The economic trajectory of 1.3 billion Chinese has Western financial services leadership giddy. They project oceans of profits generated through services to China’s growing middle class and wealthy elites. Shareholders read about our corporation’s efforts to plumb critical hubs of their global operations into Chinese joint ventures, and seem to support leader’s optimism. In the rush for earnings, systems are rapidly being integrated across virtually all lines of personal and corporate finance.
In many situations, this vision seems out of phase with guidance from seasoned financial services security and risk management professionals. All material players in global financial services distinguish their organizations from the competition through their market reach and human capital. Some also tout the value of their brand or their access to non-human capital. But a key differentiator remains proprietary business rules, investments analysis and operations platforms, and data. These foundational assets exist in highly-portable digital form and cannot be replaced or easily re-factored if they are stolen. It is already difficult and expensive to resist targeted cyber-attacks, many of which emanate from China. Casually extending financial services infrastructure into China is an elevated risk gamble — of a magnitude rarely undertaken even by the most aggressive of our peers. Plan to lose some of these bets as core intellectual property and data are appropriated into our Chinese competitor’s operations.
This should not be new news…
After years of reticence to engage the issue, it seems like the U.S. government is now changing course and attempting to help engage U.S. businesses in efforts to more effectively address some of the risks associated with Chinese cyber-threats. Last fall House Intelligence Chairman Mike Rogers (R-MI) accused China of widespread cyber economic espionage. Chairman Rogers said, “China’s economic espionage has reached an intolerable level…”
Late last month three individuals in positions to have extensive, long-running access to secret intelligence concerning cyber-threats against United States targets released an opinion column in the Wall Street Journal titled: “China’s Cyber Thievery Is National Policy—And Must Be Challenged.” The piece was written by Mike McConnell (Director of the National Security Agency 1992-1996, and Director of National Intelligence 2007-2009), Michael Chertoff (Secretary of Homeland Security from 2005-2009), and William Lynn (Deputy Secretary of Defense 2009-2011). Their central message was that “The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the world’s most active and persistent practitioners of cyber espionage today.”
Reporting on the topic, NPR’s Tom Gjelten quoted Mike McConnell: “We know, and there’s good evidence … of very deliberate, focused cyber espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage.” Writing about the WSJ column on the topic, Gelton went on to write that “One reason they were anxious to publicize China’s cyber espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity.”
Attackers from China have been conducting sustained, coordinated, covert intellectual property and sensitive financial information thefts against corporations, in some cases for years. There are powerful forces influencing the dialog on this topic. With few exceptions, representatives of companies doing business in China seem to have a pattern of stumbling whenever asked to discuss this topic in public. As leaders in global financial services organizations intensify their focus on extracting value from Chinese markets, we need to ensure that sufficient fact-based risk management influence is applied to technology, infrastructure, operations, and information security decision-making.
“US lawmaker: China cyber espionage ‘intolerable.'”
October 4, 2011, Susan Cornwell, Reuters.
“China’s Cyber Thievery Is National Policy—And Must Be Challenged.”
January 27th, 2012, Wall Street Journal.
“U.S. Not Afraid To Say It: China’s The Cyber Bad Guy.”
February 18, by Tom Gjelten, National Public Radio