USCC Report on China Misses the Boat on Cyber Espionage

Tuesday, March 13, 2012

Jeffrey Carr


The US China Economic and Security Review Commission report “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations (CNO) and Cyber Espionage” only delivered the goods on the CNO side.

It's severely lacking on the cyber espionage side; especially regarding corporate cyber espionage, which is the main reason that Washington is putting pressure on China.

Part of the problem might be that there's a lot more information available about China's CNO and Electronic Warfare buildup then there is about cyber espionage. While the report authors did a great job surveying China's military writings for this area, is that really news?

Of course China is building up its cyber warfare capabilities. So are 30+ other countries around the world. There's nothing new there.

On the other hand, the report failed to document the cyber espionage risk associated with over 1200 foreign R&D labs operating in China. It barely mentioned the Ministry of State Security except as the former employer of Huawei Chairwoman Sun YaFang.

MSS plays a major role as both a foreign and sometimes domestic intelligence service and deserves a lot more attention in any report purporting to be about Chinese cyber espionage.

The report did a good job exploring part of the Supply Chain problem but only insofar as it had to do with chip development. It didn't cover the more common problem of U.S. companies who out-source their development work to Chinese firms or U.S. companies like Dell who do all of their manufacturing and R&D in China.

This is as much a supply chain issue as the possibility of someone corrupting a microchip or selling counterfeit hardware. It's actually a worse problem because Dell is a large and trusted U.S. corporation which acquired the InfoSec firm SecureWorks last year.

If anyone should write a report on the supply chain problems that come with buying Dell products (for example), it should be a U.S. government commission. Too bad that didn't happen this time around.

Possibly Related Articles:
Information Security
China Government Outsourcing Cyberwar report Espionage USCC Supply Chain Intelligence Huawei
Post Rating I Like this!
Krypt3ia Jeff,
Yeah, have yet to read this report but it sounds like they gloss over some salient bits. Thanks for the summary.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.