Combating China’s Insider Threat: Can New Laws Curb IP Theft by Foreign Spies?
Theft of U.S. IP is a fundamental part of China’s stated intention to be the world leader in science and technology by 2050
The U.S. Innovation and Competition Act, passed by the Senate in the week-ending June 11, 2021, includes two cyber-related acts – both introduced by Senator Portman, Ranking Member of the Senate Homeland Security and Governmental Affairs Committee.
The Cyber Response and Recovery Act is designed to improve the federal response to major cyberattacks, such as the recent attack against the Colonial Pipeline. It establishes a Cyber Response and Recovery Fund for the DHS and CISA to provide support for public or private organizations recovering from major attacks. It can only be activated by a declaration of a significant incident by the Secretary of Homeland Security, and has a perhaps limited budget of $20 million over seven years. Its purpose, however, is similar to the declared purpose of the EU’s Joint Cyber Unit.
The Safeguarding American Innovation Act is designed to prevent foreign powers – and especially China – from stealing or unlawfully acquiring U.S. federally funded research. It is the direct result of a major study published in December 2019 titled Threats to the U.S. Research Enterprise: China’s Talent Recruitment Plans (PDF).
The study declares, “The open nature of research in America is manifest; we encourage our researchers and scientists to ‘stand on the shoulders of giants’. In turn, America attracts the best and brightest. Foreign researchers and scholars travel to the United States just to participate in the advancement of science and technology.”
But it then warns that this openness is abused by foreign powers to advance their own national interests. The most aggressive of these is China with its talent recruitment programs. It has over 200 such plans, with the most prominent being the Thousand Talents Plan. This, says the report, “incentivizes individuals engaged in research and development in the United States to transmit the knowledge and research they gain here to China in exchange for salaries, research funding, lab space, and other incentives.”
The report goes on to note, “Talent recruitment plan members removed 30,000 electronic files before leaving for China, submitted false information when applying for grant funds, filed a patent based on U.S. government-funded research, and hired other Chinese talent recruitment plan members to work on U.S. national security topics.” Theft of U.S. intellectual property (IP) is a fundamental part of China’s stated intention to be the world leader in science and technology by 2050.
There are three primary prongs to Chinese acquisition of western – especially U.S. – intellectual property: straightforward hacking and cyber theft; the implant of physical insiders to research establishments and R&D labs; and hiring western experts to work in China.
Jon Ford, MD of global government services & insider threat risk solutions at Mandiant told SecurityWeek that we should not pin it all on China – everybody does this to everybody else.
Nevertheless, Chinese theft of U.S. IP is the most predominant and aggressive. In January 2020, Dr. Charles Lieber, chair of the department of chemistry and chemical biology at Harvard University, was arrested and charged. He was accused of being a contractual participant in China’s Thousand Talents Plan from in or about 2012 to 2017.
“Under the terms of Lieber’s three-year Thousand Talents contract,” said the DOJ, “Wuhan University of Technology (WUT) paid Lieber $50,000 USD per month, living expenses of up to 1,000,000 Chinese Yuan (approximately $158,000 USD at the time) and awarded him more than $1.5 million to establish a research lab at WUT. In return, Lieber was obligated to work for WUT ‘not less than nine months a year’ by ‘declaring international cooperation projects, cultivating young teachers and Ph.D. students, organizing international conference[s], applying for patents and publishing articles in the name of’ WUT.”
Mandiant’s Ford explains that any researcher working in China will get caught up in the Chinese intelligence laws. “Article 7 of the PRC’s national intelligence law, enacted in 2017, says all organizations and citizens shall – shall – support, assist and cooperate with national intelligence efforts in accordance with the law, and shall protect national work secrets they’re aware of,” he told SecurityWeek. “An important part of PRC national intelligence operations is the collection of data.”
So, once a researcher has been lured to China with the promise of money, resources, and greater recognition, he or she is compelled by law to hand over all research to the Chinese government – even that resourced from the U.S. – while being prohibited from handing over any Chinese data to America.
Attracting top researchers to move to China is only part of the plan – it works in the other direction by embedding Chinese ‘researchers’ into U.S. universities and companies. These people are usually native Chinese citizens who intend to return to China and are consequently still bound by the Chinese laws.
Song Guo Zheng was born in Guichi, China. He became a rheumatology professor and researcher in Ohio. He was arrested on May 22, 2020 at Anchorage, Alaska, alighting from one charter flight before boarding another to China. He was charged with misappropriating $4.1 million in grants from the National Institutes of Health (NIH) to develop China’s expertise in the areas of rheumatology and immunology. On his arrest, he was found to be carrying three large bags, one small suitcase and a briefcase containing two laptops, three cellular telephones, several USB drives, several silver bars, expired Chinese passports for his family, deeds for property in China and other items.
In January 2020, Yanqing Ye was charged, but not arrested since she was in China at the time. She had been studying at Boston University’s (BU) Department of Physics, Chemistry and Biomedical Engineering from October 2017 to April 2019. But she is also a Lieutenant of the People’s Liberation Army (PLA), the armed forces of the People’s Republic of China and a member of the Chinese Communist Party (CCP). She hid her ongoing military service at China’s National University of Defense Technology (NUDT).
It is alleged that Ye continued to work as a PLA Lieutenant completing numerous assignments from PLA officers such as conducting research, assessing U.S. military websites, and sending U.S. documents and information to China. Ye compiled information for the PLA on two U.S. scientists with expertise in robotics and computer science.
The Ye method is used against both academia and private enterprises – students are embedded in universities and employees are embedded in, or recruited from within, private enterprises working on cutting edge technologies. Technologically sensitive data is stolen and either uploaded to servers in China or physically transported there.
In December 2016, Yu Long (a Chinese citizen lawfully resident in the U.S.), was charged with the theft of numerous sensitive military program documents from United Technologies (now part of Raytheon Technologies) and transporting them to China. Long had earlier worked as a senior engineer/scientist at United Technologies Research Center (UTRC) in Connecticut. In August 2014, he emailed a university in China, attaching an updated ‘achievement and future plan’. In the plan, Long discussed his work related to the F119 and F135 U.S. military fighter jet engines and stated that he also had knowledge of unpublished UTRC projects in which the U.S. Air Force had shown interest.
Legitimate access is what is sought by Chinese implants. “Whether you’re an insider or an external actor, you want that legitimate access because it’s much harder to detect someone in your environment who is doing legitimate things yet stealing your data,” said Ford. “They’re accessing documents they can legitimately access. Trying to determine, ‘is that theft, or is that normal course of business; what are they doing?’ is a hard call.”
The examples we’ve looked at are just the tip of the iceberg in terms of Chinese insider IP theft. The two Portman-inspired cyber-related parts of the new Innovation and Competition Act will likely have little overall effect on the problem. The Cyber Response and Recovery Act is designed to help organizations recover from a major breach – but by that time, the IP has already left the building.
The Safeguarding American Innovation Act is designed to prevent the misuse of U.S. tax-funded grants in ways that can facilitate the transfer of U.S. research to China at the tax-payers’ expense. It seeks to close a particular door; but doesn’t prevent implanted Chinese ‘spies’ from quietly transferring data they can legitimately access to China-based cloud servers.
Spies will spy; and if one door closes, they will find another. There is only so much that federal laws can do to deter malicious activities – they cannot prevent it. It is up to the individual organizations, whether in academia or the private sector, to protect their own IP through increased visibility into and vigilance over their data. But they also need to understand that nation-state spying – from any nation-state – is a level up in sophistication over standard hacking group activity.