Beyond Espionage & Influence: China’s Cyberattack Strategy

Read Video Transcript

>> Good afternoon, everyone.  Thank you for joining us today.  Please join me in welcoming our moderator, Garrettson Blight.

>> Good afternoon, welcome to Beyond Espionage and Influence--China's Cyberattack Strategy.  I'm Garrettson Blight, and I’m the director of national cyber solutions at Booz Allen Hamilton.  If you’re not familiar with Booz Allen Hamilton, we're the largest cyber security services provider in North America. We solve complex problems in the technical nature across the government and commercial landscape.  When you think back to 20 years ago, the term cyber was just coming onto the scene as it pertained to any kind of conflict let alone business operations.  And today it's a war fighting domain that every commercial business and military commander must consider when evaluating their risk and resilience.  So to support your education and our own discussion of learning, we have assembled an expert panel to discuss these issues today, specifically as it pertains to China, which is often in the news.  With that, I would like to introduce our panelists.  Kurt Ronnow is the counter intelligence deputy assistant director at the Federal Bureau of Investigation.  Adam Segal is the director of the digital and cyber space program at the council on foreign relations. And Nate Beach-Westmoreland is my colleague and good friend as Booz Allen's head of strategic cyber threat intelligence.  Before we get started, I wanted to go over a couple of housekeeping items if you're not familiar with this platform.  

For your viewing controls, you can hover over the video icon on the bottom right hand screen.  Participants are on mute throughout the presentation so to ask a question, use the question function on the icon menu on the right hand of the portal.  As you ask questions, they will be visible only to our hosts and we will address it towards the end so we will have the panel discussion followed by question and answer but I encourage you to not hold them until the very end.  Please post them in the chat but we'll address them towards the Q & A at the end.  So with that, let me turn it over to the first panelist.  So Kurt, how about I turn it to you first.  Maybe you can give us a quick 90 second review of what you do at the FBI and any key points you want to make.  

>> Sure, thanks!  My name is Kurt Ronnow and I'm the deputy assistant director at our counter intelligence division here at the FBI.  One of the things that we're very passionate about here is educating not only the folks who are in the national security space but really, everyone in the commercial, industrial, and academic and scientific space as well because China's approach to attacking America is really across the board.  They will use a variety of tools, cyber is but a vector for them so we want to make sure we're educating people as much as possible on the threat that the government of China poses to their way of life and their well being and their economic security and national security certainly as well.  I have been at the bureau 20 years and have worked in multiple domestic offices and worked overseas in a number of assignments.  And the one thing that has never changed is China's presence and threat to us.  So very much looking forward to talking to you folks today, over.  

>> Thanks Kurt. Adam, over to you.  

>> Hi, my name is Adam Segal. I direct the digital and cyberspace policy program at the council of foreign relations. I am a China expert by training so I have been writing and thinking about Chinese technology policy and innovation strategy for a greater part of 20 years.  I think we have really seen an interesting change in Chinese behavior since Xi Jinping came into power, really, China was pretty reactive and focused internally on keeping outside information out.  But around 2014, we saw China really beginning to think about how it had to shape the global internet and global cyber space to protect its own domestic interests and also, ensure freedom of maneuver and constrain U.S. maneuver in cyber space.  So we are living with that.  And we are living with an increasingly capable, technologically, capable, diplomatically capable adversary in this space.  Thank you very much, over.  

>> Thank you, Adam!  Very interesting so Nate, over to you.  

>> Hi, I'm Nate Beach-Westmoreland, and I am the head of strategic cyber threat intelligence here at Booz Allen.  I'm particularly passionate about understanding the factors that shape the initiation form and timing of state cyber operations.  I first got into this field as a graduate student at Yale when I wrote my master's thesis back in 2011 on the imperative shaping that the PRC's online censorship and commercial and political espionage activities.  In my current role, I advise government and commercial clients on cyber threats intersecting with international relations and state actors.  I have done extensive work here at Booz Allen on Russia, China and other state actors assessing how their motivations and intentions in cyber space play out in a variety of circumstances from specific attacks to decades of interconnected campaigns.  Pertinent to today, I have been especially interested in recent years on the influencing effects of cyber operations.  How do cyber operations shape individual and mass decisions, opinions and perceptions?  This topic expands the discussion of cyber threats impact from the immediate and tangible, the cost of down time, the value of intellectual property and the financial lawsuits to the broader and intangible.  Are elections seen as legitimate?  Are leaders seen as trustworthy?  Are people going to be intimidated as the report we're discussing today shows, it's critical for government and private sector to understand that China is using cyber attacks to create these influencing effects.  Over.  

