Sunday, February 10, 2013

India Inc needs to act with government in tow to counter Chinese internet hackers

Feb 7, 2013, 04.00AM IST


Google CEO Eric Schmidt's forthcoming book, The New Digital Age, blames China as the "most sophisticated and prolific hacker of foreign companies". It argues that as digitalisation deepens in all spheres, China's massive investments in corporate espionage will give it a distinct edge over other major powers.
While China fancies multiple means to achieve a Sino-centric global economy, the web-based one that Schmidt describes is the savviest for Beijing, because it relies on the cyber realm where stealthy theft and destabilisation can be carried out without obvious smoking guns. To tackle China's IT menace posed to the corporate world, it is necessary to have clarity about what its industrial espionage seeks to achieve. The main quarry of Chinese internet hackers stalking the private sector is innovation.
Instead of laboriously reinventing the wheel or purchasing licensed material, Chinese state-owned giants reckon that they can catch up faster with overseas competitors by stealing straight from the horse's mouth.
The typical pattern is for Chinese cyber thieves to reach cutting-edge research at foreign corporations, pilfer the trade secrets and then utilise the invaluable data to set up a manufacturing or service production facility inside China. From automobiles and alternative energy to glass and weapons hardware, computer hackers traced back to Chinese handlers have wrecked critical corporate infrastructure and pilfered patented information. In the US alone, corporations belonging to a wide variety of sectors have reported becoming victims of Chinese cyber espionage.
Schmidt's Google, along with other notables in the IT industry like Adobe, Juniper, Yahoo and Symantec, were systematically attacked by Chinese hackers in 2009. Code-named Operation Aurora, the goal of these attacks was to access and modify source codes of these hi-tech companies. One web security investigator noted that the Chinese had aimed at "the crown jewels of these companies, much more valuable than any financial data".
Apart from technological innovation and blue skies research, the other big tranche of information that is gold dust for Chinese corporate hackers is financial. Prior knowledge of earnings reports, profit estimates, stock performance, payroll and board decisions of global competitors is prized by Chinese majors so that they can plan, anticipate and outdo these rivals through business intelligence.
Instead of indulging in risky insider trading rings that are liable to being busted, China's cyber army can be safely put to work to remotely take over unsuspecting proxies like university computer systems, and then use them as a base to extract confidential financial estimates of corporations located in that country.
This underhanded method was recently exposed when two leading western newspapers, The New York Times and The Wall Street Journal, admitted that Chinese hackers routed secret access to communications of their journalists via compromised American university computers. While the targeting of hardware and software firms has offensive commercial motivations, the Chinese have made a habit of spying on the news media for a more defensive purpose. The pattern is to break into emails and files of foreign reporters who are filing stories on corruption or other failures of governance in China.
Sensitive about image and 'saving face', the Chinese government and its corporate extensions wish to employ subterfuge and stanch a volley of negative coverage that they receive from the international press. While the majority of Chinese cyber intrusions have been reported by American, European and Japanese companies, Indian corporates cannot afford to be complacent.
It is a known fact that Chinese hackers gatecrashed into computers of Tata, DLF, industry association Ficci and even the news leader of our country, the Times of India group. The objectives of snooping into these premier Indian companies and chambers of commerce are obvious, i.e., learning about their strategies and keeping tabs on their key personnel whose actions have commercial or political implications for China.
Due to the integration of China's private sector with the state's military and foreign policy, the transition from economic to political purpose in cyber espionage is wafer thin. The same Chinese hackers who sneaked into our corporate emails and reports have 'exfiltrated' data from Indian defence installations and Indian diplomatic cables relating to our relations with west Africa, Russia and central Asia.
What an Indian MNC wants to do in Africa and what the ministry of external affairs does to facilitate it is of direct interest to a Chinese ministry marshalling Chinese FDI decisions in Africa. Schmidt's book recommends a tighter, ironically, China-like, relationship between government policies and private sector actions to face the dragon in cyberspace.

A public-private partnership in cyber security with dual offensive and defensive reach is the ideal arrangement to confront China's 'informationisation' of conflict. The Chinese themselves realise that the internet is a medium where predator can also be prey, and emphasise improving their own defensive abilities like network scanners, password cracking, 'sniffers' and firewalls.
For self protection and retaliation in a cybernetic global economy, India Inc needs to act with our government in tow.
(The author is dean of the Jindal School of International Affairs)

No comments:

Post a Comment