"Lessons from China's Cyberattack Strategy Can Help CISOs Better Manage Threats, Report Says"
A new Booz Allen Hamilton report examined more than a dozen Chinese-sponsored cyberattacks over the last decade. According to Booz Allen Hamilton, Chinese government-sponsored cyberattacks present a challenge to US national security interests both at home and abroad, but threat analysts and Chief Information Security Officers (CISOs) can better prepare for these cyber threats by learning more about the patterns in Beijing's cyber operations. The report, titled "Same Cloak, More Dagger: Decoding How the People's Republic of China Uses Cyberattacks," examined Chinese-sponsored cyberattacks that were launched over the last decade to determine how, when, and why the People's Republic of China (PRC) uses its cyber capabilities. According to the report, the PRC primarily uses cyberattacks to advance its core interests, which are security, sovereignty, and development. The Chinese government targets countries, organizations, and people, including US critical infrastructure organizations and countless companies with global interests that threaten its identified core interests, by using various PRC organizations and state-aligned actors to carry out its cyber activities. When factors such as location, sector, and actions are taken into account, the likelihood of these entities being subjected to a PRC-backed cyberattack rises. Countries where China lacks a clear power advantage, politically significant sectors and political organizations such as the semiconductor industry and anti-corruption organizations, and entities involved in combating PRC online censorship and propaganda are all more vulnerable to cyberattacks. The PRC's primary tactics include Distributed Denial-of-Service (DDoS) attacks, defacement of websites, breaching of Industrial Control Systems (ICS), such as those in the energy and power sectors, and the use of ransomware. This article continues to discuss key findings and points made in Booz Allen Hamilton's new report on Chinese-sponsored cyberattacks.