Chinese Cyber-Spying Shows Why U.S. Must Bolster Network Defenses
However, McWhorter points out that it's important to understand the threat. This means understanding what the Chinese government and its business partners are after and why. "These are economic competitors," said Pace University Professor of Information Systems James Gabberty, who spoke to eWEEK from Hong Kong. "They're going to do whatever is in their best interests." Gabberty said he suspects that the U.S. probably would do the same to China. But in the case of China, the "Chinese government and Chinese business are one and the same." He noted that China is in a hurry to catch up with the West, and that the Chinese will do anything they can to accomplish that. "They need to feed their 1.4 billion people," Gabberty said. "They don't want to be seen as a place where cheap labor is dominant. They want to be seen as a source of knowledge." But he also noted that in their quest for information, "if you refuse to give them technology that they want, they will do their best to steal it." Gabberty said that one common way for the Chinese government to extract technology secrets from the U.S. is to put pressure on the families of Chinese immigrants to provide information or help with its cyber-spying efforts. He also said that China is not likely to stop its attacks until it gets everything it wants.So what do you do to protect your company against the Chinese hackers and similar threats? "Defense is good for non-targeted threats," McWhortle said. He said that it works very well for attacks by viruses and botnets, but not for targeted attacks such as those from the Chinese. "In a targeted attack, defense is only going to get you so far," he said."You have to understand the threat and have visibility into your network," McWhortle said. "You need to know what to look for, and you need to know how to look for it. Do you have adequate logging? Have you locked down your cell phones?" McWhortle explained that it's critically important to really know your network so that you can tell when something isn't right. He said that logging is one way to tell when something happened that shouldn't have happened. In addition, it's important to tell what any intruders did, what information they took, how long they've had access to your network and where they went. Information sharing is also really important because if the Chinese hacked into your network, the chances are pretty good they're also trying to get into your competitors' networks. He said that information sharing will help you learn what the threat environment is like. He also said that you can buy intelligence but that whatever route you take you have to know what's going on outside your organization. Of course, that doesn't mean you can stop protecting your data. Critical information should still be encrypted using the strongest encryption you can find. Companies also need to deny access to anyone who shouldn't be seeing critical information. But first you need to determine what constitutes critical information, and that means more than just your intellectual property and trade secrets. Even your employee phone roster could be useful to the Chinese as they put together targeted attacks against your company.