Protecting the Arsenal of Democracy from Insider Threat

Expert View

Two summers ago, I made a $5 wager with my son that the United States would be exchanging shots in anger with China within five years.  Regrettably, in light of Chinese moves in the East and South China Seas and Beijing’s announcement that it considers a recent international ruling rejecting Chinese claims to Phillipines-controlled territory null and void, I am ever more convinced I am going to win that bet.

Indicators of Beijing’s aggressive aims are evident not only in the movement of ships and seizure of shoals.  Ongoing, large-scale Chinese espionage against the U.S. government and American business also belies hostile intent.  The theft by Chinese actors, many linked directly to Chinese intelligence, of U.S. intellectual property and industrial secrets is unprecedented in scale in espionage history, costing our economy hundreds of billions of dollars per year.  That economic espionage campaign has involved both massive cyber-attacks and numerous cases of (detected) human spies who have sought to deliver Beijing material and know-how, ranging from engines for the F-35 fighter to inbred corn seed developed by American agricultural companies. 

Beijing clearly sees its economic espionage as conflict by other means, a prelude to possible actual armed conflict.  The intent of that campaign is at once to boost the relative competitiveness of Chinese business and industry vis-à-vis American competitors and to deny the U.S. military the technological edge we would otherwise have enjoyed by stealing the industrial secrets and intellectual property that enable that advantage. 

Further, as the Federal Bureau of Investigation (FBI) has noted, while economic espionage has historically been directed against high technology and defense sector firms, no company; no matter how large or small; is immune to the threat.  And no state has been as deeply involved in such spying against us as China. 

Should conflict with China actually occur, it would likely start with a small incident of Chinese aggression against our forces or those of an ally that rapidly escalates to a broader fight.  Whatever its cause, that conflict would almost certainly be very violent in character and short in duration, with the U.S. relying on forces immediately at hand to win it.  The professional skill of the U.S. military would grant us a distinct advantage in that fight.  But it is also apparent that the relative capabilities and technological sophistication of the weapons wielded by the likely protagonists would play a key, if not decisive, role in its outcome.  

Unlike World War II, there would be no time for U.S. industry to move to a war footing to give our forces the wherewithal necessary to defeat the enemy.  And we cannot, in any case, be certain the U.S. military would have a decisive technological edge over its adversary.  Indeed, for the first time since that war, the U.S. would face an adversary with which our naval and air forces in particular would be roughly evenly matched.  We must anticipate that Chinese acquisition and deployment of advanced weapons, coupled with knowledge of American military capabilities and plans that Beijing has garnered by virtue of its ongoing espionage campaign against us, would significantly erode any advantages we once enjoyed in this arena.

China is certainly not alone in its espionage targeting of the U.S.  Pervasive Russian spying dating back to the Cold War is familiar to the public at large.  It has been the subject of seemingly countless books, television shows, and movies. 

What is not so well known is extensive Chinese espionage against U.S. defense industries, high technology firms, and financial institutions, an effort that is remarkable for its scope and audacity.  Chinese intelligence cyber attacks on U.S. government agencies and American industry are ubiquitous and comprehensive.  As the Office of Personnel Management (OPM) breach would indicate, they are also conducted with an arrogance that is stunning.  Indeed, the most stunning thing about the OPM breach is that it is no longer stunning.  We have settled into a routine regarding such assaults on American sovereignty.  The U.S. detects them and launches an official protest, and Beijing invariably responds to our protests with disclaimers of responsibility followed by renewed assault from more covert platforms. 

But Chinese intelligence operations are not confined to the cyber arena.  Beijing is also heavily committed to more traditional human espionage against the American target.  Indeed, over the last two decades the number of espionage cases linked to China is virtually identical with those involving Russian spies. Moreover, the preponderance of U.S. economic espionage cases over the same period emanated from China. 

Chinese leadership denials notwithstanding, Beijing’s civilian and military intelligence services have long been engaged in operations against the American target.  And they have registered a number of significant successes, most notably the running of CIA penetration Larry Wu Tai Chin; the theft of nuclear weapons designs from U.S. national laboratories; and the doubling back of Katrina Leung, aka “Parlor Maid”, against the FBI. 

Beijing has generally concentrated its efforts against Americans of Chinese heritage and on intelligence gathering by Chinese officials, researchers, and students working or studying in the U.S.  This so-called “thousand grains of sand” approach, which allows intelligence collection in a low-key manner through natural access and elicitation, thereby shielding China from the risk of potential political blowback inherent in more aggressive operations, continues. 

As the recent case of U.S. Navy Commander Edward Lin shows, Beijing, continues to heavily target ethnic Chinese for recruitment as a matter of preference.  But China has also greatly increased the tempo of its traditional intelligence operations, to include recruitment efforts directed at non-ethnic Chinese U.S officials, businessmen, academics and students. 

