A new report from the U.S. State Department Overseas Advisory Council (OSAC) warns U.S. executives of an increased threat of cyber espionage as a result of trade tariffs being imposed by the Trump Administration. The report notes that “some experts believe that one side effect of this simmering trade dispute will be an increase in China-led cyber espionage” targeting U.S. companies with high value intellectual property. While some experts noted a decrease in cyber espionage activities following the 2015 trade agreement between the two countries, others argue that the activity continued but was more focused on “tech companies, law firms, and medical manufacturers” and that China has reportedly broken eight past technology transfer agreements over the past decade.

The exact cost of Chinese intellectual property theft through cyber attacks is widely disputed with ranges as disparate as between $30 and $600 billion USD per year.

A Tilted Market and “Backdoor” Instruments

A recent report by the USTR alleges that the Chinese market is intentionally shifted towards force intellectual property transfer and that “The Chinese government has various methods to ensure technology transfers, which include required joint ventures with Chinese companies; laws requiring that research and development be conducted within China; and immense bureaucracy with strict rules for licensing and approvals, which can be enforced in both vague and punitive ways.”

It is expected that Chinese government retaliatory measures could include “backdoor” or other intimidation tactics.
OSAC cites one think tank which believes that the following tactics are possible:

• enhanced and/or unannounced government reviews and audits that may threaten licensing agreements for U.S. companies;
• strict interpretations of China’s cybersecurity law to endanger U.S. business licenses and approvals;
• passage of a pending encryption law that would compel U.S. businesses to use pre-approved Chinese encryption products.

Be Wary of Cyber Attack when Traveling to China

The OSAC warning concludes with some simple protective actions that U.S. Executives should take in order to deter information security threats when traveling to China. While the measures would be ineffective against a sophisticated targeted attack, they do provide a nice lowest common denominator of basic security steps for traveling aboard and include:

• Use “burner” devices that have limited information on them and can be erased after a trip is complete.
• Minimize the number of mobile devices you carry and keep devices with you at all times to maintain their integrity.
• If you use a personal device in China, revert the device back to factory settings and reinstall the operating system when you return to the U.S.
• Dispose of electronic devices purchased in China.
• Delete Chinese-created apps (i.e. WeChat, Baidu Maps) and associated accounts.
• Avoid using publicly available computers or wireless networks, including in hotels, airports, and cafes.
• Disable Bluetooth and Wi-Fi features on your devices when they are not in use.
• Do not accept electronic gifts, including USB devices.
• Only friend people you know on social networking sites.
• Do not post sensitive work or travel information on personal web pages or social networking profiles.
• Enable two-factor authentication for email and apps, including social media.
• Use stringent privacy settings on all apps and disable location services.
• Recognize spear phishing attempts.
• Verify the authenticity of an email with the sender before opening it.
• Use caution before clicking on links (hover over link) or opening attachments (scan attachments for viruses).
• Look for typos in emails.
• Do not click on anything that you don’t recognize or that looks suspicious in any way.