China’s Thirteenth Five-Year Plan indicates the nation’s plan to hack Australian companies and steal intellectual property, says a US cyber security think tank.
“From state sponsored smash-and-grab hacking and techno-pilfering, to corporate espionage and targeted theft of IP, the threat is real, the economic implications are devastating,” The Institute for Critical Infrastructure Technology (ICIT) wrote in its briefing – China’s Espionage Dynasty: Economic Death by a Thousand Cuts.
“Western nations are the primary target of China’s desperate effort to steal in order to globally compete.”
The five year plans are regular blueprints for social and economic development issued by China’s ruling Communist Party. The latest, adopted in March, has a focus on innovation, technology and socio-economic reform.
“While China will develop some of the technology necessary to aspire towards these goals as the result of the intellectual endeavours of its people,” write the ICIT’s James Scott and Drew Spaniel, “the majority will likely be obtained as stolen intellectual property from the United States and other nations.”
The ICIT list Australia as one of the countries they suspect will be victim of China’s ‘sustained espionage’.
China’s 2011-2015 plan highlighted energy, healthcare and steel as key areas of development.
In that period, major US companies such as US Steel, Westinghouse Electric and medical device company Medtronic all suffered hacks believed by US officials to be state-sponsored and originating from China. In 2014 the US charged five Chinese military hackers for cyber espionage – the first time criminal charges had been filed against state-actors for hacking.
In December last year the ABC reported that China was behind a major cyber-attack on the computers at Australia’s Bureau of Meteorology, which compromised sensitive systems across the Federal Government.
Prime Minister Malcolm Turnbull confirmed the ‘significant cyber intrusion’ in April when launching the government’s $230 million Cyber Security Strategy.
The ICIT list a number of Chinese state-sponsored advanced persistent threats with nicknames such as Kung Fu Kitten, Playful Dragon and Gothic Panda which it said had been launched from China's multi-layered spy structure.
“Combatting the complicated layers of China’s multi-pronged attack means erecting profound layers of cyber and physical security composed of bleeding edge technology and the latest in counter intelligence expertise,” the ICIT’s report authors write.
The think tank recommends multinational threat sharing and harsher penalties would help contain the attack risk from the “particularly devious antagonist”.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.