China has sought to exploit global cyber vulnerabilities to build its network of intelligence, trade secrets, and other data. As the latest revelations about a breach of Norwegian business software firm Visma make clear, the U.S. cannot push back on China’s nefarious hacking without cooperation from its allies.
On Wednesday, cyber-intelligence firm Recorded Future released a report on its investigation into an attack on Visma as well as two other unnamed companies: one a U.S. law firm and another a global apparel firm.
The report links the attack to Chinese state-sponsored hacking group Apt10, also known as StonePanda. That’s the same state-backed group that was the subject of Justice Department allegations and the indictment of two men in December on charges of hacking 45 entities, including commercial enterprises, defense companies, and government agencies in 12 countries.
The attack on Visma demonstrates a key point of Beijing’s tactics. The company, which provides software to 850,000 clients around the world, was likely seen as a potential access point to internal networks of other firms. Previously, both Hewlett Packard Enterprise Co. and IBM were targeted with the same goal of breaking into a key supplier and then targeting its clients as part of the broad hacking campaign known as “Operation Cloud Hopper.”
Those attacks on companies with clients around the world point to the importance of recognizing that an attack on one company located in one country can have much broader implications and is a global concern. It also reinforces the need for coordinated protections and responses.
Already, NATO recognizes this growing need in the national security landscape. The alliance has, as NATO General Secretary Jens Stoltenberg explained to the Washington Examiner during an editorial board meeting, worked to incorporate cybersecurity into its defense strategy.
[Related: The US military’s cybersecurity is extraordinarily weak]
Stoltenberg outlined joint exercises to prepare for cyberattacks, as well as plans to help member nationals bolster their security and prepare to respond to a potential attack. That not only makes member nations less vulnerable, but also raises awareness: the first, critical step in developing security systems.
Stoltenberg also pointed out that Article 5, the treaty’s mutual defense provision, could be invoked in the case of a cyberattack that is “regarded as potentially as serious as a conventional attack.”
In all of these measures, multilateral cooperation is key and, as Stoltenbreg put it, the alliance is “looking into how we can do more to coordinate polices on every aspect cyber between NATO Allies.”
That’s important. Cyberattacks are not just a threat to one country in isolation, and they must be treated as breaches that undermine systems rather than just specific companies or states.
