SlideShare a Scribd company logo

Countering the Cyber Espionage Threat from China

Murray Security Services
Murray Security Services

Keynote Presentation - 2016 IMPACT Conference - National Security Institute Chantilly, VA

Technology
1 of 24
Download to read offline
IMPACT 2016 - National Security Institute Countering the Cyber Espionage Threat from China Dr. Shawn P. Murray, C|CISO, CISSP, CRISC
China’s Strategy China’s Strategy for Information Warfare • China has demonstrated its intention to become an internationally leading player in the fields of information-and- cyber warfare. Information warfare involves actions taken to achieve information superiority by affecting adversary information, information processes, information systems and computer-based networks, while denying the adversaries’ ability to do the same. • More than 20 years ago, China began to publish its theories, doctrines, policies and strategies concerning both defensive and aggressive use of cyberspace. • A student from the Institute of Systems Engineering of Dalian University of Technology in China published a research paper titled “Cascade-Based Attack Vulnerability on the US Power Grid.” • Several American experts and journalists analyzed the article as a new demonstration of China’s offensive motivations against American infrastructure (and indeed against the security and sovereignty of the USA), and also as proof of China’s involvement in a new arms race in cyberspace. • China’s approach to information warfare and cyber warfare has two main dimensions: military and civilian, both developed through theoretical and practical considerations. http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
First Gulf War Influence on China The Military Dimension – from The Journal of Energy Security The dazzling success of the US in the first Gulf War was interpreted by several armies in the world as the victory of new technologies. According to this model • Information and information technologies’ dominance provided total control over the battlefield • Was also the key to military success, victory and power. This conclusion called for a radical transformation within armed forces. • China’s Revolution in Military Affairs (RMA) concept. • Transformation of Chinese doctrine guided new strategies of evolution in  Chinese military affairs  And in several industrialized countries worldwide. In this context, the concept of information warfare acquired greater consideration among military experts in China. Since the mid 1990s the Chinese army has implemented a modernization program guided by the concept of “informationization” (which translates as dominance over information technologies and cyberspace). http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
First Gulf War Influence on China The Military Dimension – from The Journal of Energy Security In 1995 General Wang Pufeng, who is considered the father of Chinese doctrine of information warfare, outlined several key concepts of this doctrine. Among them he pointed out that: • The goal of information warfare is no longer the conquest of territories or the destruction of enemy troops, but the destruction of the enemy’s will to resist. • Information warfare is a war in which the ability to see, to know and to strike more accurately and before the adversary is as important as firepower. In 1997 Chinese Colonel Baocun Wang added that: • Information warfare can be conducted in times of peace, crisis and war; • Information warfare consists of offensive and defensive operations; The main components of information warfare are command and control, intelligence, electronic warfare, psychological warfare, hacker-warfare and economic warfare. http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
3PLA The Third Department of the People’s Liberation Army’s General Staff Department Also known as 3PLA, China’s equivalent to the National Security Agency – Crucial to the country’s military strategy – Responsible for monitoring much of the world’s communications for threats and commercial opportunities. – Using Chinese government websites, academic databases and foreign security expertise, – The organization maintains what active and former U.S. officials say are facilities around Shanghai specialized in watching the U.S. – One of them located close to the main transoceanic communications cables linking China to the U.S. – Those activities were highlighted in May 2014, when the Justice Department indicted five officers of 3PLA on charges they stole U.S. corporate secrets. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324
3PLA A ground view of 3PLA facilities with an organizational structure of the NSA-like military department. Increasingly rattles governments and corporations around the world while remaining obscure to outside security circles. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324
Military Organization 3PLA Is Tasked With Monitoring World-Wide Electronic Information • Monitors Russia and tracks missiles. • Its military experts analyze Internet phone calls on an island dubbed China's Hawaii, • Eavesdrops on Europe from a secret town hidden behind an array of residential towers. • Recruited from elite specialist universities, 3PLA’s estimated 100,000-plus hackers, linguists, analysts and officers populate a dozen military intelligence bureaus, according to the foreign experts. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324 Its operational units are spread out widely throughout China. From mountains near Beijing, China's 3LPA conducts the following:
FBI - Cyber’s Most Wanted Five Chinese Military Hackers Charged with Cyber Espionage Against U.S. On May 1, 2014, a grand jury in the Western District of Pennsylvania indicted five officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA) • HUANG ZHENYU (AKA: Huang Zhen Yu, “hzy_lhx”) • WEN XINYU (AKA: Wen Xin Yu, “WinXYHappy”, “Win_XY”, Lao Wen) • SUN KAILIANG (AKA: “Jack Sun”) • WANG DONG (AKA: Jack Wang, "UglyGorilla") • GU CHUNHUI (AKA: Gu Chun Hui, "KandyGoo")
Five 3PLA Officers Indicted From 2006-2014, the defendants allegedly involved in a hacking conspiracy that was targeted against: • Westinghouse Electric Co. • U.S. subsidiaries of SolarWorld AG • United States Steel Corp • Allegheny Technologies Inc. • United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) • Alcoa, Inc 31 criminal counts, including: – conspiring to commit computer fraud; – accessing a computer without authorization for the purpose of commercial advantage – private financial gain; – damaging computers through the transmission of code and commands; – aggravated identity theft; – economic espionage; – theft of trade secrets https://www.fbi.gov/wanted/cyber/sun-kailiang/view
Lisong Ma - 2013 Lisong Ma, a citizen of China, pled guilty for violating the International Emergency Economic Powers Act by attempting to export weapons-grade carbon fiber from the USA to China During the investigation, federal agents maintained a covert cyber-presence on web sites related to the brokering, purchase and sale of controlled commodities. • In February 2013, the defendant, using the name “Ma Li,” e-mailed an undercover agent and indicated that he was interested in acquiring several different types of high- grade carbon fiber. • Then, through various online communications, the defendant attempted to negotiate the purchase of five tons of carbon fiber. • Based on a review of Internet Protocol log-in information, investigators discovered that the defendant was communicating from the People’s Republic of China. • After traveling to the United States to meet those agents, Ma paid $400 for a spool of Toray-type, T-800 carbon fiber, and tried to ship it in a box whose invoice said it contained clothing, prosecutors said. http://www.reuters.com/article/us-usa-crime-exports-idUSBRE94T12920130530
Su Bin March 23, 2016 – FBI Press Report • “A Chinese businessman pleaded guilty on Wednesday to charges of conspiring to steal sensitive military aircraft data from computers belonging to Boeing and other defense contractors, in the latest reminder of what the US has called a massive Chinese cyber espionage campaign.” • “Su Bin, 50, admitted to collaborating with two unindicted Chinese co- conspirators over a near six-year period that ended shortly before his 2014 arrest. • Among the aircraft they targeted were: – Boeing’s C-17 military transport aircraft and – Lockheed Martin’s F-35 and F-22 fighter jets.” “In the last fiscal year alone, economic espionage and theft of trade secrets cost the American economy more than $19 billion.” “Economic espionage and theft of trade secrets are increasingly linked to the insider threat and the growing threat of cyber espionage.” http://www.ft.com/intl/cms/s/0/f1206e54-f13e-11e5-9f20-c3a047354386.html#axzz44vRXCKIr
USTRANSCOM September 2014 • “In a 12-month period beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of TRANSCOM contractors, the 52-page report stated.” • “At least 20 of those were successful intrusions attributed to an "advanced persistent threat," a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.” • “The investigation found that a "Chinese military intrusion" into a Transcom contractor between 2008 and 2010 "compromised emails, documents, user passwords and computer code." • “In 2012, another intrusion was made into multiple systems of a commercial ship contracted by Transcom, the report said.”
Private Health Care “Healthcare is by far the largest sector of where data breaches are occurring.” According to the Experian identity theft resource center, in 2014, 43% of the major data breeches were from the health care industry. • August 2014 - Community Health Systems (CYH.N), one of the largest U.S. hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients. • A group of sophisticated Chinese hackers known for its high-stakes corporate espionage has a history of stealing medical-device blueprints, prescription-drug formulas and other valuable intellectual property from large health-care companies. – For over a year, Dell's SecureWorks division responded to multiple intrusions by a hacking group targeting health-care and pharmaceutical companies. – The group uses phishing e-mails and has even gained physical access to computers to infect target companies. – They have been "extremely successful in exfiltrating the most valuable intellectual property of organizations," according to Dell. • October 2015 - Hackers in China targeted health insurer Anthem to learn how medical coverage is set up in the US as Beijing grapples with providing healthcare for an ageing population, US investigators have concluded. – “People familiar with the Anthem investigation believe that gaining intellectual property and trade secrets were the rationale for the hack. The individual data held by Anthem, which insures many US government employees, could also be helpful to Chinese intelligence agencies.”