>> Thank you, I really look forward to this.  We're going to break up the panel in three parts.  So to start, we're going to just talk about kind of the introduction of what is the challenge that we're really facing and that could be from a technical to a geopolitical and other things that we'll be able to get through today.  And then we're going to introduce kind of what is the impact of some of these things and then lastly, hopefully we can identify some solutions or things that the audience can walk away with to protect themselves or be aware of as hostilities could occur or further espionage can occur.  

Feel free to jump on in and collaborate during these panels.  But let's open up a view.  Based on your introduction, maybe you can e lab rate more when you talk about cyber attack capabilities.  What are China's cyber attack capabilities?  Can you set a baseline?  

>> So when we're talking about cyber attack capabilities, it's not espionage but China's ability to create disrupted and destructive effects in cyber space.  This can take the form of denial of service, ransomware and defacement and so forth.  We also know the Department of Defense has acknowledged that the PRC has the ability to cause multi‑ week disruptions in critical and industrial systems such as natural gas pipelines.  So that is what we're talking about today.  China's ability to create these disruptive and destructive effects.  

>> Kurt, from your position in the counter intelligence field, what else can you add to what you have been able to see over your past twenty years of experience there?  

>> Yes, I think it's really complex because China will absolutely do the disruptive techniques as Nate mentioned.  So it's really two things at least.  One is, they want to do everything they can to slow us down or get in the way of our progress.  Number two, they also use these tools offense to siphon off or steal the data and technology we have to have these innovative and generational progressive leaping forward.  So for us, it's really tough.  If you knew they were just getting in the way, you would approach it one way but because it's offensive and they're trying to steel and take things, that's another means of defense entirely so trying to create the tools and the awareness to handle both of those is really tough as you're talking across sectors, academic, science, industrial, defense, and all of these things, over.  

>> We see China like all states trying to figure out what cyber tools useful for.  We know it's clear for espionage but not as clear on coercive or other measures of state craft.  You know, a lot of Pope source writing from Chinese analyst on how they would use a disruptive attack in a military conflict and then the report I think does a really good job of laying out cases of disruptive data attacks where they were trying to coerce states or regions or territories for certain political outcomes with pretty mixed results so it doesn't look as if they're particularly successful but I think they are like, U.S. and everyone else, to figure out what cyber is actually useful for.  

>> I really appreciate something you just said, they're trying to figure it out.  I think oftentimes as Americans, you know, we think vilifying whatever the threat may be.  It's not always necessarily the case but maybe, what do you think China's perspective is from international relations standpoint?  What threats do you think it sees and you know, do you think from their perspective, it's an attack or defense?  Can you elaborate a little bit about getting in the mindset of the Chinese use of cyber power?  That would be great.  

>> Yes, the Chinese have long said they are in fact the more vulnerable power than the United States.  That the United States is the true superpower in cyber space.  I think there was a dramatic change around 2014 that Fiona cutting ham and others have tracked that until then, the Chinese thought the great fire wall and the state of their economy and fairly analog nature is that the U.S. is more vulnerable to cyber attacks than China was but around 2014, that idea began changing.  The PLA is a more net centric military and would be susceptible to disruptive attacks.  The Chinese economy, about one‑ third of GDT comes from E commerce and other digital technology so it could also be disrupted.  This is a real sign there was significant vulnerabilities and the U.S. intelligence and NSA and others can really collect intelligence from others fairly widely from what we can tell.  As you can said, we hear a lot about, you know, Chinese attacks on western targets but the Chinese have always said they find this more vulnerable.  I'm not sure that it is completely true but they clearly have some series cyber security vulnerabilities they need to address.  

>> If I can add one more thing.  I think as China continues to talk and look at Taiwan, I think they're getting a free master class in Russia's invasion of Ukraine.  They're watching firsthand, the public out cry and the response to cyber attacks and the coalescing of this.  So really, China, I'm sure, is taking copious notes and learning a lot lessons about how they can position themselves, what they can do better and what they would do different and how cyber plays a role in all of that, over.  

