Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company. New provision N52.204-016, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment, is prescribed for use in all solicitations in lieu of FAR provision 52.204-24, and new clause N52.204-017, Prohibition on Contracting of Certain Telecommunications and Video Surveillance Services or Equipment, is prescribed for all solicitations and contracts in lieu of FAR clause 52.204-25. These revisions are effective immediately, and will be incorporated into NRO Acquisition Circular 2019-03.

Joint Chiefs of Staff Briefing about China’s “System Attack”

This paper explores the PLA’s theory of victory in modern warfare and its implications for how China plans to fight the United States. It is a primer on the theory’s foundational concepts, and on what the theory reveals about China’s strategic intent and ambitions.

(U) Executive Summary

(U//FOUO/RELIDO) China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.

(U) China’s Theory of War: “‘Systems Confrontation•

• (U//FOUO/RELIDO) 1 +1>2. Operational Systems are Greater Than the Sum of their Parts. Fundamental to China’s theory of victory is the PLA’s concept that modem military forces are “‘systems of systems” which are stronger and more efficient than their components would be in isolation because they are linked and networked together through communications and information systems architecture.

• (U//FOUO/RELIDO) Systems Confrontation: The PLA’s theory of modern warfare, therefore, is “systems confrontation,” or competition between these rival “systems of systems,” rather than as a linear contest between discrete units or services of competing armies.

(U) China’s Theory of Victory: System Attack – Win by Fragmenting the Enemy’s Force

(U//FOUO/RELIDO) Create the Conditions for Winning the War: Make 1 +1<2. The PLA plans to defeat an advanced adversary by thoroughly fragmenting the adversary’s system into isolated component parts. The first step of systems attack, therefore, Is to break the essential links and nodes that promote system cohesion in order to sow confusion, degrade communications and disorient adversary leadership. System attack’s ultimate goal ls to paralyze the adversary force, degrading its ability to resist, eroding leadership will to fight and slowing adversary decision-making. China believes that whichever side has a more networked, integrated and cohesive force will have a shorter OODA loop, be able to act more efficiently, and have a better likelihood of victory. Attacks will take place across all domains to degrade the system as a whole rather than focusing on attrition.

• (U//FOUO/REUDO) Fragment the Force: Degrade Data-Flow and C2. The PLA prioritizes degrading or denying an adversary’s use of information early in a crisis and with greater intensity through a conflict. The PLA envisions using kinetic and non-kinetic operations to target an opponent’s data links, communications, military networks, and information systems architecture early in the conflict. Degrading adversary communications amplifies the effects of missile and air strikes against command and control (C2) nodes, including command centers, flagships, and military and civilian leadership.

• (U//FOUO/REUDO) Blind the Enemy. Deny ISR and Early Warning. China will try to degrade adversary decision-making and awareness by targeting its intelligence, surveillance and reconnaissance (ISR) and early warning capabilities, including key space-based collection systems, theater ISR platforms, intelligence centers and satellites.

• (U//FOUO/RELIDO) Own the Initiative: Getting Inside the Adversary OODA Loop. China plans to seize first mover advantage by initiating conflict when the adversary is not prepared. The PLA will try to maintain battlefield initiative by forcing adversaries into a reactive cycle driven by a rapid tempo of unexpected long-range strikes, asymmetric attacks, and harassing attacks.

• (U//FOUO/RELIDO) More Return on Investment Precision Strikes Enable Outsized Effects. The PLA will rely on highly targeted precision strikes against key links and nodes to achieve an outsized effect on the enemy force’s overall stability and effectiveness. Kinetic precision strikes will be complemented by non-kinetic attacks, especially against adversary networks, datalinks, and information systems.

(U/FOUO/RELIDO) Using the Full Against the Fragmentary, Defeating the Slow with the Rapid. System attacks are designed to enable following operations. Once system attacks have fragmented the adversary military so that it cannot operate as a cohesive force, the PLA will commit its broader intact and networked force to combat. Having tilted the battlefield In its own favor, the PLA will carry out supplemental attacks that ensure the adversary•s system does not recover while gradually attriting the adversary’s aircraft, ships, submarines, and other long-range-strike platforms. Sequencing system attacks first enables the PLA to achieve greater effect with lower risk to its force or mission.

• (U//FOUO/RELIDO) China Expects to Have Its System Targeted Too. China expects that the U.S. will try to degrade the PLA’s ability to operate as a coherent force, having developed the systems attack doctrine described above by watching how the United States fights. The PLA therefore is training and equipping the force to operate independently, autonomously, and resiliently, with a notable emphasis on operating in a complex electromagnetic environment.

