Depending on which source is referenced, Chinese government hackers recently either stole a “treasure trove” of sensitive material about American undersea naval capabilities and future weapon systems plans or they obtained over 600 gigabytes of unclassified information. Whichever assessment is closer to the truth, what is indisputable is that the Chinese and other foreign governments are making great strides in compromising the systems of US government contractors and stealing key intellectual property that arguably has dire current and future consequences. The most recent incident occurred between January and February and, unlike many times previously, was not conducted by the “People’s Liberation Army” (PLA) but the Chinese Ministry of State Security (MSS) - an organization which is for China, functionally analogous to the US Central Intelligence Agency. This is potentially significant in that the MSS are considered more adept in their cyber-espionage operations and better able to hide evidence of their hacking activities.
With verified threats from nation state actors linked to Russia, North Korea and Iran, in addition to China, interests in the defense industry who contract for the US and allied countries will continue to face the risk of critical breaches of their intellectual property. Though every defence contractor is now required to be compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards or risk losing their DoD contracts, there are clearly gaps in compliance implementation and practices. The controls specified in DFARS are based on cybersecurity standards from the National Institute of Standards or NIST. Though defense contractors may ‘self attest’ to compliance, the use of third party security experts such as Optium can add a layer of assurance to compliance efforts.