>> Let me add to that Kurt.  The report it shows how China's development of the concepts behind cyber conflict and cognitive domain conflict.  Really, they even trace back to China watching what happened during the Persian golf war in the early 90s and China had decades of basically watching conflicts beyond its borders where it was not directly involved and seeing what impact did cyber operations have in these conflicts whether it was the Persian golf war, the color revolutions of the early 2010s and of course, you know, as you are saying, the Ukraine conflict right now.  This is a topic that appears quite frequently in PLA news papers and other openings right now, where they're commenting on, what is the role truly of the cognitive domain in a modern conflict.  

>> So is that something you think has evolved?  You mentioned the Persian golf.  We heard Adam talk back in 2014, some moments, we're talking about Ukraine so really over the past ten years when you think about what they're doing a decade ago, versus what is going on now, is this a natural revolution or is there a stark change you have seen over the last decade in what we should be aware of more recently in the landscape, just open question.  

>> Yes, so I think, look, we have clearly seen an evolution but I would say not totally unexpected.  The Chinese used to deny they had any cyber forces and then the 2015 white paper talks about the need for cyber defense and the creation of cyber forces.  2015, the Chinese stand up the strategic support forces which brings together cyber war, psychological war, all together, into one force that reports directly to the CMC, the central military commission which is tightly controlled by political leaders as Nate suggested, it's thinking about cyber as a strategic instrument but one that is also, you know, much broader than the U.S. conception of cyber.  This is not just cyber command.  It's also information operations, cognitive operations and other things there.  So you know, we're seeing the Chinese be some what more transparent at least in the structural side of things.  About how they're developing but you know, as the report clearly shows, kind of the clearest ways we learn about the Chinese thinking is the actual behavior.  They don't really release doctrine and they don't release strategy in the cyber realm so the clearest idea is what we manage to discover through threat, attribution and other operations that become public.  

>> And it looks like you were going to comment on something as well?  

>> So in addition, another thing from about the 2014 era.  So Adam already mentioned the stand up of the strategic support force but another great example we have found, another great example in the report is the great cannon.  So this was essentially a DDOS capability linked to the Chinese government that was used to take down a number of targets such as anti‑ censorship organizations like great fire and what this really signified is a shift from the defensive.  There's the great fire wall blocking the ability of Chinese internet users accessing problematic content online to actually forcing overseas organizations from making this content available to Chinese users.  And doing so in a manner that attempted ‑‑  at least my perception is trying to say, we want, China wants other people to know that it will use overwhelming force to disrupt these overseas threats.  Even if it embroils major international companies like Amazon, GitHub, Baidu and so forth.  

>> Yes, thank you, Nate.  One thing too, and another thing.  We're mentioning a report.  For those in the audience who have not seen the report, we'll make sure there's a link in the end but Booz Allen published a report that looked at the geopolitical actions of China across many years and certain conclusions you can bring to that.  That's some of the references that you're hearing here today.  So let's shift over a little bit with what Nate just talked about and maybe Kurt, I can bring it to you next.  When we think outside of the United States and actions that China might be taking, it should, I hear from SISO that expanding in China, there could be concerns there.  But when we think about action from China to other nations that don't have to do with the U.S., should it be a concern to us in the FBI?  In your experience, what should we be aware of and what should we observe in the news?  

>> Yes, great question!  So one of the things we hear about a lot is China's continued influence in developing countries, right?  That doesn't have to be developing countries like Africa or in Africa.  It can be central European nations that are actually pretty far along.  They just need help with 5G or some other IT infrastructure.  

And what makes China so tough to defend against, they're bringing with them capital investment and once a country sees that, and they have a struggling economy or they're trying to build their own sector or win constituents, it's really tough to combat.  Once they're in and they have the infrastructure hook, then the rest of the stuff they bring in with cyber comes right behind it.  So that world influence is going on everywhere.  We used to worry about the overall threat posed by communism and we have also gotten ourselves into a number of situations internationally to try to combat that.  This is nothing quite so offensive on its face, right?  Because again, it's economic investment.  It's good for your country.  It's good for development and good for everybody.  But man getting the foothold around and making other nations reliant on their infrastructure, their technology, their capital, their workforce, those kinds of things.  That makes it tougher for American companies who want to do business in that realm because they're going to butt up against all of those things that China has already got.  So yes, that's a tough challenge for any American company looking to do business overseas, over.  

