Home » Infrastructure Protection

Category Archives: Infrastructure Protection

China and cybertheft, six months later

Last September, during his State Visit in Washington, China’s President Xi Jinping committed (see paragraph 48) to President Obama that China would not conduct or support cybertheft to benefit China’s economic competitiveness. President Xi then took that non-binding commitment with the United States on the road and became its primary advocate, culminating in the inclusion of similar language in the Antalya Communiqué agreed by the leaders of the G20 in November.

As I noted on this blog (twice in September and again in December), accepting that non-binding commitment as progress delayed taking meaningful action–in the form of economic sanctions–to try and actively influence the cyber behavior of China’s state-sponsored hackers. My argument at that time, and still today, is that in adopting that non-binding commitment, the Chinese President was practicing the Art of War on the United States by making a rhetorical feint while continuing the cyber activities–state-sponsored and state-supported cybertheft of U.S. companies’ proprietary information–that violate that commitment and continue to undermine the U.S. economy.  

As alluded to above, the reason President Xi felt the need to send his high-level envoy Meng Jianzhu to negotiate the non-binding commitment appears to be the widely reported fact that the Administration was readying a package of sanctions against Chinese individuals and entities.  The Chinese President prefered to take on a commitment to which its government has no intention of abiding rather than face inconvenience and loss of face that sanctions would cause.  If the Administration had moved forward with sanctions last fall, China would have been the first country to have its entities and citizens targeted by sanctions under President Obama’s April 2015 Executive Order announcing a national emergency on cybersecurity and authorizing such sanctions.

Now just over six months after President Xi’s State Visit during which he endorsed the norm against cybertheft, that commitment appears to have done its job completely…for China.  This issue, which used to be very high on the list of difficult problems in communications between the two Presidents, barely got a mention last week when the Presidents met in Washington on the sidelines of the Nuclear Security Summit.  Based on the readout from that meeting, “[t]he President reiterated that we will continue to monitor whether Chinese actions demonstrate their adherence to the commitments.”  But has anything changed that would merit continued passivity in the face of China’s cybertheft?

The best source of such information is the federal government, but it is not forthcoming about its information for obvious reasons.  Still, we can look at the sources that told us there was no change toward the end of last year–both private sector and government–but there has not been much further discussion of whether this type of hacking continues through the first 3 months of 2016.  Discussion about the direction of China-based intrusion sets in CrowdStrike’s 2015 Global Threat Report, released in February 2016, asserted that “[t]he economic downturn and new Five Year Plan in China will continue to drive their state-sponsored cyber espionage activities.”  The report also details how the current economic cybertheft intrusion sets CrowdStrike has identified over time map to the priority economic sectors listed in China’s new Five Year Plan.  And in comments to Politico last week, counsel to the Intellectual Property and Technology, Media and Telecoms group in Hong Kong suggested that there may have been an increase in cybertheft.

The Intelligence Community provided additional information this year in the Congressional testimonies of both Director of National Intelligence Jim Clapper and the leader of Cyber Command and NSA Director Admiral Michael Rogers.  Both concluded, in identical language in their written testimonies that, “China continues cyber espionage against the United States.”  And Director Clapper further elaborated that, “China continues to have success in cyber espionage against the US Government, our allies, and US companies” (emphasis added).  Clearly, China has not stopped the conduct that nearly resulted in the imposition of economic sanctions last Fall.

On that basis, the time has come for the Administration to impose such sanctions on Chinese entities and individuals.  The testimonies of both IC officials, however, raises a troubling question about whether the Administration is making the situation worse for American businesses.  In both Director Clapper’s testimony and in responses to questions from the Senate Armed Services Committee by Admiral Rogers, the IC leaders suggested that without evidence of “…the use of exfiltrated data for commercial gain,” the jury would be out.  As Admiral Rogers put it this week, “The question I think we still need to ask is, is that activity then in turn shared with the Chinese private industry?”  

In fact, several reports have asserted attribution of intrusion sets focused on commercial information to Chinese state actors going back several yearsbut the additional burden of showing the stolen data used for specific commercial gain by Chinese industry adds a tremendous complication to any attempt to sanction Chinese cyber activities that threaten U.S. competitiveness.  Such a burden would delay any such sanctions until they were far too late to be of any use.  Perhaps more importantly, President Obama’s April 2015 Executive Order adopted a “reasonably likely” standard for imposing sanctions on persons or entities that engage in cybertheft.  Adopting the IC’s standard–putting the onus to detect, attribute, and trace the misappropriated information through to its use by a commercial entity–is far too generous to the hackers.  Combined with the reduced attention paid to the problem since President Xi’s State Visit, the adoption of this standard would render sanctions for hacking activity a dead letter.