Comparing Costs How much did the September 11 terrorist attack cost America? • Counting the value of lives lost as well as property damage and lost production of goods and services, losses already exceed $100 billion. • Including the loss in stock market wealth -- the market's own estimate arising from expectations of lower corporate profits and higher discount rates for economic volatility -- the price tag approaches $2 trillion. Among the big-ticket items: - The loss of four civilian aircraft valued at $385 million. - Destruction of major buildings in the World Trade Center with replacement cost of from $3 to $4.5 billion. - Damage to a portion of the Pentagon: up to $1 billion. - Cleanup costs: $1.3 billion. - Property and infrastructure damage: $10 billion to $13 billion. - Federal emergency funds (heightened airport security, sky marshals, government takeover of airport security, retrofitting aircraft with anti-terrorist devices, cost of operations in Afghanistan): $40 billion. - Direct job losses amounted to 83,000, with $17 billion in lost wages. - The amount of damaged or unrecoverable property hit $21.8 billion. - Losses to the city of New York (lost jobs, lost taxes, damage to infrastructure, cleaning): $95 billion. - Losses to the insurance industry: $40 billion. - Loss of air traffic revenue: $10 billion. - Fall of global markets: incalculable. - http://www.iags.org/costof911.html
Comparing Costs Cybercrime and espionage costs $445 billion annually The estimate conducted by the Center for Strategic and International Studies The report, funded by the security firm McAfee, which is part of Intel Security, represents one of the first efforts to analyze the costs, drawing on a variety of data. – CSIS estimated that the United States lost about $100 billion. – Germany was second with $60 billion. – China followed with $45 billion. https://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html
What can you do? • Identify Critical Data and Information – Protect it with defense in depth – Don’t put all your eggs in one basket • Split up and store the secrets in different locations • Control and monitor access • Identify Critical Personnel – Positions key to the success and continuity – Train replacements – Perform and record job task analysis • Identify Critical Resources – Tech power – High value technology
Insider Threat Who is an Accidental Insider Threat?
Insider Threat Who is an Accidental Insider Threat? • All employees – exhibit bad habits – Passwords left on screens, under keyboards – Tailgating into restricted areas, loss of accountability – Using their computers to surf the web or communicate personal e-mail – Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets) – Failing to follow OPSEC – Social Engineering – Phone call from imposters, Phishing Emails etc.. • IT Personnel - Create vulnerabilities by: – Having group accounts – Separation of duties – Create scripts or back doors for conveniences – Don’t change default passwords • Security Personnel – exhibit bad habits – Deviate from security practices they are required to enforce • Executive Management
Insider Threat Reduce the Risk for the Accidental Insider Threat: • Educate and Train all personnel on exhibiting good habits & behavior – Computer based – Internal/External (DSS/DISA, Others) – Develop in house programs – External training & Conferences – Provide periodically (monthly, biannually, annually) – Gear training to the audience • All personnel • IT Personnel • Security Personnel • Assess the training material for currency and effectiveness – Update – Provide Examples (real world events or case studies)
Key Take Aways • Technology touches every aspect of our daily lives – Does every computing environment need access to the network? • 2.8 personal devices exist for every human on earth • IoT creates more ways to be hacked, be wary of new technology • Work with other stakeholders in the organization • Look at your contracts and DD-254s – Do clearances align with both documents? – What are the ADP/IT requirements? • Look at 3rd party vendors and – Create and sign service agreements • Supply Chain Management – Applies to sub contractors – Applies to R&D & Academia relationships • Talk to HR, Legal and other Stakeholders – Establish an Incident Response Team and practice it – Establish a Insider Threat program and review it, meet and discuss indicators
Resources
Resources How to Combat the Threat FBI - Economic Espionage: Protecting American’s Trade Secrets https://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage-brochure The FBI’s Business Alliance Initiative https://www.fbi.gov/about-us/investigate/counterintelligence/us-business-1 Internet Social Networking Risks https://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks Journal of Energy Security http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber- threats&catid=106:energysecuritycontent0510&Itemid=361 Infragard Chapters https://www.infragard.org/ Dr. Shawn P. Murray on SlideShare http://www.slideshare.net/ Security Organizations (DSS, ISSA, ISC2, Others) National Security Institute – Reference CD & News Letters
References & Citations Resources and references used for presentation: • http://www.reuters.com/article/us-usa-military-cyberspying-idUSKBN0HC1TA20140918 • http://blogs.wsj.com/chinarealtime/2014/07/08/meet-3pla-chinas-version-of-the-nsa/?KEYWORDS=china%20hackers • https://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf • http://www.strategicstudiesinstitute.army.mil/pdffiles/pub1191.pdf • http://www.ft.com/cms/s/0/242c2f4e-7c2e-11e5-98fb-5a6d4728f74e.html#axzz44vRXCKIr • https://news.wgbh.org/post/why-would-chinese-hack-your-health-care-account-why-would-anybody • http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber- threats&catid=106:energysecuritycontent0510&Itemid=361
Questions? Thank You!