>> So the implication I'm hearing is almost a strategic positioning in a lot of areas internationally.  Adam, I wonder if you have any thoughts about it?  When Kurt is talking about nation specifically, holistically and also the infrastructure, going as far as software or other IT devices or anything like that.  Any reaction to what Kurt said?  

>> Yea, I mean, we have seen certain Chinese state ATPs, task and targeting specific regions of the world.  So they tend to develop an expertise.  If you're in the south China sea or you have a south China sea claim, then we see Chinese hackers both conducting intelligence operations around maritime issues and also as the report outlined certain disruptive attacks and defacement and other things around the conflicts.  We certainly see a lot of attacks on Taiwan and around semiconductor and also around the elections, targeting of the EU.  

So a lot of these not surprisingly are driven by Chinese geo strategic concerns and they pull from and target that reflect those political specific concerns.  

>> So one question I get a lot is, from chief information security officers is primarily, you know, as my company more likely to be hit by a Chinese APT or a cyber attack or something more than the company next door?  

I was wondering if any of you have insights as to, you know, the impact of Chinese activity against specific businesses or potentially sectors and if there's anything that should be aware of with that.  Open questions to the panel.  

>> I will jump in on that one.  So private sector organization can become the target of PRC operations.  Simply because of their location that they are, you can think of them essentially on in the large every geopolitical competition so typically this is geo politically significant organizations like semiconductor manufacturers in Taiwan being caught amid the Taiwan PRC conflict and other times the organizations may actually bring themselves into the direct conflict with the PRC government.  The report contains several examples of media organizations that have become targets of disruptive operations by the PRC government.  This includes a newspaper in Hong Kong that was supportive of the pro democracy protests called Apple daily.  A U.S. based mandarin language news out let called Ming JING news that was publishing salacious rumors about the PRC government and officials or great fire wall which I was discussing earlier that anticensorship organization.  All three became subject to pressure by both cyber and other means.  

>> So I think most of the audience is probably familiar with the espionage conducted over the past many years simply on U.S. companies that various administrations have acknowledged about IT theft and intellectual property challenges we have had across the U.S. military.  To the fact of the pawns of the larger geopolitical competition, when we think about some of those involved in it, do you think China actually cares if they get caught?  How does attribution factor in to whether it's a pub acknowledgment, public shaming or something like that.  We start to think about from impacts to solutions, Kurt, maybe I can kick it over to you with your association within the government.  

>> Sure.  So the short answer is yes!  I think they do care very much!  They go to great pains as we have already talked about, to highlight the fact that they're just trying to get ahead.  And the U.S. is in a better position and to the extent we are adversaries with them.  We're just trying to keep them down.  Over the last number of years, the total amount annually we estimate that is a cost to counterfeit goods, is anywhere between 225 and 600 billion dollars.  Which again is an estimate.  So even though they care, the fact is, when you look at their fifth generation fighter next to ours, they look remarkably similar.  So as long as they get what they are ultimately after which is again, degrading our national power and increasing theirs, I think they're okay because they can always deny it.  They will just say, we just happen to have people just as smart as you.  But because we do know that culturally they care about these things, that's why every time we are able to, we highlight a prosecution.  Just last week, we had three different cases.  One transnational oppression, one trying to interfere with a court case by MSS officers and the other one conducting, espionage, economic espionage under academic cover.  So we do try to highlight those so we can name and shame to the extent possible, and from what we can tell, it does seem to have an effect on curb their activities.  Over.  

>> Anything to add on that?  

>> I mean, if you watch any number of PRC ministry of foreign affairs, after a threat report comes out and FBI indictment, they will say China is the number one victim of cyber attacks and it's all everyone else's fault and China doesn't do anything.  But at the same time, the report shows several of these examples where China is ‑‑  doesn't appear to be trying to cover up its connection to say something is major DDOS attacks and leaving calling cards to fact they want to be seen and it's coming from China.  So an example of that is using China based IP addresses in these DDOS attacks rather than say, harvesting bot nets around the world in order to conduct DDOS attacks.  Using overwhelming force in order to draw attention to these attacks.  So yes, China cares to an extent but it's not they never want people to suspect that China may be behind the cyber attacks because again, it's about a cognitive impact and an influencing factor.  If a tree falls in the forest and no one hears it, what's the point of knocking down the tree?  

