A. U.S. Air Force F-35 Lightning II aircraft from the Vermont Air National Guards 134th Fighter Squadron
Photo: Robert Atanasovski/AFP via Getty Images

Tired: Russia. Wired: China

Protocol Enterprise

Hello, and welcome to Protocol Enterprise! Today: why after years of warnings about the threat posed by Russian hackers, security experts are more worried about China, ransomware strikes a German chipmaker and Palo Alto Networks plunges further into managed security.

China's unseen arsenal

In recent years, threats from Russia have driven much of the cybersecurity attention among Western businesses, especially after Russia’s invasion of Ukraine in February.

But for a number of reasons — not least of which is the current state of U.S.-China tensions — the massive cyber threat posed by the Chinese government is coming back into the spotlight.

  • In the past, China's hacking operation has almost entirely focused on corporate and political espionage. But there's reason to believe the Chinese government is fully capable of launching cyberattacks to disrupt U.S. critical infrastructure — say, in the event that China wanted to prevent aid to Taiwan, experts say.
  • "I don't think there's any doubt that they have capabilities that go beyond [espionage]," which so far "haven't been publicly demonstrated," Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security, told me today.
  • If a more significant conflict occurs between China and the U.S. over Taiwan, however, it's almost certain that we'd witness those yet-unseen capabilities deployed, said Rosenzweig, who is now a consultant on cybersecurity and homeland security.

Even apart from that anxiety-producing prospect, the warnings about China's more-typical hacking efforts — often focused on theft of intellectual property from U.S. companies — are growing.

  • China "stands out as the leading nation in terms of threat relevance, at least for America," said Tom Hegel, a senior threat researcher at SentinelOne.
  • The Chinese government laid out its "Made in China 2025" strategy, which identifies the industries that it considers to be most important going forward, in 2015. The document is extremely helpful when it comes to defending against IP theft by China's government, said Michael Daniel, formerly cybersecurity coordinator and special assistant to the president during the Obama administration.
  • "If your company is in one of those industries identified in that strategy, you are a target for Chinese intelligence," Daniel said. "It's that simple, actually."

There's been a clear shift in China's IP theft priorities from its traditional focus on defense-related technologies and into the high-tech and biotech sectors, said Christian Sorensen, a former U.S. Cyber Command official.

  • Implementing defenses against longer-term risks such as IP theft can be difficult for overwhelmed security teams to prioritize, Sorensen told me.
  • While posing a serious strategic threat for many businesses, he said, "it's not always the front-burner threat."

Read the full report here.

— Kyle Alspach (email | twitter)


How global ecommerce benefits American workers and the U.S. economy: Alibaba — a leading global ecommerce company — is a particularly powerful engine in helping American businesses of every size sell goods to more than 1 billion consumers on its digital marketplaces in China. In 2020, U.S. companies completed more than $54 billion of sales to consumers in China through Alibaba’s online platforms.

Read more from Alibaba

Speaking of hacks

German industrial and electric vehicle chipmaker Semikron said that it was hacked earlier this week.

Semikron said that a professional hacking group claims to have stolen data, and the attack led to the encryption of some of the company’s IT systems and files. “The entire network is currently being forensically investigated and cleaned up,” the company said in a statement.

The Nuremberg-based company noted that it was investigating the claim that data was taken and, if it was, what specifically the hackers gained access to.

Semikron didn’t offer many details about the type of hack or how the attackers managed to gain access to the company’s systems, but Bleeping Computer reported that the hackers used an LV ransomware hack. The ransomware operators attempted to blackmail Semikron and threatened to leak the purloined data.

Semikron develops thousands of designs for power chips that are used in a range of renewable energy technologies, such as wind turbines and hybrid vehicles. The chips are used in trains and in industrial equipment such as conveyor belts and welding machines.

— Max A. Cherney (email | twitter)

Who wants to do security anymore?

If you've been following our security coverage closely (and if so, thank you), then you might've seen my recent articles on extended detection and response (aka XDR) and the cybersecurity talent shortage. Well, here's a bit of news that incorporates both: Cybersecurity heavyweight Palo Alto Networks announced today that it's launching a new managed detection and response (MDR) service built on its Cortex XDR platform.

The company is doing so not only because it knows a heckuva lot about XDR (its founder Nir Zuk invented the concept), but also because this is exactly the sort of thing talent-strapped businesses are looking for right now. While customers have a lot of interest in gaining the security benefits of XDR — which can correlate threat data from across all of a customer's IT environments — many just don't have the skilled staff to operate the platform, Palo Alto Networks' Wendi Whitmore told me.

The company also hopes to sweeten the pot for customers by leveraging Unit 42, the company's well-regarded threat intelligence division. The MDR service, which is the Palo Alto Networks' second managed service to date, will in fact be delivered by the Unit 42 team.

Even though managed detection and response has become a crowded market, the company believes it is "uniquely positioned" to boost security for customers with its new MDR service, said Whitmore, senior vice president at Unit 42.

— Kyle Alspach (email | twitter)

Around the enterprise

Equifax blamed a “coding issue” for a weeks-long period during which it issued inaccurate credit scores to lenders, potentially affecting loan decisions.

Thoma Bravo bought another enterprise software company, this time snapping up Ping Identity for $2.8 billion.


How global ecommerce benefits American workers and the U.S. economy: Using economic multipliers published by the U.S. Bureau of Economic Analysis, NDP estimates that the ripple effect of this Alibaba-fueled consumption in 2020 supported more than 256,000 U.S. jobs and $21 billion in wages. These American sales to Chinese consumers also added $39 billion to U.S. GDP.

Read more from Alibaba

Thanks for reading — see you tomorrow!

Recent Issues