Recommended

Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communicationsIT2Alcorn
 
An Update on the Royal Australian Air Force's Plan Jericho: March 2016
An Update on the Royal Australian Air Force's Plan Jericho: March 2016An Update on the Royal Australian Air Force's Plan Jericho: March 2016
An Update on the Royal Australian Air Force's Plan Jericho: March 2016ICSA, LLC
 
Lecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionLecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionStanford University
 
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028Army Futures Command Concept for Maneuver in Multi Domain Operations 2028
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028Neil McDonnell
 
Eidws 105 supply
Eidws 105 supplyEidws 105 supply
Eidws 105 supplyIT2Alcorn
 
Army in multi domain operations 2028
Army in multi domain operations 2028Army in multi domain operations 2028
Army in multi domain operations 2028Neil McDonnell
 
Equity Dilemmas for Psychological Operations and Public Information in Milita...
Equity Dilemmas for Psychological Operations and Public Information in Milita...Equity Dilemmas for Psychological Operations and Public Information in Milita...
Equity Dilemmas for Psychological Operations and Public Information in Milita...Jeffrey Malone
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 

Recommended

Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communicationsIT2Alcorn
 
An Update on the Royal Australian Air Force's Plan Jericho: March 2016
An Update on the Royal Australian Air Force's Plan Jericho: March 2016An Update on the Royal Australian Air Force's Plan Jericho: March 2016
An Update on the Royal Australian Air Force's Plan Jericho: March 2016ICSA, LLC
 
Lecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionLecture 2 -Technology, Innovation and Great Power Competition
Lecture 2 -Technology, Innovation and Great Power CompetitionStanford University
 
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028Army Futures Command Concept for Maneuver in Multi Domain Operations 2028
Army Futures Command Concept for Maneuver in Multi Domain Operations 2028Neil McDonnell
 
Eidws 105 supply
Eidws 105 supplyEidws 105 supply
Eidws 105 supplyIT2Alcorn
 
Army in multi domain operations 2028
Army in multi domain operations 2028Army in multi domain operations 2028
Army in multi domain operations 2028Neil McDonnell
 
Equity Dilemmas for Psychological Operations and Public Information in Milita...
Equity Dilemmas for Psychological Operations and Public Information in Milita...Equity Dilemmas for Psychological Operations and Public Information in Milita...
Equity Dilemmas for Psychological Operations and Public Information in Milita...Jeffrey Malone
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Eidws 103 organization
Eidws 103 organizationEidws 103 organization
Eidws 103 organizationIT2Alcorn
 
Eidws 108 networks
Eidws 108 networksEidws 108 networks
Eidws 108 networksIT2Alcorn
 
Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028Neil McDonnell
 
Eidws 102 heritage doctrine
Eidws 102 heritage doctrineEidws 102 heritage doctrine
Eidws 102 heritage doctrineIT2Alcorn
 
Airbus military product update 2012
Airbus military product update 2012Airbus military product update 2012
Airbus military product update 2012ICSA, LLC
 
Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80BOLCB 111
 
資訊服務業技術趨勢
資訊服務業技術趨勢資訊服務業技術趨勢
資訊服務業技術趨勢RICK Lin
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysisDoing What I Do
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsecIT2Alcorn
 
網路安全管理
網路安全管理網路安全管理
網路安全管理Hsuan-Chih Wang
 
OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)Gregory Perkins
 
Eidws 104 administration
Eidws 104 administrationEidws 104 administration
Eidws 104 administrationIT2Alcorn
 
English 101 research paper
English 101 research paperEnglish 101 research paper
English 101 research paperbromoe2
 
Load carriagepdf
Load carriagepdfLoad carriagepdf
Load carriagepdfJA Larson
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Mechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 OrganizationMechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 Organization1st_TSG_Airborne
 
1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)Christopher Farnsworth
 
The Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force DesignThe Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force DesignICSA, LLC
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Cyberwar
CyberwarCyberwar
Cyberwarzapp0
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Murray Security Services
 

More Related Content

What's hot

Eidws 103 organization
Eidws 103 organizationEidws 103 organization
Eidws 103 organizationIT2Alcorn
 
Eidws 108 networks
Eidws 108 networksEidws 108 networks
Eidws 108 networksIT2Alcorn
 
Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028Neil McDonnell
 
Eidws 102 heritage doctrine
Eidws 102 heritage doctrineEidws 102 heritage doctrine
Eidws 102 heritage doctrineIT2Alcorn
 
Airbus military product update 2012
Airbus military product update 2012Airbus military product update 2012
Airbus military product update 2012ICSA, LLC
 
Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80BOLCB 111
 
資訊服務業技術趨勢
資訊服務業技術趨勢資訊服務業技術趨勢
資訊服務業技術趨勢RICK Lin
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsecIT2Alcorn
 
OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)Gregory Perkins
 
Eidws 104 administration
Eidws 104 administrationEidws 104 administration
Eidws 104 administrationIT2Alcorn
 
English 101 research paper
English 101 research paperEnglish 101 research paper
English 101 research paperbromoe2
 
Load carriagepdf
Load carriagepdfLoad carriagepdf
Load carriagepdfJA Larson
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionStanford University
 
Mechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 OrganizationMechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 Organization1st_TSG_Airborne
 
1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)Christopher Farnsworth
 
The Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force DesignThe Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force DesignICSA, LLC
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 

What's hot (20)

Eidws 103 organization
Eidws 103 organizationEidws 103 organization
Eidws 103 organization
 
Eidws 108 networks
Eidws 108 networksEidws 108 networks
Eidws 108 networks
 
Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028Army Futures Command Concept for Intelligence 2028
Army Futures Command Concept for Intelligence 2028
 