>> Great!  In addition additional that you want to comment on?  

>> Yes, I guess I'm probably closer to Nate on this one.  I don't think they care that much quite honestly.  I think there's a demonstrative effect they like it.  There does seem to be a cost at the tactical level and attribution when the reports come out, the operators have to, you know, reconstruct infrastructure and certain types of malware are no longer usable and other things like that.  I think they really believe, look, for a long time, the attribution and the U.S. side in part was trying to create a normative distinction between cyber industrial espionage and cyber espionage conducted for political and military reasons and we, basically said, look, there's good spies and bad spying.  Everyone does the good spying.  Everyone conducts political espionage.  You guys are the leaders in bad spying, industrial espionage and you need to stop it.  That norm we can argue about if it really held that you know, if the threat one year they seem to follow it but I think they believe that after they restructured their cyber espionage moving it from the PLA to the ministry of state security, adopting a lot of attacks on IT services and cloud infrastructure so doing big data gathering, they basically said, look.  We're doing similar kinds of things that the NSA does and we're kind of the equivalent.  You guys don't really have any basis to call us out or say we're doing something that others shouldn't.  So I don't think they really care that much in the long run.  

>> Yes, that's interesting.  China talks frequently about setting common standards of responsible state behavior in cyber space.  At the end of the day, what should the U.S. position be with that?  So I mean, there's a lot to unpack there.  I'll go back to you Adam if you have some initial thoughts.  

>> I don't think we're ever going to gather any agreement on responsible behavior around espionage.  Probably also not around disruptive attacks that are, you know, essentially focused on political targets that would fall under kind of a non interference and sovereignty issues which you know, there is international law that guides but I don't think we'll get any agreement.  I think the hope is that we get some kind of understanding and rules of behavior for destructive attacks for armed attack so both sides have some predictability on the types of attacks that could cause physical destruction.  The report talks about what could be mapping of critical infrastructure and gas pipelines.  The U.S., and Russia clearly do the same.  In a crisis con scenario, we want to understand what they're doing so we can control for misperception and possible miscalculation in a crisis.  

>> So when we think about solutions with how to protect ourself from action and the direction that China is coming.  I can say this one thing and I'm sure others have thoughts about this as well but what are some of the communications and warnings that people should be on the look out for, there could be something that will affect them in the future?  Do you have any initial thoughts?  

>> Well, so the report talks about how China is a mantra that evokes what is called the three core interests.  It's basically the continuity of the political system.  The sovereignty of its territory.  And its developmental progress.  And when China in a public statement or through an official party mouthpiece like people's daily, when they invoke these core interests that can often suggest that China is willing to use all forms of national power to secure these priorities because they are again, a core interest.  And so the plus side of that, of China's using so many different forms of power at once.  Is that while cyber power is the hidden hand, you can look for the public hand.  This would be is China using economic pressure?  Or fisherman to swarm oil rigs?  Is it using state media to blast some positions, so on and so forth.  So if you ‑‑  the indication warning is, look for the public hand if you're trying to search for the private hand.  

>> Great!  Kurt, any thoughts or potential resources from the U.S. government that everyone should expect to help with the indications and warnings?  

>> The short answer is, we have a number of resources on our website that talk about the threat posed by China.  And the various means they use to exert influence through all of these different vectors and across all of the different sectors.  So I guess my leave with the folks would be, go check it out.  I have a number of resources in front of me that I refer to constantly.  And it provides a great summary and it includes things to watch out for and some of the warning signs you have mentioned.  So I need to take a shortcut but I think our website is probably much better resourced, over.  

>> It's good to be prepared and have something else to point to.  That's great!  I'm sure they'll check it out.  Any additional thoughts about indications and warnings?  When you see things in the news and you worry about things heating up, what should folks be on the look out for, that folks could be of concern in the near term?  

>> Well, I think, look, any type of regional tension around Taiwan or the south China sea and if you're in the industry that touches on those and has branches in these places, I would certainly keep it in my mind.  U.S. China conflict over certain industrial sectors clearly from an espionage perspective, you're going to be thinking, are you targeted if your semiconductor of new materials, EVs, those kinds of things.  And then if you have any affiliations or spokesperson, PR, then you know, someone can step into it by mentioning Tibet or Taiwan and you better be prepared as well.  Those are all things I would keep in the front of my mind.  

