In order for Comac, a Chinese state-owned aerospace manufacturer, to build the C919, the government of China
Question:
In order for Comac, a Chinese state-owned aerospace manufacturer, to build the C919, the government of China conducted numerous cyber attacks. The purpose of these hacking attacks was to steal intellectual property that would allow Comac to build the C919 more quickly and less expensively to compete with other industry rivals. Some of the cyber-attacks involved were spear-phishing attacks, waterhole attacks, and physically installing malware using USB Drives.
Explain how cybersecurity principles and practices can help protect trade secrets using the case of the multiple instances of trade secret theft to build the C919.
Understanding threat surface - what other devices are connected to the system with the trade secrets? Should this system be air-gapped (i.e. not connected to a network)?
- Encryption - Encrypting the files adds confidentiality by requiring a user to use the appropriate key to decrypt the file making it readable
- User training - User training can help users identify potential phishing attacks
- Firewalls, virus scans, disabling links in emails - Technical means to help prevent a user from clicking on a malicious link
- Least privilege - authorized users should have the least amount of privileges required to do their job. How many users have access to trade secrets? How is this limited? How are these users vetted?
Financial Accounting and Reporting a Global Perspective
ISBN: 978-1408076866
4th edition
Authors: Michel Lebas, Herve Stolowy, Yuan Ding