’: Rajesh Pant
- 52% Of Indian Companies Fell Victim To Cyber Attack Last Year: Sophos