>> Those are good points, thank you!  We're coming up on the Q & A time but I would like to give you an opportunity to talk through if the audience could take away one thing from your perspective that you have learned in all of your vast experience, that they should be aware of regarding China espionage and attack, I'll start with Kurt, then Nate, then Adam.  What would you have them walk away with?  Kurt, over to you.  

>> I think it's really a scale thing.  Right now, a lot of the attention is on Russia for good reason.  A colleague of mine said the following analogy, Russia is the storm but China is the climate change.  It's a long standing, far reaching, very broad, very thorough and coordinated approach by China.  They have come up with a number of five year plans, called made in China 2025.  When we say whole of government attack, it really is that.  And so just educating yourself as much as you can on the various means by which China has tried to excerpt influence and the things they're interested in.  Knowing how they have continued to do it is the best way to arm yourself.  Over.  

>> Great.  Nate, thoughts?  

>> So I think one of the big takeaways of this report is to simply show that, you know, for, I think, the general public for them when you talk about China as a cyber threat, espionage is what comes top of mind and when you say country that is responsible for cyber attacks, disruptive, destructive, Russia definitely comes to mind.  Some people may think of Sony and North Korea and others might think of Iran and the attacks on the U.S. financial sector but really the broader public, they really need to think of China as also being an attack threat.  And this is not a new development.  This has been going on for well more than a decade.  And that threat exists and it's backed by an increasingly aggressive and assertive foreign policy able to act through better organized and more capable actors within the Chinese security sphere.  

>> That's a great take away.  Adam, certainly not least but over to you, sir.  

>> I would just echo Nate's point.  We really are seeing the evolution of China thinking about how it's going to use these tools broader than just espionage.  Most of the disruptive examples that the report talks about are cases that the China would consider internal so Taiwan and Hong Kong.  But we do see, for example, just the reports last week about China scanning state, local government, web sites and shifting its focus on information operations away from generally amplifying state media and state propaganda to start adopting more Russian techniques of pushing on U.S. social division and those types of things.  The China is like everybody are experimenting and evolving in this space so we just need to think, as the space develops, how they're going to deploy and use new tools in ways that are probably going to be some what disruptive in ways we have not seen before.  

>> You always plan for the unexpected.  I think that's the certain take away over the past decade or so.  But we'll do our best.  At the same time, we're probably not going to anticipate the exact thing they do next.  So when we look at transitioning to question and answer for everybody in the audience.  First of all, I just want to thank Kurt, Adam, Nate.  I think this has been valuable walking through just the landscape all the way through some of the impacts and solutions that we might want to consider.  Now, some of the important part of this session is what are we hearing from the audience?  What do they take away and what additional information do they want?  Make sure you submit questions.  We have a few already.  Continue that over the next, you know, fifteen minutes or so and hopefully we can get to a number of them.  I'm going to start first.  Let's see.  We hear a lot about the quantitative side of cyber analysis but how would you compare the importance of qualitative analysis in the cyber sector?  Do you see an imbalance in the reputation of qualitative information in the field versus quantitative.  And I think if we consider the backdrop and I'm paraphrasing but if we consider the backdrop of China and we think about the quantitative things about malware, APTs, you know, a number of events and things like that versus the qualitative, the implication that I'm taking away is potentially geopolitical.  I would love to hear some thoughts around the perception of imbalance across those two from this particular audience member.  So is there anybody who would like to address that?  

>> Sure, I can hop on that one.  So this report is clearly at the strategic level.  It doesn't go into very much of the tactical technical aspects because at the end of the day, malware, specifically tactics and so forth are just tools at the end of the day.  What you need to understand is who is going to employ these tools?  Why are they going to employ them?  To what end are they going to attempt to employ them and that's where this qualitative analysis is really important in order to better anticipate when attacks will occur and explain why they are occurring and explain why they have occurred so they can better prepare for the future.  And those are really qualitative questions involving political science, international relations, history, media studies, et cetera and will not be entirely answered by looking at the bits and bytes.  Over.  

>> Thanks, Nate.  Kurt or Adam, anything to add on that?  

>> Yes, I think this highlights particularly the interesting quantum because whoever gets that first is going to leapfrog way ahead better than most.  Both in terms of qualitative and quantitative.  Anything that allows you to interrogate more data better, is just a game changer.  So we know that many countries are all racing to get to quantum but I think it highlights exactly why that is, over.  

