U.S. Attorney General William Barr announced on 10 February 2020 that the U.S. Department of Justice (DOJ) was charging four members of the Chinese People’s Liberation Army with hacking Equifax to steal the company’s intellectual property and sensitive personal information on almost half of all Americans.

“…the hackers broke into Equifax’s network through a vulnerability in the company’s dispute resolution website,” Barr explained in a press conference. “Once in the network, the hackers spent weeks conducting reconnaissance, uploading malicious software, and stealing login credentials, all to set the stage to steal vast amounts of data from Equifax’s systems.

“While doing this, the hackers also stole Equifax’s trade secrets, embodied by the compiled data and complex database designs used to store the personal information. Those trade secrets were the product of decades of investment and hard work by the company,” Barr said at the press conference, which was held at DOJ headquarters in Washington, D.C.

The alleged cyber criminals’ actions were just some in a pattern of intrusions that Barr said China has conducted to target trade secrets and confidential business information (See “Conducting a Trade Secret Theft Initiative,” Security Management, February 2020).

“Indeed, about 80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret theft cases in recent years involved some connection to China,” Barr added.

This threat is part of a broader trend that the U.S. intelligence community has noticed in recent years: foreign intelligence actors are increasingly targeting the private sector, in addition to government agencies and the defense industrial base.

The number of threat actors targeting the United States is also growing, including nation-state actors like Russia, China, Iran, Cuba, and North Korea, as well as terrorist groups, hacktivists, leaktivists, and others with no formal ties to foreign intelligence services.

These threat actors are using sophisticated intelligence capabilities and technologies to carry out this activity on an expanded set of targets.

But previously, the United States was not poised to adequately address these threats. This understanding led to the decision to make a “paradigm shift” in the U.S. approach to counterintelligence, said William Evanina, director of the U.S. Office of the Director of National Intelligence’s National Counterintelligence and Security Center (NCSC).

“It is essential that we engage and mobilize all elements of United States society and fully integrate sound counterintelligence and security procedures into our business practices, and strengthen our networks against attempts by foreign threat actors or malicious insiders to steal or compromise our sensitive data, information, and assets,” Evanina wrote in the introduction to the National Counterintelligence Strategy of the United States of America 2020–2022.

The strategy is focused on five objectives: protecting the nation’s critical infrastructure, reducing threats to key U.S. supply chains, countering the exploitation of the U.S. economy, defending American democracy against foreign influence, and countering foreign intelligence cyber and technical operations.

Infrastructure. In 2015, Russian actors launched a series of cyberattacks that would ultimately take down portions of Ukraine’s power grid—marking the first known incident of a cyberattack being used to successfully cut electrical power.

Since then, foreign intelligence entities have continued to develop these capabilities to exploit and disrupt critical infrastructure in the United States and around the world.

“The decentralized and digital nature of critical infrastructure worldwide creates vulnerabilities that could be exploited by foreign intelligence entities, and they also are targeting the facilities and networks that underpin global energy and financial markets, telecommunications services, government functions, and defense capabilities,” according to the National Counterintelligence Strategy.

To proactively prevent disruptions to the U.S. economy or the electric grid, the strategy said the U.S. government will expand critical infrastructure information exchanges and develop new tools to provide critical infrastructure owners and operators with actionable information and security best practices.

The U.S. government also committed to recruiting, training, and retaining a “dedicated cadre of critical infrastructure subject matter experts” to aid with its information sharing objectives.

Supply chain. Throughout 2018 and 2019, the United States raised repeated concerns about Chinese telecommunications firm Huawei. In particular, the Americans claimed that China would have access to the technologies and services that depend on 5G mobile infrastructure, and the United States has urged its allies to not use Huawei’s products. Huawei has repeatedly denied the allegations.

This is a sign of how understanding of supply chain threats has evolved in the 21st century to pose risks to critical infrastructure and economic sectors. The U.S. Department of Homeland Security is leading a public–private partnership on managing risk to the global information and communications technology supply chain (See “Public–Private Partnership Addresses Supply Chain Security,” Security Management, May 2019). But the NCSC recognized that more needed to be done.