The question the Obama Administration faces now, six months after it allowed President Xi to take the initiative, is how to regain the momentum in its fight against Chinese cybertheft.  As detailed in December, the indictments of five Chinese People’s Liberation Army (PLA) hackers by the Justice Department in May 2014 had a measurable effect on the PLA’s cybertheft activities.  If that is the case, indictments against hackers from the Ministry of State Security, China’s external intelligence agency, or the Ministry of Public Security, China’s domestic police agency, could be one way forward.  Indictments are not a great policy option because as a law enforcement action, it is insulated–appropriately–from the policy process.  As successful as those indictments were at sending a message, using that tool on a regular basis would be difficult for an Administration to control or direct.  The real hope is that the White House would look at the continued cybertheft conducted by China and revisit its decision not to impose sanctions on China immediately after President Xi’s State Visit.  With significant continued cybertheft originating from China, one hopes for that reversal very soon.

DOD addresses climate change as a national security threat

Yesterday the Pentagon released a report identifying climate change as an “immediate” threat to national security, and outlining an “adaptation roadmap.”

As the New York Times observes, it is significant that Secretary Hagel is speaking to this issue at a time when Syria/Iraq/ISIS and Ebola are dominating the headlines. The article goes on to suggest that the Secretary’s highlighting this issue at a meeting of defense ministers this week in Peru “is aimed in part at building support for a U.N. agreement [on climate change and specifically, carbon emissions], to be signed next year in Paris…”. From a domestic standpoint, a recent Pew Center pollcited by the Wall Street Journal in connection with the Pentagon report, indicates that “most Americans believe in climate change, but give it low priority.” WSJ notes further that, “The military is often a hotbed for ideas that the private sector and politicians later pick up…”.

The WSJ writes also that “the Arctic…is a region where climate change is most clearly evident.” Melting sea ice there and the ensuing opening of new sea lanes, has generated both interest and concern in the United States. As the country prepares to assume the chairmanship of the Arctic Council in 2015, and with the recent appointment of retired Commandant of the Coast Guard Admiral Robert Papp as the first-ever U.S. Special Representative for the Arctic, these and other related issues will come increasingly to the fore. (See here for retired Admiral James Stavridis’ advice to Special Representative Papp.)

State IG finds weaknesses in office created due to Benghazi attack

The Department of State’s Office of Inspector General released an important new report today entitled “Inspection of the Bureau of Diplomatic Security, High Threat Programs Directorate.” The High Threat Programs Directorate was established in the December 2012 as a response to key weaknesses that were uncovered in the Bureau of Diplomatic Security’s (DS’s) processes for allocating protective resources to the US temporary mission facility in Benghazi prior to the September 11, 2012 terrorist attack in Benghazi. The announcement about the new directorate was made a couple of weeks prior to the release of the Accountability Review Board’s report on the attack, and was presumably made in anticipation of this ARB finding:

The Board recommends that the Department re-examine DS organization and management, with a particular emphasis on span of control for security policy planning for all overseas U.S. diplomatic facilities. In this context, the recent creation of a new Diplomatic Security Deputy Assistant Secretary for High Threat Posts could be a positive first step if integrated into a sound strategy for DS reorganization.

Now nearly two years later, the State IG has produced a thorough report on the High Threat Programs Directorate (DS/HTP, in State Department parlance). The report includes a number of positive findings, including strong leadership by the former Deputy Assistant Secretary; effective communication between DS/HTP leadership and the Regional Security Officers at the high threat posts covered by the Directorate; and high morale among the Directorate’s staff. But the report also includes a number of troubling findings.

First, the report finds that the Directorate “suffers from significant staffing gaps and position shortages.” The report provides numerous examples to support this finding. From page 15: “Four of the [operations planning] unit’s nine current positions are filled, three by U.S. military officers on 1-year training assignments.” From page 16: “The [Security Protective Specialist] program has 117 authorized positions…only 82 SPS employees are currently deployed.” From page 18: “At the time of the inspection, the directorate carried five vacancies [out of 61 authorized positions]. It has a constantly fluctuating number of gapped positions.”

Second, the report provides a numerous of examples of how DS/HTD has not yet been formally integrated and institutionalized into the State Department’s organizational structure. It notes that DS/HTD “does not have the authority to cause peer bureaus to implement its recommendations”; that State has not yet made a Department-wide announcement “informing Departmental personnel of the High Threat Programs directorate’s roles and responsibilities”; and that State’s processes to provide administrative support have been “long and complicated”, and “not reflective of the high priority of the directorate’s mission.”

Third, the report finds that DS/HTD has not done enough to establish standard policies and procedures, and other internal management mechanisms. It excuses these findings to a certain extent by highlighting the Directorate’s high operational tempo over the past two years, but expresses concern that with a turnover in leadership (which occurred this past summer), this lack of SOP’s could lead to ad hoc and informal communications channels and decision-making processes – one of the relevant issues with respect to security decisions about the Benghazi temporary mission facility in the months prior to the attack.

Overall, the report paints a picture of an office whose leadership is doing the best that it can, trying to move quickly to address the significant, ongoing threats to US embassies and consulates in key countries, but working within a large and often slow-moving bureaucracy. It is critical that this office gets the support that it needs, in terms of personnel, authority, and intra-Departmental coordination. The House Select Committee on Benghazi should also carefully examine these findings as it carries out its inquiry, given the importance of doing everything possible to prevent future attacks on US diplomatic facilities overseas.

You can read the full report at this link (PDF).