(U//FOUO/RELIDO) Aspiration Does Not Equal Capability, but It Signals Intent. In PLA doctrine, the rough sequence of operations enabled by systems attacks would be familiar to U.S. military operators: achieve air superiority, then use air superiority to seize maritime superiority and enable ground operations, then use maritime superiority to execute attacks from the sea to the land. The last part of this sequence is aspirational, since China does not currently field ship-launched land attack cruise missiles and its nascent aircraft carrier program is unable to carry out strike warfare. It is, however, how the PLA says it wants to be able to fight, and its acquisitions and training reflect this ambition. China’s doctrine is reflected in its acquisitions and training patterns today. Tomorrow it will be reflected in its operations. The PLA is progressing rapidly. This is how they will fight.

(U) A Note on Sources:

(U//FOUO) The findings of this paper are derived from China’s most authoritative government and military doctrinal writings: The Importance of system of systems confrontation is evident in its inclusion In the 2015 Defense White Paper on Military Strategy. All other details are derived from the 2015 and 2013 editions of the Science of Military Strategy, and .from an unclassified 2018 RAND Corporation study, Systems Confrontation and System Destruction Warfare: How the Chinese People’s Liberation .Army Seeks to Wage Modem Warfare. General assessments on PLA acquisitions, training and operations are reflected in a wide body of unclassified open source materials from 2000 through the present For ease of sourcing, we cited the 2017 Department of Defense Annual Report to Congress on Military and Security Developments Involving the People’s Republic of China.

Analysis of Chinese Investments in the USA

Image result for yuan

Once hardly noticeable, Chinese investments in U.S. companies are now rising sharply. Cumulative Chinese investments in U.S. companies remain modest compared to those of other major countries. However, a combination of “push and pull” factors are moving China’s annual investment levels closer to levels consistent with China’s current economic stature.

First, the Chinese government has made a conscious decision to diversify its foreign currency assets into hard assets. This has led to the creation of sovereign wealth funds that make portfolio investments in U.S. equities, private firms, and real estate.

Second, the Chinese government has altered its policy guidance toward foreign direct investment (FDI). Whereas it previously encouraged investments almost exclusively toward energy and resource acquisition in developing countries, it now also encourages investments in advanced countries. The government’s goals for these investments include securing energy and mineral resources and acquiring advanced technologies in industries where China wishes to leapfrog existing competitors.

Third, U.S. state governments and, to a lesser extent, the federal government are vigorously trying to attract Chinese greenfield investments in the hope of creating jobs and jump-starting local economies.

Fourth, Chinese investments are being drawn to the United States by the availability of financially weak firms, some of which possess potentially useful technologies for China.

Fifth, some firms that are already competitive with U.S. producers are investing to enhance their U.S. market shares or in response to trade remedies proceedings against unfair trade practices, such as Chinese subsidies.

Economic Benefits

On an aggregate basis, the economic benefits of Chinese investments in the United States have been modest. The precise benefit is difficult to measure due to the convoluted ownership structures of many Chinese investments and the time lags in official U.S. data. Still, based on a combination of official and private data, it is reasonable to conclude that jobs in Chinese-owned companies in the United States increased by 10,000 to 20,000 workers during the past five years.

While hardly significant relative to overall U.S. employment and even to jobs in other countries’ U.S. affiliates, any job creation is welcome given continued slackness in the U.S. labor market.

Chinese FDI in U.S. companies has helped stabilize some financially troubled firms. Portfolio investments by sovereign wealth funds also have helped the economy by solidifying the financial system and providing liquidity to certain property markets.

Chinese investments have occurred in all U.S. regions and in many sectors. According to one private data source, they have been especially prominent since 2007 in the Southwest, Great Lakes, Southeast, and Far West regions, and in the fossil fuels and chemicals, industrial machinery, and information technology industries. According to another private source, as well as government data, the financial sector is also a major recipient of Chinese FDI.

Policy Challenges

These welcome, though still modest, economic benefits are counterbalanced by policy challenges tied to Chinese FDI. First, U.S. affiliates of Chinese companies are not pure market actors and may be driven by state goals, not market forces. China’s outward investments are dominated by state-owned and state-controlled enterprises (SOEs). These entities are potentially disruptive because they frequently respond to policies of the Chinese government, which is the ultimate beneficial owner of U.S affiliates of China’s SOEs. Likewise, the government behaves like an owner, providing overall direction to SOE investments, including encouragement on where to invest, in what industries, and to what ends.

Second, SOEs may have unfair advantages relative to private firms when competing to purchase U.S. assets. SOEs benefit from substantial subsidies in China and their investments in developing countries also receive ample financial support from the national and sub-national governments, state-owned financial institutions and local governments. Government pronouncements out of China suggest that investments in the United States and other advanced countries will also receive ample financial support. This raises the possibility that Chinese largesse could determine market outcomes for purchases of U.S. businesses.

Third, an increased SOE presence may be harmful to the U.S. economy. In China, SOEs are a major force but as a group they are less efficient and profitable than private firms. To the extent that SOEs purchase U.S. companies on the basis of artificial advantages and operate inefficiently, they may not be beneficial to long-term U.S. economic performance.