>> Thank you, Kurt!  So there's another question that is some what similar but from a practitioner level and Nate, I'm sure you'll have a perspective on this so I will just direct the review and maybe if you want to jump in and invite them to do so.  This particular one, I'm going to slightly paraphrase but in their impact lane, group and team, what can they particularly do to counter the China and growing cyber industrial influence of the struggle as the U.S. and the Chinese relationships start to heat up further, whether regardless of the influence.  But what can you do at the practitioner level if you're a threat Intel analyst to make your enterprise more prepared and aware and how should you react to some of the things you might be seeing that we talked about today.  

>> So as an Intel analyst, your job is to alert the people who can take action.  So having an understanding of the threat actors or threat groups specifically or in the broader sense of Chinese, cyber strategy, you can then communicate to appropriate stakeholders that as geopolitical developments are currently unfolding, China based on these various factors may use cyber in these ways which could have the following impacts upon your business.  These are measurable and ways we can mitigate that risk so that's sort of the cascading series of steps you go from the Intel analyst, seeing China, the possible of Chinese cyber attacks and moving on to risk management which is then the role of what is the end goal of cyber threat analysis is.  

>> Great, thank you, Nate!  There's another question that I would love for everybody to have a perspective on and Adam, I think this is well suited for you and maybe we'll go to Kurt and Nate afterwards.  I'm sure you all have a slightly different perspective on it.  Or said a different way but I will read it verbatim.  Do all of the panelist state or recognize the threat both in capability and scale.  How can we better encounter the China threat going forward so we're not having this exact same panel in five to ten years.  So said another way, if you had the authority to take action and enact a policy, law, or anything else, what would it be?  A simple question, Adam.  Over to you.  

>> I really hate these questions even though I work at a think tank and this is what I'm supposed to do all of the time.  There's not one policy solution.  There's a whole set of them but since you brought up scale, that means we can't do it alone.  And that means working better with our friends and partners.  You know, we see cyber as an important part of all of the Biden administration initiative on alliance.  So there's a discussion around cyber and the quad.  Cyber in the TTC with the Europe.  So those are all, I think, really important things.  We now have a cyber ambassador.  And a whole bureau stood up at the state department to help promote on this perspective so we talked about joint attributions.  There's the dutch and the British and Australians and NATO.  So that is extremely important!  And probably more can be done on sharing and developing on the technology side.  So helping push forward innovation on the cyber technology but that is where I think the most important focus would be.  

>> Thank you, Kurt!  I totally agree with Adam.  This is going to sound odd coming from law enforcement official but this is not something we can enforce or arrest our way out of.  If we're relying on law enforcement as the way to stop this behavior, we won't do it.  I mentioned earlier, there's the whole of government approach by China against us.  One of the things that we struggle with, not just having the whole of government defense which we struggle with that, in terms of coordination and making sure everyone is on the same page with the same priorities but I think as I alluded to and the report certainly does, this has to be the whole of society which includes education and awareness and having a better sense of exactly what China is after.  Until we are able to collectively focus our efforts, a little more against this threat, we're really going to struggle with it.  So I think, the same thing as Adam.  We have to bring everyone together to combat this otherwise, they're going to find the cracks and exploit them, over.  

>> Some of this overlaps with what some said.  First, we're talking about developing and strengthening partnerships.  That's not just in the intelligence sphere but also military and economic spheres and we need to mash partnerships.  Second, we need to expose PRC transgressive behavior and impose cost on them.  This is similar to friends at the FBI talking about the revealing, operations being conducted by PRC actors.  Similar things are multi national name and shames that have been done frequently with Russia over the past year.  Just depending on the severity of these transgressive behaviors, you can conduct expulsions from international bodies, sanctions, do coordinated persona non grata and so forth.  Three, we could strengthen our competition in more normal areas of competition as alluded to here.  This is a U.S. typically operates as a whole of government versus what is a whole of society approach which means a whole of society is a blended or blurred line between the government and private sector.  The U.S. government has financial resources that are truly unparalleled and economic influence that is truly mind blowing.  It's possible to compete in areas like the belt and road initiative in Africa and in central Europe, central and South America and so forth.  Furthermore, we can expose the negatives of PRC in these areas that it's quite an uneven set of activities and finally, I know we can establish norms through our involvement in international organizations and other agenda setting bodies and doing this in part by investing in our diplomatic capabilities so those are the four major areas we can do to combat this threat.  

