Insight

Five Eyes intelligence chiefs from US, UK, CAD, AUS, and NZ are not beating the drum on IP theft because they like the sound, but because incentives for industrial espionage and insider recruitment are increasing.

A visiting professor from China at a university in Australia uses PhD students to collect intelligence.

Chinese police call a Silicon Valley engineer and threaten to withhold his mother’s dialysis medications until he provides targeted intellectual property.

A woman in Silicon Valley befriends engineers at companies in the area. She uses her intimate relationship with their employees to schedule tours of sensitive research and development facilities for her out of town friends.

These stories are now commonplace and that might be why Five Eyes chiefs made a joint statement on the persistence of IP theft from global firms earlier this week and how AI will accelerate PRC hacking capabilities.

As FBI Director Wray said at the forum, "China has long targeted businesses with a web of techniques all at once: cyber intrusions, human intelligence operations, seemingly innocuous corporate investments and transactions… Every strand of that web has become more brazen, and more dangerous… and [China has] a bigger hacking program than that of every other major nation combined."

Structural Incentives Presage More Theft, Talent Poaching, and Insider Risk

China’s slowing economy will recover eventually, but it’s unlikely it will ever return to year over year 6% growth. As the 2020s progress, China’s population will age rapidly—before the country reaches the Gross National Income per capita threshold of $13,800 to be considered a high-income country by the World Bank. Sensitive to the “common prosperity” expectations among their ambitious population, PRC policymakers are pushing hard to jump the middle-income trap.

This internal strain is compounded by the US and its allies putting increasing pressure on firms to diversify supply chains, restrict cross-border investment in strategic sectors, and curtail joint ventures.

While industrial espionage (enabled by both insider and cyber penetrations) has been a core modus operandi of PRC statecraft, these forces are driving its intelligence services to double down on IP theft and help China climb technology value chains. China has established a comprehensive internal system connecting university, private firms, and SOEs to intelligence officers, state hackers, and S&T diplomats to drive collection requirements aligned to national industrial objectives. Just last week, KSG identified a 146-page document from a S&T conversion center for university and enterprise collaboration, overseen by an organization that supports military-civil fusion in cyberspace.

However, IP theft of sensitive documents off protected servers doesn’t automatically translate into domestic industry or national strategic advantage. China has already plucked most of the low hanging fruit and is now targeting sectors at the industrial frontier—including synthetic biology/precision medicine, generative AI, robotics, breakthrough materials, quantum information technologies, and advanced semiconductors. In these pathbreaking industries, blueprints, design schematics, and proprietary code are often less important than unique individual know-how and specialized skills.

Thus, as PRC increases its cyber operations designed to compromise sensitive corporate information, they are likely to increase efforts to poach prized talent. While coercion is always an option (especially for targets with Chinese ethnicity or family connection), inducement is the primary strategy. China has found success recruiting key talent with the promise of 3x salary bump and $500K+ starting bonus. Not everyone will take the bait, but many have already, and many more will.

Recommendations

In light of this persistent and pervasive challenge, KSG advises firms to:

• Approach the security and retention of key staff with the same level of priority as your company secures its crown jewel IP;

• Re-examine insider trust programs with a targeted view informed by a PRC specific threat model; and

• Leverage/deepen relationships with independent intelligence experts and government agencies to gain insight on the PRC’s dynamic targeting priorities and threat actor behavior.

For more information or assistance on these issues, please reach out to intel@ks.group.

Forwarded this Exec Brief by a friend? Click below to sign up for our weekly dispatch.

Global Scan

Geopolitics

1. US Expands Curbs on Advanced Chips to China: The new rules close year-old loopholes allowing lower-capacity chips like NVIDIA’s H800 to be transferred. Beijing responded by accusing the US of weaponizing trade and tech issues and destabilizing global supply chains and moved to require export permits for some graphite products.

2. Baltic Subsea Cable Damage Coincided with Suspected Pipeline Sabotage: The communications link between Sweden and Estonia was partially severed around the same time as a Finland-Estonia gas line – raising security concerns for the new NATO members.

3. Companies on the Hunt for Geopolitical Advice: “We’ve moved from peak globalization, where markets determine the location of manufacturing and selling, to the era of a much more politicized global marketplace,” said a civil society organization executive.

Cybersecurity

1. More than 40,000 Cisco Switches Potentially Infected: Physical and virtual devices running iOS XE software have been critically vulnerable to an implant, for which no patch is yet available, since at least September. Network configuration settings can be updated to mitigate, however.

2. Five-Eyes Intel Chiefs Warn of China’s IP Theft: The rare joint statement was intended to confront the "unprecedented threat" China poses to innovation across the world—stealing industrial secrets from quantum technology and robotics to biotech and AI.

3. Microsoft Extends Audit Log Retention: Purview Audit customers with Standard licenses will have 180 days’ worth of data—rather than the previous 90—starting with enterprise tenants and government customers, as the company promised after a major breach earlier this year.

Strategic and Emerging Tech

1. Big Battery Pioneers Now Reaping the Rewards: Grid-scale batteries have already begun proving their worth to early adopters like California, Texas, and Australia, including services like frequency control and inertia, which keep the grid stable.

2. Making Space-Based Solar Power a Reality: A single satellite could potentially deliver as much as 2GW of carbon-free power, enough to supply a city of 2 million people, 24-7. The plummeting costs of satellite production and launch put the goal within reach.

3. Millions of Workers Training AI Models for Pennies: The broadscale use of many applications can conceal some exploitative labor practices across the globe, and undercut claims of skilled data-cleaning underlying popular AI models.

Policy/Regulation

1. CISA, Global Partners Issue “Secure by Design” Principles: Aimed at both software manufacturers and their customers, the guidance details development steps, procurement practices, and cultural advances to reduce risk and acknowledge shared responsibility.

2. US to Press Other Countries Not to Pay Hacker Ransoms: Ahead of an annual meeting of more than 45 nations later this month, Washington hopes to secure a pledge to take the “hard policy decision” to avoid paying, which officials claim only fuels more attacks.

3. Washington Returns to Drawing Board on Water Cybersecurity: The EPA rescinded a rule requiring public systems to routinely audit cyber hygiene, after facing lawsuits from municipal and industry groups who called for a more collaborative approach.

Bookmarks

1. ECFR: Economics Front and Centre: Why the US-EU Summit Matters

2. CNAS: China Data Brokers Find Opportunity Amid Growing Restrictions

3. Oxford/LBS: The Anatomy of Cyber Risk