Fourth, Chinese investments will create tensions related to economic security and national security if they behave in accordance with China’s industrial policy as articulated in the 12th Five Year Plan, government pronouncements, and official investment guidance. China’s current policy guidance directs firms to obtain leapfrog technologies to create national champions in key emerging industries, while investment guidance encourages technology acquisition, energy security, and export facilitation. Based on this juxtaposition, some will conclude that Chinese FDI in the United States is a potential Trojan horse. Indeed, this study describes three investments in new energy products after which production utilizing the desired technology was shifted to China.
Other Findings

U.S. data collection efforts related to FDI are substantial. However, they likely undercount Chinese FDI due to the complicated ownership structures of many Chinese investments. Moreover, although Chinese-owned companies report their data to the U.S. government, many data points are not publically disclosed due to standard U.S. reporting procedures that protect the identities of individual firms. This issue will resolve itself in the coming years if Chinese FDI grows as expected because limits on disclosure will no longer apply.

The United States is relatively open toward FDI, though there are some sectoral restrictions and a national security review undertaken by the Committee on Foreign Investment in the United States (CFIUS). There are a host of laws that subject foreign investors to rules on antitrust, foreign corrupt practices, and trade in arms and sensitive technology products. However, there is no procedure that explicitly considers issues related to economic security, one of the major concerns about Chinese FDI.

Portfolio investments in equities fall under the purview of the Securities and Exchange Commission (SEC). SEC disclosure requirements and practical considerations make it highly unlikely that Chinese SOEs could successfully collude to accumulate significant equity positions in important U.S. firms.

Reverse mergers offer a back door into U.S. capital markets but are not an effective way to acquire important U.S. assets. Indeed, the target of a reverse merger is typically a shell company devoid of meaningful assets. This technique is typically used by private firms that have difficulty accessing capital in China or by provincial SOEs trying to support restructuring efforts in China. There is no indication that any major SOE has used or plans to use this technique to enter the U.S. capital market.

The Chinese legal and regulatory framework for outward FDI requires approvals by three agencies at sub-national and/or national levels. For SOEs, the primary gatekeeper is the State-owned Assets Supervision and Administration Commission (SASAC), though for some investments approval from the State Council is required. The process is widely considered to be cumbersome and is being reformed to facilitate outward FDI.

 

Chinese Cyber Hackers Launch Malicious Bot

Chinese Cyber Hackers Launch Malicious Bot

In March 2018, an identified financial services corporation received a thumb drive infected with the bank credential-stealing Qakbot malware variant, targeting information from networked computers and financial institution web sites. The financial services corporation purchased bulk thumb drives from a US online retailer of computer hardware. The thumb drives were originally manufactured in China. According to FBI forensic analysis, the Qakbot malware was on the infected thumb drive before the drive arrived in the United States. Qakbot is extremely persistent and requires removal of all malware from every device. Failure to remove even one node of malware may result in re-infecting previously sanitized systems possibly costing the victim hundreds of thousands of dollars in malware removal and system downtime.

Threat

Qakbot is an information stealing worm—originally discovered in 2007 with a major update in 2017—that propagates through removable drives, network shares, and Web pages. The most common vector of intrusion for Qakbot is malicious attachments to phishing emails. Once executed, Qakbot spreads to other shared folders and uses Server Message Block (SMB) protocol to infect other machines. Qakbot has keylogging capabilities, and is able to propagate across network environments through a single instance within that network. It is capable of remaining on a device through the use of registry keys and by scheduling recurring tasks to run at timed intervals. Every device connected to the network and every piece of removable media which has been attached needs to be scanned for the malware and cleaned of the infection before it can be reconnected. The most recent updates in 2017 allows Qakbot to lock users out of the active directory, preventing them from being able to work. It also deploys malicious executables into network shares, registering them as services.

Cyber actors have the capability to infect devices with malware at nearly any point in the manufacturing process. The FBI has historically seen cases of infection with malware capable of stealing credentials, gathering data on the users of a computer or network, dropping other types of malware, and serving as a “backdoor” into a secure network. It is difficult to know at which point the malware infection occurred or whether the infection was intentional, due to the international nature of hardware manufacturing.

Recommendations

To mitigate the threat of a potentially infected thumb drive, the following measures should be taken at a minimum:

Ensure the use of approved, trusted vendors for hardware purchases.

Scan all hardware, especially removable storage media, on an external system prior to its insertion into a network environment.

For signature-based intrusion detection systems, ensure that the hash value for known Qakbot variants are included. The MD5 value for the variant identified in this PIN was: ff0e3ec80faafd04c9a8b375be77c6b6. This hash value can change, so be prepared to use other advanced detection systems.

Users should protect themselves and organizations by practicing good browsing habits, ensuring they do not respond to or click on unsolicited email, and to not plug unknown USB devices into
their workstations.

If you don’t have the expertise to properly handle or identify potential cyber threats please seek out an expert who can provide the expertise needed to secure your organization.