Chinese Hacks Show that Cybersecurity Isn’t Just Academic

(Bloomberg Opinion) -- For decades, back before the Cold War, universities were fertile hunting grounds for espionage.

Western and Soviet intelligence agencies were known to recruit spies directly from campuses at home, while grooming up-and-coming experts in target countries who might one day be in positions of knowledge or power.

A massive hacking campaign reportedly waged by China against more than two dozen universities doesn’t fall into that mold, and looks to be a significant escalation of Beijing’s cyber-espionage operations.

The Massachusetts Institute of Technology, University of Washington, University of Hawaii, and Penn State are among the U.S. targets, as well as South Korea’s Sahmyook University, the Wall Street Journal reported, citing research by iDefense, a unit of Accenture Security. The findings are consistent with intelligence gathered by cybersecurity company FireEye Inc., according to the newspaper.

Chinese Hacks Show that Cybersecurity Isn’t Just Academic

Common among them is their link to research into maritime technology for use in the military, the WSJ notes. 

Yet there’s something deeply disquieting about the idea that academic institutions are now victims of state-sponsored cyber espionage. Universities are supposed to be bastions of unbridled curiosity and intellectual exploration, not ground zero for the murky world of subterfuge and superpower maneuvering. I appreciate the dichotomy inherent in that statement: Schools that develop military technologies have already lost their innocence.

And that’s why universities need to ensure they’re not naive about the threats they face. Many have cybersecurity policies in place, with various levels of defense installed on their networks. As the global cyber war escalates, more coordination will be required across departments and at the individual faculty level.

While much of the espionage conducted during the Cold War focused on military technology, strategy and capability, China’s cyber campaign has extended to corporate secrets and civilian technology. Beijing doesn’t just want to know how to build a modern jet fighter, but how to develop advanced semiconductors. 

That makes defense far more difficult, with many more possible vulnerabilities — attack vectors, in security parlance. And it means that academic institutions need to develop ways to pool and share their knowledge. Like much of what academia produces, those insights can then be used to benefit wider society.

A paper published by the American University in March 2018 discusses knowledge networks, collections of people that share information, as an important tool for defending against and responding to cyber attacks: 

“Understanding the areas of knowledge that are important for cybersecurity in organizations, and how that knowledge is distributed across roles and units in alignment with information system governance goals, is the purpose of this research.”

And the authors should know. One of them is alleged old-school spy Maria Butina.

Co-authorship doesn't imply that Butina's colleagues were aware of her alleged spying.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Tim Culpan is a Bloomberg Opinion columnist covering technology. He previously covered technology for Bloomberg News.

©2019 Bloomberg L.P.