U.S. urged to take comprehensive action on Chinese cyberespionage

A high-profile report showing that Chinese cyberespionage is increasingly focused on U.S. critical infrastructure adds urgency to the government using every tool it has to dissuade China from such activity, experts say.

Security company Mandiant released a report this week that showed a group of cyberspies it had watched closely for sometime was in all probability a secretive organization within the Chinese military. It described how the group was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, including the electrical power grid, oil and gas lines and waterworks.

While there's no evidence China is planning to launch a destructive attack, the fact that the country is behind gathering proprietary information from these companies is a reason for serious concern and a stepped up government response, experts say.

Paul Rosenzweig, a former deputy assistant secretary for policy at the Department of Homeland Security and the founder of Red Branch Law & Consulting, said the government should use everything it has to pressure China to stop.

Options include high-level diplomacy, financial and economic sanctions, using our own intelligence to embarrass the Chinese government, and prosecution of people involved in stealing data as well as Chinese companies that use stolen information.

Congress should also move faster in passing the Cyber Intelligence Sharing and Protection Act, reintroduced last week. The bill would establish rules for companies to share cyberthreat information with each other and government agencies.

"[Chinese spying] certainly adds oomph to the need for CISPA-like legislation, but it probably adds more oomph to the need for a concerted whole-of-government strategy for dissuading China from its current course of conduct," Rosenzweig said on Thursday.

[Also see: Chinese cyberespionage threatens U.S. economy, DoD says]

The Obama administration is already moving in that direction. On Wednesday, the White House released its strategy for preventing the theft of U.S. trade secrets.The plan includes increasing diplomatic efforts, supporting industry-led best practices for protecting proprietary information and continuing to make the prosecution of trade secret theft by foreign companies and governments a "top priority."

While China was not mentioned, the strategy would certainly cover activities outlined in the Mandiant report.

A recently published paper by consultancy Good Harbor Security Risk Management outlines steps countries can take to prevent the escalation of cyberespionage into a more serious confrontation. Initial steps could include sharing information about threats with the intent to tackle thorny issues, like spying, later.

Russia and the U.S., for example, have discussed establishing a cyber hotline to lessen the chances of activity leading to conflict. The hotline would be modeled after one used to prevent accidental nuclear war.

"The U.S. should address this in multiple ways, including seeking to hold diplomatic discussions and developing norms about not attacking critical infrastructure through cyber," said Jacob Olcott, principal for cybersecurity at Good Harbor.

Most experts believe that U.S. intelligence agencies were aware of the activities of Chinese cyberspying before the Mandiant report. However, the account is valuable in raising public awareness of the problem and adding pressure on lawmakers, Matthew E. Luallen, president and co-founder of CYBATI, which conducts professional classes on securing industrial control systems.

What the nation needs is more organizations, such as the North American Electric Reliability Corp. (NERC), to enforce security standards on manufacturers of critical infrastructure and on waterworks. In addition, he favors more regulation, such as the Chemical Facility Anti-Terrorism Standards from the DHS.

"Now that there's a public report, more people can actually understand why we need to have some of these additional regulations around protecting critical infrastructure," Luallen said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.