>> I will follow up because all of you commented on partnerships and I want to put it off to the side but really on the sense of whole of society defense that Kurt had mentioned that I think parallels the whole of society approach that China has.  But in the U.S., as everybody knows, everybody wants to do something a little bit different.  We don't necessarily have the authoritative unity.  So not to lead the witness or poison the well, I'm interested in what you think the U.S.'s biggest barrier to success against threat and it doesn't have to be against this whole of society kind of a thing but if that is a primary solution, what would be our impediments to getting to that destination?  Open question.  

>> We're never going to be able to copy the China and certainly we don't want to copy the China on the whole of society response.  We talked a lot about public, private partnerships that have gotten better over time.  But those can always improve.  I think you know, the real issue is kind of mobilizing resources at scale in other markets and kind of the global south and other places.  So you know, Nate had mentioned the BRI and that is a real problem.  We're not trying to convince the U.S. private sector to invest its scale to compete with China is a real challenge!  That's the biggest problem.  We have to provide alternatives to Chinese technology where it's heavily subsidized or paid for by the Chinese states.  So that I think is the most difficult thing for us to do at least internationally over.  

>> I will add on to that.  I think, as Adam said, we operate fundamentally different, right?  So for example, China, the government of China can basically make their society care about this and we certainly cannot.  We particularly in the government need to do a better job of showing the rest of the society why we need to care or why they should care.  And just leave it to them but I think, by highlighting severe economic loss and the slow burn, like the boiling fog syndrome, right?  Chinese government is slowly investing in certain sectors and taking over technology and you don't really notice it until one day, your company shuts down or everyone is laid off or whatever it is.  And then suddenly it hits home.  So I think continuing to highlight as I said earlier, educating folks and increasing awareness of why they should care about this is going to go a long way, over.  

>> Kurt, anything to add?  

>> At the end of the day, what we're really talking about is China is not an existential threat or an idealogical threat but it is a significant hegemonic threat.  It has the potential to limit the ability of the United States to act in parts of the world to advance what the United States believes is a better, freer, more prosperous agenda for people worldwide whereas China does have the ability to enable the spread of the surveillance state, the spread of restrictive technologies, impose upon countries, with the U.S. loan systems and so on and so forth.  It's a critical problem we need to face and you know, think about it again.  It's not communism.  We're not fighting an idealogical threat.  China doesn't offer is to the rest of the world, a vision on a hill but they do offer cheap money and cheap technology and as Adam was saying, we need to have some alternative to that.  So that this world view that the United States offers is the preferable outcome and not just simply chosen because the Chinese choice is cheaper.  

>> Excellent!  Thank you.  I hope the audience today got more awareness of the threat and the details around it and to compliment the paper that was released and if I could have the moderator who is managing this outside, post a slide so we can go back to the resources.  As I thank the panelist, Adam, Kurt, Nate, thank you so much for joining us today and gives us more insight from your expertise.  For everybody in the audience, please take a look at these resources.  This recording will be sent out to you.  As well as I would encourage you to check out any of these resources that dive into issues a little deeper across China specifically with their strategy, quantum as well as one of the analogous papers that Nate mentioned in the beginning around the Russian military cyber operations.  Along those lines, as soon as you do see a poll survey, you'll see that.  Please take that survey and we appreciate any kind of feedback you can provide and with that, we'll conclude but thank you for joining us once again.  Thank you for all of our panelist and Booz Allen Hamilton for making it happen.  Have a great day and thank you!  


What You'll Learn:

  • How the government of China competes using cyberattacks
  • Factors increasing the likelihood of being targeted by its cyberattack operations
  • The government of China’s primary cyberattack tactics


Garrettson Blight
Director of National Cyber Solutions, Booz Allen Hamilton


Kurt Ronnow
Counterintelligence Deputy Assistant Director, Federal Bureau of Investigation

Adam Segal
Director, Digital and Cyberspace Policy Program, Council on Foreign Relations

Nate Beach-Westmoreland
Head of Strategic Cyber Threat Intelligence, Booz Allen Hamilton

1 - 4 of 8