Eidws 102 heritage doctrine
Eidws 102 heritage doctrineEidws 102 heritage doctrine
Eidws 102 heritage doctrine
 
Airbus military product update 2012
Airbus military product update 2012Airbus military product update 2012
Airbus military product update 2012
 
Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80Bolc common core task list 19 jun 08 80
Bolc common core task list 19 jun 08 80
 
資訊服務業技術趨勢
資訊服務業技術趨勢資訊服務業技術趨勢
資訊服務業技術趨勢
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsec
 
網路安全管理
網路安全管理網路安全管理
網路安全管理
 
OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)OPORD_NOV13MountaineerGunnery(working)
OPORD_NOV13MountaineerGunnery(working)
 
Eidws 104 administration
Eidws 104 administrationEidws 104 administration
Eidws 104 administration
 
English 101 research paper
English 101 research paperEnglish 101 research paper
English 101 research paper
 
Load carriagepdf
Load carriagepdfLoad carriagepdf
Load carriagepdf
 
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power CompetitionTeam Disinformation - 2022 Technology, Innovation & Great Power Competition
Team Disinformation - 2022 Technology, Innovation & Great Power Competition
 
Mechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 OrganizationMechanized Infantry: Bradleys & Gavins 3x9 Organization
Mechanized Infantry: Bradleys & Gavins 3x9 Organization
 
1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)1QTR FY14 SIGINT Quarterly Training Brief (20140924)
1QTR FY14 SIGINT Quarterly Training Brief (20140924)
 
The Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force DesignThe Australian Navy and Integrated Force Design
The Australian Navy and Integrated Force Design
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 

Viewers also liked

Cyberwar
CyberwarCyberwar
Cyberwarzapp0
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Murray Security Services
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorismSensePost
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersVi Tính Hoàng Nam
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threatspattcom
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
Social media threats and risks: corporate espionage
Social media threats and risks: corporate espionageSocial media threats and risks: corporate espionage
Social media threats and risks: corporate espionageHHSome
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 

Viewers also liked (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
SLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for PrivacySLVA - Werksmans Security for Privacy
SLVA - Werksmans Security for Privacy
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threats
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligence
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligence
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence Cycle
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Social media threats and risks: corporate espionage
Social media threats and risks: corporate espionageSocial media threats and risks: corporate espionage
Social media threats and risks: corporate espionage
 
Espionage
EspionageEspionage
Espionage
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 

Similar to Countering the Cyber Espionage Threat from China

Great Chinese Hack of the United States Government's Personnel Office in 2015
Great Chinese Hack of the United States Government's Personnel Office in 2015Great Chinese Hack of the United States Government's Personnel Office in 2015
Great Chinese Hack of the United States Government's Personnel Office in 2015Dr. Tim Dosemagen
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
Future of Chinese Cyber Warfare
Future of Chinese Cyber WarfareFuture of Chinese Cyber Warfare
Future of Chinese Cyber WarfareBill Hagestad II
 
Cyber warfare capabiliites : A Reality Check
Cyber warfare capabiliites : A Reality CheckCyber warfare capabiliites : A Reality Check
Cyber warfare capabiliites : A Reality CheckRajeev Chauhan
 
Presentación3
Presentación3Presentación3
Presentación3Mikecdr
 
Each question should be done on a separate word document, with refer
Each question should be done on a separate word document, with referEach question should be done on a separate word document, with refer
Each question should be done on a separate word document, with referwildmandelorse
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALLouise Collins
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliAdv Prashant Mali
 
Foreign military studies office publications human network attacks
Foreign military studies office publications human network attacksForeign military studies office publications human network attacks
Foreign military studies office publications human network attacksClifford Stone
 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infrasimisterchristen
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIDavid Sweigert
 
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009Jose Gonzalez
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Maurice Dawson
 
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesInternational Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesChikere Uchegbu
 
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Bill Hagestad II
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 

Similar to Countering the Cyber Espionage Threat from China (20)

Great Chinese Hack of the United States Government's Personnel Office in 2015
Great Chinese Hack of the United States Government's Personnel Office in 2015Great Chinese Hack of the United States Government's Personnel Office in 2015
Great Chinese Hack of the United States Government's Personnel Office in 2015
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
Future of Chinese Cyber Warfare
Future of Chinese Cyber WarfareFuture of Chinese Cyber Warfare
Future of Chinese Cyber Warfare
 
Cyber warfare capabiliites : A Reality Check
Cyber warfare capabiliites : A Reality CheckCyber warfare capabiliites : A Reality Check
Cyber warfare capabiliites : A Reality Check
 
Presentación3
Presentación3Presentación3
Presentación3
 
Each question should be done on a separate word document, with refer
Each question should be done on a separate word document, with referEach question should be done on a separate word document, with refer
Each question should be done on a separate word document, with refer
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
 
Presd1 17
Presd1 17Presd1 17
Presd1 17
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Foreign military studies office publications human network attacks
Foreign military studies office publications human network attacksForeign military studies office publications human network attacks
Foreign military studies office publications human network attacks
 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra
 
Exam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level IIExam notes for the Certified in Homeland Security -- Level II
Exam notes for the Certified in Homeland Security -- Level II
 
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009
Northrop Grumman Prc Cyber Paper Final Approved Report 16 Oct2009
 
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
Unprotected Data: Your Risk of Internet-Enabled Psychological and Information...
 
