8 Steps for University Leaders to Address Global Cybersecurity Threats
While the scale and intensity of Chinese espionage against the democratic world is increasingly alarming, in July 2022, MI5 and FBI chiefs warned of the growing threat posed by China stating, “The Chinese government poses an even more serious threat to Western businesses” and “is determined to steal your technology” with a hacking program “larger than that of all major countries combined “.
Corporations, agencies, departments and universities around the world now face a state-sponsored attack actively and passively engaged in economic and national affairs. spying. Economic espionage (intellectual property theft) is not only conducted actively through direct cyber measures, but based on recent cases and reports, it is also conducted passively through financing, acquisition and reported coercion of universities and academics. There is also evidence that China even engages in passive collection and targeting of individuals via social media platforms, such as LinkedIn and Facebook. For those in academia as well as industries outside of education, it is important to understand what is currently known about cybersecurity threats and what steps you can take to mitigate the risks.
In May 2022, CBS News reported: “A malicious cyber operation spearheaded for years by notorious Chinese state actor, APT 41, has siphoned off around $30 billion worth of intellectual property theft from around 30 multinational manufacturing, energy and pharmaceutical companies.” The report continues, “Hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas and proprietary manufacturing-related data from multiple breaches, spanning technology and manufacturing companies across North America. North, Europe and Asia”. From 2008 to 2013, “Chinese hackers penetrated the servers of American companies and stole intellectual property valued, according to some estimates, between 200 and 600 billion dollars a year.”
Exploitation of academia
Last month the Reported Daily Beast “a professor from Maryland has created software that can read people’s personalities and ‘predict their behavior'”. follow-up reportProfessor created ‘useful for surveillance’ software as part of six-figure research grant from Chinese tech giant Ali Baba.
Recently, NBC news reported“At least 154 Chinese scientists who have worked on government-sponsored research at the largest national security laboratory in the United States (Los Alamos National Laboratory) over the past two decades have been recruited to perform scientific work in China – some of whom have helped advance military technology that threatens US national security.”
The elephant in the room – research funding and tuition fees – was acknowledged in the joint MI5 and FBI statement: “Having, for example, almost 150,000 Chinese students in UK universities is, in almost all cases, good for them and good for us.” That’s fine, as long as he’s not armed. The Chinese government has militarized some, if not all, of the research funding and tuition revenue that international institutions and scholars rely on. Chinese graduate students are preferred not just for their talent, but more importantly for the research dollars they can bring in and the full-price tuition they pay: all provided by China. This has created quite a dilemma for academic institutions.
In a recent case, a professor was found guilty of four counts of fraud and misrepresentation. NPR reported that “Prosecutors alleged that Tao concealed his work with a Chinese university and affiliation with a Chinese government-run talent program as part of a scheme to defraud the University of Kansas and the government.” The defense argues that the professor “never formally accepted the job offer at China’s Fuzhou University, was never paid, and did not violate disclosure rules in effect at the time.” .
American think tanks and academic institutions are also funded by foreign nations around the world, and it is important to remember coercive leverage. In 2018, newly elected South Korean President Moon shut down the Korean American Institute at the John Hopkins School of Advanced International Studies by withdrawing its funding. This decision was would have manufactured under economic pressure from China. In 2017, the American think tank “Asia Society” was accused to kowtow to China for refusing to host an event featuring Hong Kong democracy activist Joshua Wong.
In China’s pursuit of an information advantage, nothing is left to chance. Example: “Dickseon Yeo” or if we use his real name “Jun Wei Yeo”. Born and raised in Singapore, Mr. Yeo used coverage of academia (Ph.D. candidate) to gather information and recruit potential American traitors to the Chinese government (MSS). He leveraged LinkedIn to collect hundreds of resumes with three government officials flagged on its payroll providing information via “trials” on targeted topics. Anyone who understands the “small world theory” knew that Mr. Yeo was destined for a visit from the FBI. Coincidentally, yours truly was targeted by Mr. Yeo.
As an academic, I wanted to write for money. In academia and the media, these opportunities are rare and can attract many interested people. For me, something was wrong with Mr. Yeo and so I ghosted the poor guy.
On Mr. Yeo, the FBI declared“This case is another reminder that China is relentless in its pursuit of American technology and political information to advance its own interests.”
From today, protect yourself
Echoing MI5 Director McCallum and FBI Director Wray, “Starting today, we have to protect ourselves.” Based on my experience both in academia and in the field of cybersecurity, I firmly believe that it must be a global response: a partnership not only between democratic nations, but also with the academia, industry and individuals. There must be a policy response for academic institutions and individuals: more funding for academics to counter funding from China as well as a security review on all grants involving dual-use technologies. For academics and beyond, there are steps you can take today to help mitigate cybersecurity risks.
1. When in doubt, don’t click on a link. Check with the sender to make sure it’s not a phishing attack.
2. If you want to click on the link, consider a filter like Urlscan.io and VirusTotal to open the link first.
3. Familiarize yourself with CISA (Cybersecurity and Infrastructure Security Agency).
4. “Think Before You Link” app works to identify features of fake profiles used by foreign spies and other malicious actors.
5. Multi-factor authentication (MFA) is essential.
6. Use password managers and a randomly generated password for each account; never reuse passwords.
7. Patch your systems on a weekly basis.
8. Keep all data (intellectual property, trade secrets) confidential.
We can’t withdraw from the internet, we can’t shut it down or turn it off – no, we have to sink into it, eyes wide open and aware of ourselves. As investigations and cases progress Continue On the surface, the need for a basic understanding of basic cybersecurity hygiene is more important than ever.