In order to further the discussion of Chinese cyber threats, on June 24, the Atlantic Council’s Brent Scowcroft Center on International Security hosted Mr. Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc.; Dr. James Mulvenon, vice president of the Intelligence Division of Defense Group, Inc.; and Dr. Gregory Rattray, CEO and founding partner of Delta Risk. This discussion took place at The Army and Navy Club Ballroom and was moderated by The Hon. Frank Kramer, distinguished fellow at the Atlantic Council.
Cyber Experts Weigh in on Threat of Chinese Cyber Espionage by Atlantic Council
In recent months, Chinese cyber espionage has been in a media spotlight, brought to the public eye through a series of speeches by senior US officials. A recent summit meeting between Chinese President Xi Jinping and US President Barack Obama brought cyber security to the center of US-China relations, but failed to result in any agreement. Cyber espionage destabilizes every facet of the US-China relationship, and it is important to look critically at how the United States plans to approach to the challenge China poses to the global commons.
At the event, the speakers each gave their thoughts on the status of Chinese cyber espionage and their advice on resolving this problem.
Mr. Alperovitch spoke first, organizing the Chinese cyber threat into three categories. First, there is economic espionage: the intrusion into private sector organizations for the purposes of stealing intellectual property and trade secrets “to help them better compete with us in the global marketplace.” Second, there is national security espionage; the use of traditional as well as non-traditional, updated strategies to collect foreign intelligence. Valuable intelligence gained in this manner could compromise the utility of United States technology and strategies and could also improve the technologies and strategies of those parties in possession of the intelligence. Third, a computer attack: many Chinese entries are already implanted in the US cyber infrastructure, which “could change from espionage to sabotage in a matter of keystrokes. Should there be a real conflict, the Chinese could use this capability to damage the United States.”
Mr. Alperovitch considers the economic threat to be the most dire. He calls for conversations between the United States and China, during which it would be made clear that these thefts are unacceptable. This espionage affects the competitiveness of the American economy and Mr. Alperovitch calls for tactics of economic warfare to be used, including trade sanctions and legal actions against the benefitting companies.
Dr. Mulvenon followed these remarks by discussing the value of offensive reactions to Chinese infiltration. He notes that the offense has an advantage: “The defense has to find every way you’re going to get it, the offense only has to find one.” He suggests two paths of offensive action. The first is to “scare ‘them straight, steal a bunch of their stuff. They’ll learn the danger of [cyber espionage] and we will come to some sort of rough equilibrium. If you’re not changing a mindset, you’re not changing behavior.” Dr. Mulvenon also explains the tactic of “poisoning the well.” “If you’re poisoning the well,” he says, “and they start getting told information that they previously thought was true and it turns out not to be true, they’ll have the same bureaucratic reaction that any bureaucracy has, which is to begin quickly arranging circular firing squads at the local level. Who’s the leak, who’s the mole, what’s the problem? Playing into a control freak mentality, accelerating the centralization trends that we already see in terms of top level control, driving them away from a model where its bottom up, grassroots, entrepreneurial intrusion behavior, to more reflect what our system looks like, which is top down, tight sphincter, controlled kind of system.”
Dr. Rattray opened by highlighting the opportunity that Chinese President Xi Jinping has to steer China hackers away from attacking the United States. “[There is] a new Chinese president that has the opportunity to consider the significance of whether this kind of relationship with the United States will alienate US business, where US business has been one of the largest supporters of a collaborative Chinese-US relationship. It is very good timing to try to put the new leader fully aware of the problem, have them consider the cost-benefit calculus.” Dr. Rattray also calls on the US private sector to step up and protect itself, leaning less on the US government.
Mr. Kramer then opened the discussion to the 120 audience members. When asked how he would advise the president on this issue, Mr. Alperovitch addressed the importance of public and private partnerships. “It would be helpful to deescalate it so it’s not a president-on-president conversation, but a company conversation.” To the same question, Dr. Mulvenon recommended a “playground bully strategy: hit them high, hit them low. Hit them low by poisoning the well, hit them high by reaching the leadership and being able to give them the messages about how this is a fundamental threat to economic development.”
The discussion led to the source of this infiltration, and while the speakers agreed most were from afar, there was some insider fault. Intentional insider espionage could be prevented by thorough background checks and stringent security clearances. Dr. Mulvenon believes it is more common that the insiders are inadvertently compromising the security of the company, and that it is the responsibility of the company to ensure that is a difficult mistake to make. “Employees who are willing on a moment’s notice to give up all of their privacy to Google and to Facebook and to everybody else… also have to understand that one of the prices of that is that they are now going to live in a world in which there’s going to be meshed surveillance of them, by their employers, to make sure that their behavior doesn’t inadvertently cause significant problems for the corporate name.”
Monday, June 24, 2013
2:00 p.m. – 3:30 p.m.
The Army and Navy Club Ballroom
901 17th St NW, 2nd floor
Washington, DC 20006
A discussion with
Mr. Dmitri Alperovitch
Co-Founder and CTO
CrowdStrike, Inc.
Dr. James Mulvenon
Vice President, Intelligence Division
Director, Center for Intelligence Research and Analysis
Defense Group, Inc (DGI)
Dr. Gregory J. Rattray
CEO and Founding Partner
Delta Risk LLC
Moderated by
The Hon. Franklin D. Kramer
Distinguished Fellow
Atlantic Council
Mr. Dmitri Alperovitch is the co-founder and CTO of CrowdStrike Inc., leading its intelligence, research, and engineering teams. A renowned computer security researcher, he is a thought leader on cybersecurity policies and state tradecraft. He also serves as a senior fellow at the Atlantic Council. Dr. James Mulvenon is vice president of Defense Group, Inc.’s Intelligence Division and director of DGI’s Center for Intelligence Research and Analysis. A specialist on the Chinese military, Dr. Mulvenon’s research focuses on Chinese C4ISR (command, control, communications, computers, intelligence, and reconnaissance), defense research/development/acquisition organizations and policy, strategic weapons programs, cryptography, and the military and civilian implications of the information revolution in China. He recently co-authored a new book Chinese Industrial Espionage (Rouetlefge, 2013). As the CEO and founding partner of Delta Risk, Dr. Gregory Rattray brings an exceptional record in establishing strategies for cybersecurity across both the government and private sectors. During his twenty-three year Air Force career, he served as the director for cyber security on the National Security Council staff in the White House, where he was a key contributor to the President’s National Strategy to Secure Cyberspace and helped initiate the first national cybersecurity exercise program involving government and the private sector.
The moderator for this event, The Hon. Franklin D. Kramer, is a national security and international affairs expert, and has multiple appointments, including as a member of the Atlantic Council Board of Directors and member of its Strategic Advisors Group. Mr. Kramer has been a senior political appointee in two administrations, including as assistant secretary of defense for international security affairs for President Clinton, Secretary Perry, and Secretary Cohen; and as principal deputy assistant secretary of defense for international security affairs.
This event is part of the Asia Security Initiative’s Cross-Straits series, which examines strategic and current affairs surrounding cross-straits relations.