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesInternational Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
 
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 

More from Murray Security Services

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueMurray Security Services
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 

More from Murray Security Services (11)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Recently uploaded

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Countering the Cyber Espionage Threat from China

  • 1. IMPACT 2016 - National Security Institute Countering the Cyber Espionage Threat from China Dr. Shawn P. Murray, C|CISO, CISSP, CRISC
  • 2. China’s Strategy China’s Strategy for Information Warfare • China has demonstrated its intention to become an internationally leading player in the fields of information-and- cyber warfare. Information warfare involves actions taken to achieve information superiority by affecting adversary information, information processes, information systems and computer-based networks, while denying the adversaries’ ability to do the same. • More than 20 years ago, China began to publish its theories, doctrines, policies and strategies concerning both defensive and aggressive use of cyberspace. • A student from the Institute of Systems Engineering of Dalian University of Technology in China published a research paper titled “Cascade-Based Attack Vulnerability on the US Power Grid.” • Several American experts and journalists analyzed the article as a new demonstration of China’s offensive motivations against American infrastructure (and indeed against the security and sovereignty of the USA), and also as proof of China’s involvement in a new arms race in cyberspace. • China’s approach to information warfare and cyber warfare has two main dimensions: military and civilian, both developed through theoretical and practical considerations. http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
  • 3. First Gulf War Influence on China The Military Dimension – from The Journal of Energy Security The dazzling success of the US in the first Gulf War was interpreted by several armies in the world as the victory of new technologies. According to this model • Information and information technologies’ dominance provided total control over the battlefield • Was also the key to military success, victory and power. This conclusion called for a radical transformation within armed forces. • China’s Revolution in Military Affairs (RMA) concept. • Transformation of Chinese doctrine guided new strategies of evolution in  Chinese military affairs  And in several industrialized countries worldwide. In this context, the concept of information warfare acquired greater consideration among military experts in China. Since the mid 1990s the Chinese army has implemented a modernization program guided by the concept of “informationization” (which translates as dominance over information technologies and cyberspace). http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
  • 4. First Gulf War Influence on China The Military Dimension – from The Journal of Energy Security In 1995 General Wang Pufeng, who is considered the father of Chinese doctrine of information warfare, outlined several key concepts of this doctrine. Among them he pointed out that: • The goal of information warfare is no longer the conquest of territories or the destruction of enemy troops, but the destruction of the enemy’s will to resist. • Information warfare is a war in which the ability to see, to know and to strike more accurately and before the adversary is as important as firepower. In 1997 Chinese Colonel Baocun Wang added that: • Information warfare can be conducted in times of peace, crisis and war; • Information warfare consists of offensive and defensive operations; The main components of information warfare are command and control, intelligence, electronic warfare, psychological warfare, hacker-warfare and economic warfare. http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber-threats&catid=106:energysecuritycontent0510&Itemid=361
  • 5. 3PLA The Third Department of the People’s Liberation Army’s General Staff Department Also known as 3PLA, China’s equivalent to the National Security Agency – Crucial to the country’s military strategy – Responsible for monitoring much of the world’s communications for threats and commercial opportunities. – Using Chinese government websites, academic databases and foreign security expertise, – The organization maintains what active and former U.S. officials say are facilities around Shanghai specialized in watching the U.S. – One of them located close to the main transoceanic communications cables linking China to the U.S. – Those activities were highlighted in May 2014, when the Justice Department indicted five officers of 3PLA on charges they stole U.S. corporate secrets. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324
  • 6. 3PLA A ground view of 3PLA facilities with an organizational structure of the NSA-like military department. Increasingly rattles governments and corporations around the world while remaining obscure to outside security circles. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324
  • 7. Military Organization 3PLA Is Tasked With Monitoring World-Wide Electronic Information • Monitors Russia and tracks missiles. • Its military experts analyze Internet phone calls on an island dubbed China's Hawaii, • Eavesdrops on Europe from a secret town hidden behind an array of residential towers. • Recruited from elite specialist universities, 3PLA’s estimated 100,000-plus hackers, linguists, analysts and officers populate a dozen military intelligence bureaus, according to the foreign experts. http://www.wsj.com/articles/chinas-spy-agency-has-broad-reach-1404781324 Its operational units are spread out widely throughout China. From mountains near Beijing, China's 3LPA conducts the following:
  • 8. FBI - Cyber’s Most Wanted Five Chinese Military Hackers Charged with Cyber Espionage Against U.S. On May 1, 2014, a grand jury in the Western District of Pennsylvania indicted five officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA) • HUANG ZHENYU (AKA: Huang Zhen Yu, “hzy_lhx”) • WEN XINYU (AKA: Wen Xin Yu, “WinXYHappy”, “Win_XY”, Lao Wen) • SUN KAILIANG (AKA: “Jack Sun”) • WANG DONG (AKA: Jack Wang, "UglyGorilla") • GU CHUNHUI (AKA: Gu Chun Hui, "KandyGoo")
  • 9. Five 3PLA Officers Indicted From 2006-2014, the defendants allegedly involved in a hacking conspiracy that was targeted against: • Westinghouse Electric Co. • U.S. subsidiaries of SolarWorld AG • United States Steel Corp • Allegheny Technologies Inc. • United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) • Alcoa, Inc 31 criminal counts, including: – conspiring to commit computer fraud; – accessing a computer without authorization for the purpose of commercial advantage – private financial gain; – damaging computers through the transmission of code and commands; – aggravated identity theft; – economic espionage; – theft of trade secrets https://www.fbi.gov/wanted/cyber/sun-kailiang/view
  • 10. Lisong Ma - 2013 Lisong Ma, a citizen of China, pled guilty for violating the International Emergency Economic Powers Act by attempting to export weapons-grade carbon fiber from the USA to China During the investigation, federal agents maintained a covert cyber-presence on web sites related to the brokering, purchase and sale of controlled commodities. • In February 2013, the defendant, using the name “Ma Li,” e-mailed an undercover agent and indicated that he was interested in acquiring several different types of high- grade carbon fiber. • Then, through various online communications, the defendant attempted to negotiate the purchase of five tons of carbon fiber. • Based on a review of Internet Protocol log-in information, investigators discovered that the defendant was communicating from the People’s Republic of China. • After traveling to the United States to meet those agents, Ma paid $400 for a spool of Toray-type, T-800 carbon fiber, and tried to ship it in a box whose invoice said it contained clothing, prosecutors said. http://www.reuters.com/article/us-usa-crime-exports-idUSBRE94T12920130530
  • 11. Su Bin March 23, 2016 – FBI Press Report • “A Chinese businessman pleaded guilty on Wednesday to charges of conspiring to steal sensitive military aircraft data from computers belonging to Boeing and other defense contractors, in the latest reminder of what the US has called a massive Chinese cyber espionage campaign.” • “Su Bin, 50, admitted to collaborating with two unindicted Chinese co- conspirators over a near six-year period that ended shortly before his 2014 arrest. • Among the aircraft they targeted were: – Boeing’s C-17 military transport aircraft and – Lockheed Martin’s F-35 and F-22 fighter jets.” “In the last fiscal year alone, economic espionage and theft of trade secrets cost the American economy more than $19 billion.” “Economic espionage and theft of trade secrets are increasingly linked to the insider threat and the growing threat of cyber espionage.” http://www.ft.com/intl/cms/s/0/f1206e54-f13e-11e5-9f20-c3a047354386.html#axzz44vRXCKIr
  • 12. USTRANSCOM September 2014 • “In a 12-month period beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of TRANSCOM contractors, the 52-page report stated.” • “At least 20 of those were successful intrusions attributed to an "advanced persistent threat," a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.” • “The investigation found that a "Chinese military intrusion" into a Transcom contractor between 2008 and 2010 "compromised emails, documents, user passwords and computer code." • “In 2012, another intrusion was made into multiple systems of a commercial ship contracted by Transcom, the report said.”
  • 13. Private Health Care “Healthcare is by far the largest sector of where data breaches are occurring.” According to the Experian identity theft resource center, in 2014, 43% of the major data breeches were from the health care industry. • August 2014 - Community Health Systems (CYH.N), one of the largest U.S. hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients. • A group of sophisticated Chinese hackers known for its high-stakes corporate espionage has a history of stealing medical-device blueprints, prescription-drug formulas and other valuable intellectual property from large health-care companies. – For over a year, Dell's SecureWorks division responded to multiple intrusions by a hacking group targeting health-care and pharmaceutical companies. – The group uses phishing e-mails and has even gained physical access to computers to infect target companies. – They have been "extremely successful in exfiltrating the most valuable intellectual property of organizations," according to Dell. • October 2015 - Hackers in China targeted health insurer Anthem to learn how medical coverage is set up in the US as Beijing grapples with providing healthcare for an ageing population, US investigators have concluded. – “People familiar with the Anthem investigation believe that gaining intellectual property and trade secrets were the rationale for the hack. The individual data held by Anthem, which insures many US government employees, could also be helpful to Chinese intelligence agencies.”
