War Games – what the rise in nation-state cyber attacks means for business

Fewer than six months have passed since the UK was first told it would face an imminent, inevitable and life-threatening cyber attack. The warning came from GCHQ’s National Cyber Security Centre (NCSC), whose latest annual review made for grave reading.
The report revealed that the NCSC had dealt with more than 1,160 cyber incidents since its creation in 2016, the majority of which were carried out by nation states in some way hostile to the UK.
According to the NCSC, these attacks were undertaken by groups of computer hackers ‘directed, sponsored or tolerated’ by the governments of those countries and often carried out on UK businesses.
This shows that a growing number of countries are using cyber warfare as a foreign policy tool and, as reports of nation-state attacks continue to rise, it now seems more than likely that the NCSC’s prediction will prove itself to be true.
Indeed, some of the most high-profile cyber attacks across the world have been committed, allegedly, by nation states. Russia’s NotPetya malware attack on US financial and energy institutions and North Korea’s WannaCry hack that brought the UK’s National Health Service to a standstill are just two examples. But more recently, another country in particular has become a focal point of criticism by both the UK and US governments.
China’s cyber offensive
In December 2018, the UK government publicly accused elements of the Chinese government of being responsible for a cyber espionage campaign against British businesses. Foreign secretary Jeremy Hunt named a group known as APT 10, claiming it acted on behalf of the Chinese Ministry of State Security to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US.
Less than a month later, the US filed indictments against Chinese telecoms giant Huawei that included 23 counts pertaining to the theft of intellectual property, obstruction of justice and fraud, ultimately resulting in a US ban.
The company, which is considered by many to be affiliated with the Chinese state, has grown rapidly to become a global leader, and recently, it became the world’s third-largest smartphone supplier after Samsung and Apple.
Huawei has also been a pioneering force for fifth generation (5G) mobile broadband. Alongside superfast mobile connectivity, the technology will power the internet of things (IoT), enabling connected machines – from traffic lights to driverless cars – to communicate with each other.
If claims about the link between Huawei and the Chinese government are to be believed, the state’s influence in foreign markets increases as the company’s does. By controlling the 5G technology that will be at the heart of vital communication and infrastructure networks via Huawei, China could have the capacity to cause disruption on a massive scale.
Gaining an edge
Global economic dominance equates to political advantage and China knows this all too well. It’s for this reason that many now suspect Huawei’s actions to be symptomatic of the state’s strategy for achieving its economic and political objectives.
In this way, China’s approach could be likened to that of any other cybercriminal attacking and extracting sensitive data. The difference in this case is that the state is not seeking short term monetary gain, but instead is stealing intellectual property and privacy information. The reason: to level the playing field between Chinese businesses and the foreign companies they are competing with at home and abroad.
Mirror image
Although we’re more acutely aware of China’s malicious activity when it occurs on our own shores, we must also consider the many western businesses that operate within China’s borders and are increasingly affected by the state’s interference in the competitive dynamics of the market.
This issue was made most clear in a statement by assistant director of the FBI’s counterintelligence division, Bill Priestap, who told American businesses operating in China, that they do so on “borrowed time”. He claimed that the Chinese government’s continued proliferation of cyber hacking tools and human intelligence capabilities makes the world’s second-largest economic market a treacherous place for western firms.
Priestap argued that the Chinese government will allow foreign companies to operate on Chinese soil, but only while it’s advantageous for them to do so. If a product is not yet available domestically for example, the foreign manufacturer will be allowed to remain – but only as long as it takes for valuable intellectual property to be stolen and a Chinese replica to become readily available.
The Chinese tech industry is another good example of where this sort of activity plays out. Historically, it’s been viewed as lagging behind its western equivalents; however, it now seems the state is using its cyber arsenal to obtain the information needed for it to catch up to the positions of western businesses in China. This leaves many UK and US businesses potentially facing competition from Chinese mirror brands assisted by extremely capable intelligence and security services.
Political reaction
While both the US and UK have been critical of Chinese intentions, unlike the US, the UK has so far so far resisted an outright ban of Huawei. By no means does this suggest they have been any less cautious of the more negative aspects of Huawei’s reputation.
After reports emerged that Huawei infrastructure was behaving unusually in 2010, GCHQ took the unprecedented step of setting up the Huawei Cyber Security Evaluation Centre (HCSEC), a designated facility where every Huawei device destined for use in the UK is tested and approved, in a bid to alleviate fears surrounding the company’s involvement with the Chinese government.
Those fears have once again been in the news as a GCHQ-backed security review of the telecoms firm found that it would be ‘difficult to risk-manage Huawei’s future products until defects in its cyber-security processes were fixed’.
The report revealed that ‘technical issues with the company’s approach to software development had resulted in vulnerabilities in existing products, which in some cases had not been fixed, despite having been identified in previous versions’.
Dr Ian Levy, the technical director of the NCSC, announced Huawei could face being banned from Westminster and other sensitive parts of the UK as a result of their ‘shoddy’ engineering practices.
Despite slightly different approaches, it’s clear that governments in both the UK and US are suspicious of Huawei and have put checks in place to limit the company’s influence.
Business interests
While government attitudes towards Huawei suggest real apprehension towards partnering with China, many businesses on both sides of the Atlantic still see the country as an important business ally, provider of cost-effective technology and lucrative customer base.
Mobile UK – an industry group that represents Vodafone, BT, O2 and Three – for example, has warned that preventing Huawei from being involved in the UK’s 5G rollout could cost the country’s economy up to £6.8bn and delay the launch by up to two years.
There is no doubt that China presents opportunities for western businesses both at home and abroad, but it also poses an undeniable threat. The NCSC’s annual report shows that the number of cyber attacks carried out by nation states on businesses are increasing – in number but also in sophistication – and China is one of the main culprits.
Businesses must acknowledge this and ensure their approach to cyber defence is as robust as possible if they are to tap into the world’s second-largest economy. They need to consider what value a malicious actor could extract from their own organisation and swiftly move to protect these assets. They have to put contingency and disaster recovery plans in place and make education and training available to all employees from boardroom to shop floor.
Whether from the FBI or the NCSC, the warning is clear: hostile nation states pose an undeniable threat to businesses. It’s vital that firms now take the necessary precautions to ensure they can continue to safely access the global marketplace.
Author: Tom McAndrew, CEO at international cybersecurity consultancy, Coalfire 

Subscribe to our newsletter

Don't miss new updates on your email