Several recent espionage cases are indicative of the scope of the Chinese economic espionage threat confronting U.S. Government and industry.   Xu Jiaqiang was charged in December 2015 with theft of source code from his employer, a large American technology firm.  Xu allegedly stole the code for his own financial gain and for the benefit of the Chinese National Health and Planning Commission.

The theft of American defense technology is central to the case of U.S. citizen Wenxia Man.  Man was convicted in early June of conspiring with a Chinese military intelligence officer to illegally export engines used on several U.S. fighter aircraft and a Reaper Unmanned Aerial Vehicle to China.

Finally, earlier this year, naturalized American citizen Szusziung Ho, was charged with leading a spy ring attempting to steal nuclear secrets at the behest of Beijing.  Ho, who worked at the Tennessee Valley Authority, may have begun to provide information to China as early as 1997, to include material on how to produce the plutonium, uranium 235, and enriched uranium necessary to nuclear weapons production.

This is, of course, not the first time a sophisticated spying effort has been aimed at U.S. industry.  Historically, we need only look to the 1937 theft of the Norden bombsight from the U.S. company of the same name by Nazi spy Hermann Lang to see the potential consequences of failure to protect advanced American military technology.  Fortunately for us, the Nazis lacked the foresight to fully exploit that intelligence boon. 

The same cannot, however, be said of the Soviets, whose penetration of the Manhattan project set the stage for the nuclear balance of terror that characterized the strategic calculus of the Cold War.  More recently, extensive collection of technical intelligence by KGB Line “X” officers in the 1980’s highlighted what remains a fundamental asymmetry between the U.S. Intelligence Community and its foreign counterparts. 

While the U.S. refrains from directing intelligence collection against foreign industries and enterprises with an eye towards stealing their intellectual property and industrial secrets in order to aid American industry, most of the rest of the world recognizes no such constraints and entertains no such scruples regarding economic espionage.  Given the data aggregation and expanded attack surfaces inherent in modern information technology systems, the threat posed by such spying is exponentially greater than it has ever been.      

Given that U.S. industry builds the national security that the government executes, defending that engine of national power from the depredations of economic espionage operations is of crucial import to the defense of our country.  There is, however, a limit to what the U.S. government alone can do in this regard.  While U.S. counterintelligence (CI) professionals do work to blunt the dangers posed by economic espionage, the government of necessity concentrates on defending its own agencies in the first instance.  U.S. CI departments are neither resourced nor postured to provide more than episodic protection to U.S. industry, a defense that most often consists of ex post facto notification by the FBI of a Chinese intelligence operation against a company or business.  American industry ought not wait for the government to inform their defenses against this Chinese challenge as this is, at present, mostly a forensic assessment of damage already inflicted.

If U.S. industry is to continue as the “Arsenal of Democracy,” providing the means to defend freedom, it is imperative that government and industry re-double efforts to provide the latter with information and best practices available to insider threat programs in even the most sensitive government agencies.  A number of such efforts are already underway. 

Most notably, the Intelligence and National Security Alliance (INSA) Insider Threat Subcommittee, of which I am a member, promotes the sharing of experiences and lessons learned between government officials and private sector executives overseeing insider threat programs.  The recent promulgation of the inelegantly named “National Industrial Security Operating Manual (NISPOM), Conforming Change 2 grants us an opportunity to build on such initiatives.  As explained by the Defense Security Service in a May 2016 Industrial Security Letter, NISPOM Conforming Change 2 is intended to bring National Defense Industry insider threat programs into line with the National Insider Threat Policy and Minimum Standards articulated by the White House in 2012. 

Conforming Change 2 establishes minimum insider threat requirements for cleared industry operating under the National Industrial Security Program.  By 30 November 2016, companies providing classified industrial and contractor support to the national defense must establish an insider threat program; designate a senior official responsible for the program; demonstrate an ability to do self-assessments of that program; provide insider threat training for program personnel and awareness training for employees; and have an ability to monitor activity on the company’s information network.   While these are minimum standards, this initiative provides a foundation for much needed further development of insider threat programs within a defense industrial base that has been the target of ongoing collection by foreign intelligence services. 

In addition, enhanced government engagement with defense industries will open cooperation between the government insider threat community and those charged with defending non-defense sectors of the U.S. economy, to include the financial, information technology and medical services areas, which are already subject to threats from the same hostile actors or other similar insider threat challenges. 

Beijing is pursuing its espionage campaign with aggressive determination.  We need to respond with a like sense of urgency, with government and the private sector closely partnering to develop robust insider threat programs that protect the official and industrial secrets that are crucial to our national security.

As for that $5 bet with my son, I hope I never collect on it.  Should it come to that, however, I prefer to do so secure in the knowledge that American industry has done what must be done to protect itself from the threat of economic espionage, thereby preserving the military technological advantage that will give our forces what Churchill might have called “the sinews of victory.”

Expert View
Tagged with:

Leave a Reply