  • 14. Comparing Costs How much did the September 11 terrorist attack cost America? • Counting the value of lives lost as well as property damage and lost production of goods and services, losses already exceed $100 billion. • Including the loss in stock market wealth -- the market's own estimate arising from expectations of lower corporate profits and higher discount rates for economic volatility -- the price tag approaches $2 trillion. Among the big-ticket items: - The loss of four civilian aircraft valued at $385 million. - Destruction of major buildings in the World Trade Center with replacement cost of from $3 to $4.5 billion. - Damage to a portion of the Pentagon: up to $1 billion. - Cleanup costs: $1.3 billion. - Property and infrastructure damage: $10 billion to $13 billion. - Federal emergency funds (heightened airport security, sky marshals, government takeover of airport security, retrofitting aircraft with anti-terrorist devices, cost of operations in Afghanistan): $40 billion. - Direct job losses amounted to 83,000, with $17 billion in lost wages. - The amount of damaged or unrecoverable property hit $21.8 billion. - Losses to the city of New York (lost jobs, lost taxes, damage to infrastructure, cleaning): $95 billion. - Losses to the insurance industry: $40 billion. - Loss of air traffic revenue: $10 billion. - Fall of global markets: incalculable. - http://www.iags.org/costof911.html
  • 15. Comparing Costs Cybercrime and espionage costs $445 billion annually The estimate conducted by the Center for Strategic and International Studies The report, funded by the security firm McAfee, which is part of Intel Security, represents one of the first efforts to analyze the costs, drawing on a variety of data. – CSIS estimated that the United States lost about $100 billion. – Germany was second with $60 billion. – China followed with $45 billion. https://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html
  • 16. What can you do? • Identify Critical Data and Information – Protect it with defense in depth – Don’t put all your eggs in one basket • Split up and store the secrets in different locations • Control and monitor access • Identify Critical Personnel – Positions key to the success and continuity – Train replacements – Perform and record job task analysis • Identify Critical Resources – Tech power – High value technology
  • 17. Insider Threat Who is an Accidental Insider Threat?
  • 18. Insider Threat Who is an Accidental Insider Threat? • All employees – exhibit bad habits – Passwords left on screens, under keyboards – Tailgating into restricted areas, loss of accountability – Using their computers to surf the web or communicate personal e-mail – Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets) – Failing to follow OPSEC – Social Engineering – Phone call from imposters, Phishing Emails etc.. • IT Personnel - Create vulnerabilities by: – Having group accounts – Separation of duties – Create scripts or back doors for conveniences – Don’t change default passwords • Security Personnel – exhibit bad habits – Deviate from security practices they are required to enforce • Executive Management
  • 19. Insider Threat Reduce the Risk for the Accidental Insider Threat: • Educate and Train all personnel on exhibiting good habits & behavior – Computer based – Internal/External (DSS/DISA, Others) – Develop in house programs – External training & Conferences – Provide periodically (monthly, biannually, annually) – Gear training to the audience • All personnel • IT Personnel • Security Personnel • Assess the training material for currency and effectiveness – Update – Provide Examples (real world events or case studies)
  • 20. Key Take Aways • Technology touches every aspect of our daily lives – Does every computing environment need access to the network? • 2.8 personal devices exist for every human on earth • IoT creates more ways to be hacked, be wary of new technology • Work with other stakeholders in the organization • Look at your contracts and DD-254s – Do clearances align with both documents? – What are the ADP/IT requirements? • Look at 3rd party vendors and – Create and sign service agreements • Supply Chain Management – Applies to sub contractors – Applies to R&D & Academia relationships • Talk to HR, Legal and other Stakeholders – Establish an Incident Response Team and practice it – Establish a Insider Threat program and review it, meet and discuss indicators
  • 22. Resources How to Combat the Threat FBI - Economic Espionage: Protecting American’s Trade Secrets https://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage-brochure The FBI’s Business Alliance Initiative https://www.fbi.gov/about-us/investigate/counterintelligence/us-business-1 Internet Social Networking Risks https://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks Journal of Energy Security http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber- threats&catid=106:energysecuritycontent0510&Itemid=361 Infragard Chapters https://www.infragard.org/ Dr. Shawn P. Murray on SlideShare http://www.slideshare.net/ Security Organizations (DSS, ISSA, ISC2, Others) National Security Institute – Reference CD & News Letters
  • 23. References & Citations Resources and references used for presentation: • http://www.reuters.com/article/us-usa-military-cyberspying-idUSKBN0HC1TA20140918 • http://blogs.wsj.com/chinarealtime/2014/07/08/meet-3pla-chinas-version-of-the-nsa/?KEYWORDS=china%20hackers • https://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf • http://www.strategicstudiesinstitute.army.mil/pdffiles/pub1191.pdf • http://www.ft.com/cms/s/0/242c2f4e-7c2e-11e5-98fb-5a6d4728f74e.html#axzz44vRXCKIr • https://news.wgbh.org/post/why-would-chinese-hack-your-health-care-account-why-would-anybody • http://ensec.org/index.php?option=com_content&view=article&id=241:critical-energy-infrastructure-security-and-chinese-cyber- threats&catid=106:energysecuritycontent0510&Itemid=361