High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures (REPORT)

My team and I have completed a report (High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures) on how much more vulnerable U.S. companies are to being hacked if they engage in joint ventures in Russia and China. Everyone's first response to that is probably - of course! However, our findings might surprise you.

Key Findings:

An aerospace company that has a joint venture in Russia and/or China is 2.4 times more likely to experience a cyber attack than a non-JV company.

Of the study’s control group of 12 aerospace companies that have joint ventures in China and Russia, 8 experienced a cyber attack (67%), including Alcoa, Boeing, General Electric, Honeywell, Pratt & Whitney, Rockwell Collins, Rolls Royce North America and Sikorsky. The other 4 aerospace companies, Eaton, Goodrich, Hamilton Sundstrand, and Parker Aerospace, have not publicly disclosed any cyber attacks.

Of the 21 aerospace companies in the study’s random group, only 6 reported or were claimed to have been the victim of a cyber attack (28%), including General Dynamics, Gulfstream, Lockheed Martin, Northrup Grumman, Orbital Sciences Corporation, and Raytheon.

U.S. companies engaged in joint ventures represent a profit
center for international hacker groups.

This study shows that it is highly likely that the intellectual property owned by U.S. companies with Russian and Chinese JVs also represent high value targets for a variety of state and non-state actors worldwide.

It's unlikely that the Chinese or Russian government will utilize spear phishing or other low-level attacks against a U.S. company with a joint venture in their respective states when other superior means are available to them. 

While official and non-official sources frequently assign attribution to a state military or foreign intelligence organization rather than a mercenary hacker group, the host governments of joint venture companies do not need to craft spear phishing attacks against U.S. companies who operate within their borders; who are required to employ their citizens who are technically PRC government employees; and whose communications networks are supervised and monitored by the State.

Download the full report here

Add to Cart View detail

Aviation companies twice as likely to be hacked if they do business in China

The COMAC C919 Passenger Jet

In anticipation of speaking at the AIAA conference in Los Angeles on August 12-14, I've been researching aviation companies with joint ventures in China and how many of them have reported being the victim of a cyber attack (successful or not). I identified 11 U.S. companies who were working with Chinese partners on the COMAC C919 aircraft and of those 11, 7 (64%) have publicly acknowledged being the victim of a cyber attack at some point in the last few years. No aggressors were named and some of the acknowledgments had to do with unsuccessful attempts only.

That percentage, in itself, didn't seem too surprising so I decided to look at 11 more randomly selected U.S. aviation companies and of those, only 3 (27%) publicly acknowledged being the victim of a cyber attack. However, after digging a little further, I learned that of those 3 companies, 2 (67%) also had joint ventures in China! Our sample suggests that aerospace companies who have joint ventures in China are being attacked more than twice as often as aerospace companies who don't have joint ventures in the PRC.

We aren't suggesting that China is behind the attacks. Rather, that technology which is valuable to China is also valuable to international hacker groups who believe that they can find a buyer for the stolen data.

As far as I know, this is the first study of its kind to demonstrate that a specific industrial sector (Aerospace) of high value to the Chinese government yields an increased risk of cyber attack to U.S. aerospace companies who are doing business in China. I'll be discussing the implications of this study during my presentation at the AIAA conference on August 12th and will be taking a deep dive into our research at a Suits and Spooks luncheon event in McLean, VA on Sept 10th. Our venue in McLean has limited seating so register early. 

Add to Cart View detail

Chinese and Russian Information Security and Aeronautics R&D Luncheon

Announcing the first Suits and Spooks Adversary R&D luncheon at the Ritz Carlton Tysons Corner in McLean, VA on Sept 10, 2013 from 11:30am – 1:30pm. A limited number of attendees will enjoy a delicious lunch and receive a briefing on Chinese and Russian R&D priorities in the areas of Information Security and Aerospace.

Focus and Methodology:

In order to fully understand today’s threat landscape, Taia Global created the world’s first database on adversary state R&D called Chimera. Taia’s researchers collected intelligence on fifty State Key Laboratories (SKLs) in China and ten research centers and institutes in the Russian Federation. These laboratories are top-tier R&D centers that receive funding from the private sector and government-sponsored entities, including the People’s Liberation Army and IT firms such as Huawei and ZTE in China, and the Federal Security Service in Russia. SKLs focus their R&D efforts on strategic research priorities as defined by the central government of the PRC. These priorities range from geosciences to molecular chemistry. However, Taia’s researchers focused their initial collection efforts on laboratories researching and developing Information and Telecommunications Systems and aerospace capabilities.

After collection and translation, the team categorized the data into broad research areas (space systems, quantum cryptography, microelectronics, etc.) before then addressing specific projects, such as ground-based satellite telemetry encryption platforms or field-programmable gate arrays. This type of categorization allowed Taia Global to effectively identify Chinese and Russian research on U.S. export controlled technologies and systems as defined by the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).

Key Findings:

Chinese laboratories are centers of civil-military-corporate integration and nearly 40% of the labs are working on export-controlled technologies. A number of SKLs are working on classified military-specific R&D projects for the People’s Liberation Army. Not only do the SKLs work closely with the Chinese public and private sectors, they actively pursue joint-ventures and partnerships with foreign IT and aerospace companies.

Russian Federation institutes and research centers focus on civil and military developments and 50% of them are working on export-controlled technologies.

To Reserve Your Space

The luncheon and briefing will take place in the Plaza room of the Ritz Carlton Tysons Corner at 11:30am until 1:30pm. All attendees will receive a copy of the presentation along with recorded audio. Tickets are $128 and seating is limited to 48 people. Ensure your space by registering today.

Add to Cart View detail

What's Happening at Russia's MEPHI and China's Key Lab of Aerospace Information Security?

Each month, Taia Global's Science and Technical Intelligence Flash Traffic brief looks at key R&D projects in any one of 14 nation state's research facilities including those of Russia and China. Tomorrow, November 1st, we will feature some key projects being worked on of the Russian Federation's premier universities (Moscow Engineering Physics Institute - MEPHI) who specializes in information security with customers in the Ministry of Defense and the Security Services.

An additional area of coverage in tomorrow's report will be two key labs in China - the Key Lab for Intelligent Networks and Network Security and the Key Lab of Aerospace Information Security and Trusted Computing.

If you believe as I do, that threat intelligence isn't just about malware signatures then I'd like to invite you to become a subscriber to this service. You can buy a single issue for $65 or subscribe for the year for $500. Annual subscribers will also receive free copies of the Russian Federation Information Security Framework 2011 and 2012. Thanks for your support.

Add to Cart View detail