Whether you’re a small or large company, domestic or international, the U.S. private sector has become the new geopolitical battlespace. This is the realm of asymmetric warfare wherein nation-states like China, Russia, Iran and others are targeting companies in nearly every U.S. sector for theft of intellectual property and trade secrets, cyber espionage, theft of personal data and other activities.
The theft of American trade secrets alone collectively costs our nation an estimated $300 to $500 billion per year.1 China accounts for the lion’s share of this state-sponsored theft. To put that enormous dollar amount into perspective, it’s the equivalent of adding $4,000 to $6,000 to the annual tax bill of every American family of four.
These nation-state activities have forced many U.S. companies to withdraw from markets, lay off workers or shut down completely because their innovations have been stolen, patented and reproduced abroad. U.S. military systems have also been impacted. A March 2019 U.S. Navy cybersecurity readiness review found the systems the U.S. military relies upon to mobilize, deploy and sustain forces have been “compromised to such an extent that their reliability is questionable.”2
The Communist Party of China has made no secret of its ambitions, publishing national plans like “Made in China 2025” on how to achieve global supremacy in artificial intelligence, biotechnology, clean energy, aviation, maritime and other key industries. President Xi Jinping seeks to position China as the world’s geopolitical, military and economic superpower.
No one objects to a nation engaging in fair competition to advance in world markets. However, China’s government is pillaging U.S. innovation across the board, using a range of lawful and unlawful techniques against U.S. companies, including joint ventures, foreign investments, corporate acquisitions, as well as massive cyber intrusions and supply chain penetrations.
As FBI Director Christopher Wray noted in April, “No country poses a broader, more severe intelligence-collection threat than China…They’re doing this through Chinese intelligence services, through state-enterprises, through ostensibly private companies, through graduate students and researchers, and through a variety of actors working on behalf of China.”3
The FBI has economic espionage investigations that almost invariably track back to China in nearly all its 56 field offices.4 Roughly 90 percent of the Justice Department’s economic espionage cases from 2011 to 2018 involved China.5 In fact, in a recent poll of Chief Financial Officers by CNBC, 30 percent of companies surveyed said they had been victims of Chinese thefts over the past decade.6
Companies in Pennsylvania Targeted
The bottom line is that China’s Communist government is targeting companies around the world, including those in Pennsylvania. Last year, two scientists pleaded guilty in Philadelphia to conspiracy to steal biopharmaceutical trade secrets from a Pennsylvania-based facility to benefit a Chinese company that received financial support from the government of China. The products involved in this scheme typically cost in excess of $1 billion to research and develop.7
In 2014, federal prosecutors in Pittsburgh charged five Chinese military hackers for cyber espionage against five worldwide and well-known companies and a labor organization. The indictment alleged that the defendants conspired to hack into the companies’ computers, maintain unauthorized access to those computers and steal information valuable to Chinese state-owned enterprises.8
U.S. companies doing business overseas are particularly at risk. New laws in many nations, particularly China and Russia, pose a serious threat to the intellectual property of U.S. companies doing business in these locations. China’s 2017 cybersecurity law mandates that foreign companies submit their information and communication technology to the Chinese government for national security reviews and store their data in country.9
Other laws in China compel every Chinese citizen and company to assist in national security work. China’s 2017 National Intelligence Law states, “Any organization or citizen shall support, assist, and cooperate with state intelligence work.”10
This means your potential business partner in China is required to help China’s intelligence service. It also means any Chinese individual or company operating outside China is also required to follow government orders. This poses a direct and enduring threat to your intellectual property and your enterprise. Your General Counsel must be aware of these laws if you plan to do business with a company from China.
Growing Supply Chain Threats
While nation-states use many tactics to target U.S. companies, supply chain attacks are one of the most insidious because they violate basic trust between suppliers and consumers. Foreign adversaries are increasingly infiltrating our trusted third-party suppliers and vendors to target the equipment, systems and information used every day by government, businesses and individuals.
With U.S. companies increasingly dependent on foreign suppliers, supply chain vulnerabilities pose a growing threat to your business, as well as to the government. If you rely on third parties to perform key functions like data storage or managing your IT, carefully vet those companies and their security practices to protect yourself. Your position in the supply chain also makes your company an attractive target. Nation-state actors may seek to infiltrate your company and use you as an attack vector against other companies to get at their proprietary data.
For example, in December of last year, members of a Chinese hacking group known as Advanced Persistent Threat-10 or “APT-10” were indicted for hacking into some of the world’s leading IT managed service providers, which they then used as a stepping stone to infiltrate companies that used these service providers. Dozens of firms in the U.S. and around the world were impacted.11 The APT-10 hackers were tied to China’s intelligence service.
2019 National Counterintelligence Strategy
With U.S. companies increasingly in the cross-hairs of nation-states, we need to rethink how we approach counterintelligence as a nation. It’s no longer a spy-versus-spy world; increasingly, it’s a nation-state-versus-company world. Accordingly, the National Counterintelligence and Security Center (NCSC) will soon issue a new National Counterintelligence Strategy, signed by the President of the United States.
Fundamental to this new strategy is the imperative for the United States to take a “whole of society” approach to counterintelligence. By that I mean every American must understand we all have a role to play in countering the intelligence collection by nation-states and their intelligence services.
To be sure, it starts with federal, state and local governments, but it must also embrace all members of American society, at home and abroad. Foreign adversaries are consistently penetrating private sector networks to steal private sector data. We need the private sector at our side fighting this very real and immediate threat and educating each other to protect our nation’s future.
For its part, the U.S. government will better identify, prioritize and protect the sensitive assets that underpin our national security. We will do this by joining with industry to enhance partnerships, improve information sharing and out-innovate our adversaries.
William Evanina is Director of the National Counterintelligence and Security Center.
1Findings of the Investigations into China’s Acts, Policies, and Practices, Related to Technology Transfer, Intellectual Property, and Innovation under Section 301 of the Trade Act of 1974, Appendix C, page 9, 22 March 2018.
2“Secretary of the Navy: Cybersecurity Readiness Review,” page 6, March 2019
3 Remarks of FBI Director Christopher Wray at the Council on Foreign Relations, 26 April 2019
4 Remarks of FBI Director Christopher Wray at the Council on Foreign Relations, 26 April 2019
5 Statement of John Demers, Assistant Attorney General, National Security Division, U.S. Department of Justice, before the Committee on the Judiciary, United States Senate, 12 December 2018.
6 1 in 5 Corporations Say China Has Stolen Their IP Within the Last Year: CNBC CFO Survey, Eric Rosenbauam, CNBC Global CFO Council, 1 March 2019.
7 “Second Former Glaxosmithkline Scientist Pleads Guilty to Stealing Trade Secrets to Benefit Chinese Pharmaceutical Company,” Press Release, U.S. Attorney’s Office for the Eastern District of Pennsylvania, 14 September 2018
8 “U.S. Charges Five Chinese Hackers for Cyber Espionage against U.S. Corporations,” Press Release, U.S. Department of Justice, Office of Public Affairs, 19 May 2014.
9 “China’s Cybersecurity Law: What You Need to Know,” The Diplomat, 1 June 2017.
10 “The Real Danger of China’s National Intelligence Law,” The Diplomat, 23 February 2019.
11 “Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information,” Press Release, U.S. Department of Justice, Office of Public Affairs, 20 December 2018
Founded in 1916, the Pennsylvania Chamber of Business and Industry is the state's largest broad-based business association, with its membership comprising businesses of all sizes and across all industry sectors. The PA Chamber is The Statewide Voice of BusinessTM.