The US government must urgently address growing threats posed by “nefarious actors” in China, who are infiltrating American intelligence and infrastructure, a congressional body has warned.
China’s ‘nefarious actors’ are stealing US tech, says report
A report by the US-China Economic and Security Review Commission alleges that Chinese-linked entities have targeted the IT networks of private sector companies and government contractors, in order to obtain access to sensitive government information and networks.
The commission monitors national security and trade issues between the US and China.
“China has expanded its efforts to obtain economic advantage by pursuing knowledge of key technologies through corporate acquisitions and by using the economic power of Chinese companies as tools of the state,” the report said.
The findings come as the US and China teeter on the brink of a trade war. It warned that as technology evolves, the attacks will only become easier.
Made in China
The report highlighted the extent to which components made in China are part of the US government’s IT networks.
For example, seven of the largest commercial manufacturers that supply the US federal government source more than half of their imports from China. At 73%, Microsoft’s dependence on China-origin components is the highest among the seven.
The report recommends a more centralized system of supervision for the government’s supply chain risk management, possibly with a role for the Departments of Homeland Security and Defense.
Federal authorities budgeted almost $90 billion for IT spending in 2017. At 8% of all IT spending in the country, that makes it the largest single market for the industry in the US.
The report called out, among others, Chinese telecoms giant ZTE for potential state-sponsored corporate espionage.
Earlier this week, the US Department of Commerce activated a ban on sales by American companies to ZTE, to punish the Chinese telecommunications equipment maker after it allegedly made false statements in an investigation into sales of “hundreds of millions of dollars” of tech to Iran.
And the US is not the only country to have identified cyber threats from China.
A 2017 report by PwC and the UK’s BAE Systems detailed the evolution of a China-based cyber-espionage campaign known by several names including “APT10” and “Stone Panda.”
“Espionage attacks associated with China-based threat actors have traditionally targeted organisations that are of strategic value to Chinese businesses and where intellectual property obtained from such attacks could facilitate domestic growth or advancement,” said the PwC report.
The US commission’s report also addressed threats to US economic competitiveness caused by technology transfers from subsidiaries of US companies like Intel and Apple.
Regulations that require US tech companies operating in China to give up source code and store data in government-owned cloud computing infrastructure are part of Beijing’s efforts to build “national champions” in the tech industry.
“Government support can take many forms, but it often includes preferential financing rates, preference in government contract bidding, and sometimes oligarchy or monopoly status in protected industries,” the report said.
The report is hardly likely to soothe grown tensions between the two countries.