Podcast: CrowdStrike Report - TURBINE PANDA - Material Losses from China's IP Theft Campaign

October 25, 2019  Jeff B. Copeland

CrowdStrike has pulled back the covers on a Chinese cyber espionage operation from 2010 to 2015 to exfiltrate IP from Western aerospace firms in order to develop its C919  passenger jet. The jet, which made its maiden flight in 2017, is powered by a Chinese-made turbofan engine that seems to be suspiciously like a turbofan from American-French company CFM International. CrowdStrike suspects TURBINE PANDA, a mixed group of Chinese hackers and intelligence officers from the Ministry of State Security’s Jiangsu Bureau.

Read the CrowdStrike article : Huge Fan of Your Work: How TURBINE PANDA and China’s Top Spies Enabled Beijing to Cut Corners on the C919 Passenger Jet

TURBINE PANDA / the C919 is the latest puzzle piece creating a picture of a massive, multi-year, worldwide campaign by China to steal IP in order to support its commercial jet development program, says Steve Ward, RiskLens Marketing VP.

Steve has been warning for years about this threat – see his  Fox News Interview from back in 2013 – and the potential financial impact to be felt by China's years long IP theft campaigns  – Steve calls it “Chinese digital water torture.”

In this podcast, Steve lays out how we got here and what organizations can do to protect their competitive future.

Some of Steve’s key points:

  • We may be at the cusp of seeing serious production work using stolen Western IP – financial losses will result.
  • Chinese-instigated cyber events have been well known for years but organizations did not have an effective way to quantify their potential losses. Since none of the IP theft events added up to a company killer, and American companies were narrowly focused on quarterly financial performance, this always remained “something bad - but not sure how bad.”
  • The rise of FAIR (Factor Analysis of Information Risk, the model behind the RiskLens Platform) and the increasing acceptance that cyber risk can be quantified in financial terms changes this reality, giving business leadership the capability to see the potential financial impact in what has appeared as a slow drip. Expect more widespread cyber events like the NotPetya attack of 2017 to occur – and further push corporate leaders to demand to know potential magnitude of cyber risk in financial terms.
  • Steve urges one big tactical attitude adjustment for infosec practitioners: Understand first what we are trying to protect – IP and other crown jewel data – instead of focusing on the systems we are trying to protect. As Steve says, “I came to RiskLens because I realized that the industry has been lacking a real Rosetta Stone that translates technical concerns into business risk and gives a decision support capability that helps us get ahead of the adversary.”