Security experts were suspicious of the news Tuesday that Chinese authorities are pursuing three alleged operatives tied to the National Security Agency (NSA) who purportedly engineered cyberattacks in February at the Asian Winter Games and on Chinese critical infrastructure.
While some thought it was the Chinese government engaging in misinformation, others said it was difficult to discern the truth given the recent trade war ignited by the Trump administration’s tariffs and China’s longstanding cyberespionage on U.S. critical infrastructure.
“Unfortunately, it’s impossible to know with certainty whether the NSA or an affiliated organization carried out this attack, whether the attribution is mistaken, or if this is disinformation,” said John Bambenek, president at Bambenek Consulting. “Any of these are possibilities, which means that we’ll likely see a great deal more nation-state activity as the trade war between the U.S, and China heats up.”
What made the world press jump on this story was that the Chinese News Service Xinhua posted it on its website. The Xinhua release said the government’s investigation found that the three alleged NSA operatives repeatedly launched cyberattacks against China's critical infrastructure and participated in cyber operations targeting companies such as Huawei, the Chinese telecom company the U.S. has repeatedly singled out as having close ties to the Chinese government.
The release also claimed to uncover evidence implicating the University of California and Virginia Tech in a coordinated cyber campaign against the Asian Winter Games. According to the Xinhua release, the Harbin public security bureau also named the three alleged operatives: Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson.
The reality of an ongoing trade war
Bambenek added that unlike other forms of geopolitical conflict, the U.S.-China rift primarily revolves around trade. Therefore, Bambenek said businesses that normally wouldn’t have to worry about nation-state attacks may need to suddenly step up their game.
“Organizations in any industry or commodity specifically impacted by the trade conflict, such as electronics, agriculture, and manufacturing should immediately take steps to increase their security posture," said Bambenek.
Despite this warning, Morgan Wright, senior fellow at the Center for Digital Government, said U.S. companies don’t have to worry about nation-state attacks from the Chinese any more than usual.
“China will continue to target vital sectors regardless of the impacts to the Asian Winter Games,” said Wright. “Any tie-ins to universities reflect NSA involvement with academic programs, such as Virginia Tech being designated as an NSA Cyber Center of Excellence. There are no NSA classified facilities at Virginia Tech where such sensitive operations could be launched. China’s lack of transparency makes it difficult to evaluate its conclusions and whether or not three NSA employees were actually identified. In all other respects, it remains business as usual.”
Wright added that it should come as no shock that the United States continues to conduct aggressive campaigns to undermine China’s ability to conduct espionage, wage war, and threaten our critical infrastructure given China’s activities in Volt Typhoon and Salt Typhoon. In fact, in an SC Media column late last year, Wright pointed out the Trump administration would pursue more offensive cyber operations.
“Since this [incident is alleged to have] happened in February and well before the recent trade war began, I don't see a linkage to that specifically,” said Wright. “I don't see a strong connection to issues around Taiwan. Instead, I see this as an opportune event where significant intelligence could be gathered. China would be a prime target for numerous actors, in addition to the United States.”
Trey Ford, chief information security officer at Bugcrowd, said he was dubious about this recent announcement from China.
“From the outside, I would expect to hear that the NSA would be targeting systems of measurable impact, not embarrassment, such as disrupting the Asian Winter Games,” said Ford. “I read this news report as narrative control and I do not take this at face value.”
Ford said corporate CISOs and their security operations teams should push hard to do the fundamentals of security.
“Our job as security leaders is to drive up the cost of focused attackers, increase the workload and risk of offensive security operations, and give defenders every possible opportunity to identify and investigate anything out of place,” said Ford.