“The increasing reliance on foreign-owned or controlled hardware, software, or services, as well as the proliferation of networking technologies, including those associated with the Internet of Things, creates vulnerabilities in our nation’s supply chains,” according to the strategy. “By exploiting these vulnerabilities, foreign adversaries could compromise the integrity, trustworthiness, and authenticity of products and services that underpin government and American industry, or even subvert and disrupt critical networks and systems, operations, products, and weapons platforms in a time of crisis.”

To address this threat, the U.S. government plans to enhance its ability to detect and respond to supply chain threats—including creating procedures to identify high-risk vendors, products, software, and services. It will also advance supply chain integrity and security across the government, and expand outreach on supply chain security to state, local, and private sector partners.

Intellectual property. Days before Barr announced the latest charges in the Equifax hack, the FBI arrested a prominent chemist for his alleged involvement in a multiyear effort to steal intellectual property and pass it along to the Chinese government.

The DOJ claimed that Charles Lieber—head of Harvard University’s Chemistry Department—lied to U.S. Department of Defense investigators about his participation in China’s Thousand Talents research program, which is designed to attract academics and experts to work in China.

“Foreign intelligence entities have embedded themselves into U.S. national labs, academic institutions, and industries that form America’s national innovation base,” according to the strategy. “They have done this to acquire information and technology that is critical to the growth and vitality of the U.S. economy.”

The NCSC has found that adversaries use a variety of means to embed themselves into those organizations, including creating front companies, joint ventures, foreign direct investment, and talent recruitment programs.

“The theft of our most sensitive technologies, research, and intellectual property harms U.S. economic, technological, and military advantage in the world,” the strategy explained. “It puts at risk U.S. innovation and the competitiveness of American companies in world markets.”

To meet its objective to counter this threat, the U.S. government plans to improve its ability to detect foreign threats to the national innovation base, broaden awareness of foreign intelligence threats to the U.S. economy, and work with the private sector to develop better procedures to track foreign investment in the United States.

A portion of this last initiative is already underway as the U.S. Department of Treasury recently issued two final regulations implementing aspects of the Foreign Investment Risk Review Modernization Act of 2018. The regulations include expanding the Committee on Foreign Investment in the United States’ (CFIUS’) ability to review foreign investment transactions that impact U.S. national security.

Previously, CFIUS could only review investments that would result in foreign control of a U.S. business. In a brief, law firm Cooley LLP explained that the new regulations give the committee the broader power to review “non-passive, noncontrolling investments” in U.S. businesses that deal in “critical technology, critical infrastructure, or sensitive personal data.”

Elections. In February 2020, The New York Times reported that former Acting Director of National Intelligence Joseph Maguire briefed the U.S. House Intelligence Committee that Russia was interfering in the 2020 presidential campaign to re-elect U.S. President Donald Trump.

The briefing followed months of warnings by U.S. intelligence and government officials that Russia and other adversaries have engaged in vast disinformation campaigns that threaten democracy.

“These campaigns are designed, for example, to sway public opinion against U.S. government policies or in favor of foreign agendas, influence and deceive key decision makers, alter public perceptions, and amplify conspiracy theories,” according to the strategy. “These campaigns can include the targeting of our democratic and electoral processes using influence operations that can be long in duration, have broad strategic implications, and include activities that are covert, overt, and illegal.”

To counter these threats, the U.S. government has pledged to advance its counterintelligence capabilities and activities to detect, deter, and counter influence activities; strengthen partnerships across government and with the private sector; and deepen existing foreign partnerships and develop new ones.

Counter operations. Adversaries are continuing to develop more effective means to conduct cyber espionage and technical operations against U.S. interests.

“The development of next generation technologies such as the Internet of Things, 5G cellular communications technology, quantum computing, and artificial intelligence will continue to present new opportunities for foreign intelligence entities to collect intelligence and conduct cyber operations against the United States and its allies,” the strategy said.

To be prepared to counter this threat, the NCSC explained that the United States needs to pursue a more “integrated cyber counterintelligence posture” that leverages technological advancements, recruits and retains experts, and develops partnerships with stakeholders at the state, local, and private sector levels.

“With the private sector and democratic institutions increasingly under attack, this is no longer a problem the U.S. government can address alone,” Evanina said. “It requires a whole-of-society response involving the private sector, an informed American public, as well as our allies.”