To many in the information-security community, the “Advanced Persistent Threat” isn’t just a buzz-phrase – it’s the problem that gives them more sleepless nights than any other. But the term has become a euphemism: in the midst of a financial crisis that means every western government and high-tech company is looking to the world’s most populous nation for future business, talking about APTs gives people a way of saying “Chinese cyber espionage” without actually mentioning the country by name.
Bill Hagestad, who retired from the United States Marine Corps in 2011 at the rank of Lieutenant Colonel, is not someone to mince his words. Moreover, his extensive immersion in Chinese culture, politics and military theory – he began studying Mandarin Chinese at 16, lived in the country for several years, and has written and spoken about the People’s Liberation Army’s concept of Information Warfare for over a decade – means that plenty of people take an awful lot of notice of what he has to say. And for us in Britain, the picture he paints is not a rosy one.
Hadestad’s presentation at this month’s RANT Forum is titled “How China’s Strategic Use of Compromised Computer Systems has Colonised Britain.” Surely, the Acumin Blog asked him, things aren’t that bad?
“Well, when I look at David Cameron’s most recent visit to the People’s Republic of China, I would say it’s much worse than I would have ever imagined,” Hagestad says. “I’m not isolationist by any stretch of the imagination, having grown up overseas, and I believe that free trade is good. But the way that your prime minister conducted himself with his hosts gave the Chinese a lot of food for thought. Here we have the leader of one of the most important and powerful nation-states on the planet, coming to China and begging for business and investment. I find that curious because there’s already a significant amount of investment. From the Chinese perspective, that’s like, ‘Oh! OK – then the United Kingdom is much worse off than we thought they are’.”
Hagestad’s position on China hasn’t wavered down the years. The slogan he uses on his Red-dragonrising.com website is “Understand the East – Keep Them Closer”, and his often outspoken criticisms of western governments, military planners and corporate decision-makers are less to do with their understandable nervousness at the nature of the Chinese cyber threat than they are about an often unspoken unwillingness to spend a bit more time getting our heads around why China acts the way it does.
“The United Kingdom is the only country that, with Hong Kong, has actually owned a piece of the Middle Kingdom,” Hagestad points out. “And the Chinese will never forgive you for that. Every time I’m in the United Kingdom I point this out – always respectfully but sometimes a little bit too brashly! Whoever that bloke was that signed the 100-year lease, he did you a grave disservice culturally, politically, economically and militarily – and today the avenue of approach militarily, economically and politically is the internet. The Chinese are not going to allow another country to take advantage of them through the binary world. They’re going to be the ones to take advantage of other countries first.”
So what can information-security professionals do about what he seems to be characterising as the Chinese digital invasion of the UK? Hagestad may be blunt, but his prognosis isn’t entirely bleak.
“Certainly they can do a lot of things when it comes to cyber hygiene, and they’re already doing things correctly from an information-assurance and an information-security perspective,” he says. “It would be disingenuous and disrespectful to suggest anything other than that. I think it’s much more strategic. You should understand what the Chinese want from your organisation – and I think, whether we’re British or American or from any other nation, we need to show them respect as an independent culture, rather than viewing them as the ‘Yellow Horde’, as many would have us believe.”
RANT is already firmly established as the UK infosec industry’s most candid and entertaining regular discussion forum, and we expect Bill’s provocative perspective and insights to kick-start a particularly lively debate. Admission is free but places are limited, and going quickly: so please get in touch soon. It all takes place in the City from 5:30pm on Wednesday January 29 2014. To reserve your place, please contact Gemma Paterson at Acumin on either +44 (0)20 7510 9041 or firstname.lastname@example.org