How Can Businesses Navigate the US-China Cyber Conflict Amidst the Trade War Escalation?

A significant and growing convergence between geopolitics and cybersecurity has emerged with the escalating tensions between nation-states. In particular, with the US and China at the forefront, and possibly involving other nation states like Russia, Iran, and North Korea, this is creating a more complex and dangerous cyber threat landscape for businesses.

Cyber warfare is no longer a theoretical concept but an active and evolving form of conflict, with state-sponsored actors increasingly using cyber capabilities for espionage, disruption of critical infrastructure, intellectual property theft, and influencing public opinion. The rise of financially motivated cybercriminals exploiting geopolitical instability further exacerbates the risks. Organisations must adopt a proactive, intelligence-driven, and resilient cybersecurity posture, recognising that defence in cyberspace requires constant adaptation and vigilance.
 

Cyber Risk Assessment using NIST Cybersecurity Framework (NIST-CSF)

Can an organisation be caught in the crossfire during cyber conflicts and at risk to adversarial attacks from nation-states and hacktivists supporting these countries? No one can be sure, but it is prudent to do an assessment of an organisation’s risks and exposure in times of uncertainty. 

Leveraging on the NIST Cybersecurity Framework (NIST-CSF), a common risk assessment framework used by both the government and private sector, an organisation can use the framework to conduct a self-assessment of its risks and exposure during the heightened cyber conflict. The framework offers guidelines, standards, and best practices to help the organisation manage and enhance its cybersecurity posture, which is crucial given the increasing risk of state-sponsored attacks. It is also adaptable across various sectors and organisational sizes.

Here is how an organisation can use the framework for this purpose:

  • Identify: This function focuses on developing an organisational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. In the context of the US-China cyber conflict, this involves:
    • Understanding an organisational critical infrastructure (CII): Identify the systems and assets that are essential for an organisational operation, especially those that could be targets of state-sponsored actors. Consider the sectors defined as CII in Singapore, such as Energy, Water, Banking and Finance, Healthcare, Transport, Infocomm, Media, Security and Emergency Services, and Government.
    • Identifying an organisational threat landscape: Recognise that geopolitical tensions, like the US-China trade war, can fuel cybercrime and cyber warfare. Be aware of state-sponsored threat groups, including those linked to China like Volt Typhoon, which have reportedly infiltrated critical US infrastructure. Understand that these groups may be preparing for destructive attacks.
    • Analysing an organisational supply chain: Given the interconnectedness of geopolitics and cyber risk, it is essential to review your supply chains, especially if you have interests in regions affected by cyber conflicts or if your organisation’s partners might be targeted due to geopolitical alliances. Be aware that attackers may exploit the supply chain as a primary attack vector. Assessing an organisational risk appetite: Determine the level of cyber risk the organisation is willing to accept, considering the potential impact of disruptions from state-sponsored attacks or collateral damage from the US-China cyber conflict.
  • Protect: This function outlines appropriate safeguards to ensure the delivery of critical infrastructure services. In the context of the US-China cyber conflict, this includes:
    • Implementing robust cybersecurity practices: Adopt robust security measures to protect your critical infrastructure and assets. Focus  on areas like access control, data security, information protection processes and procedures, maintenance, and protective technologies.
    • Addressing vulnerabilities: Recognise that hackers often exploit poorly configured and outdated programs and applications. Implement proactive vulnerability management practices.
    • Enhancing awareness and training: Promote a culture of cybersecurity awareness among employees to mitigate risks like phishing attacks that may be linked to geopolitical events.
    • Applying a Zero Trust mentality: As geopolitical incidents can escalate quickly, adopt a Zero Trust approach that assumes breach across an organisation’s attack surface, including the extended supply chain.
  • Detect: This function defines activities to identify the occurrence of a cybersecurity event. In the context of the US-China cyber conflict, this involves:
    • Establishing real-time cyber threat visibility: Implement platforms and processes to discover evolving threats and gain insights from the vast amount of available data. Consider using cyber threat intelligence to predict potential attacks.
    • Monitoring for sophisticated threats: Be vigilant for advanced persistent threat (APT) attacks, which state-sponsored hackers often employ to establish long-term connections and exfiltrate sensitive data.
    • Detecting unusual activity: Implement monitoring and detection systems to identify any suspicious activities that might indicate an intrusion by state-sponsored actors preparing for future disruptive actions.
  • Respond: This function includes activities to take action regarding a detected cybersecurity incident. In the context of the US-China cyber conflict, this involves:
    • Developing and testing incident response plans: Develop and maintain clear, tested incident response plans to effectively manage and contain potential cyber incidents arising from increased geopolitical tensions. Assess how geopolitical factors could exacerbate the effects of such incidents.
    • Information sharing: Collaborate with peers and relevant organisations to share information about ongoing incidents and effective response strategies.
    • Engaging crisis management partners: Work with seasoned crisis management partners to help develop crisis response plans and support testing readiness for geopolitically oriented cyber issues.
  • Recover: This function identifies activities to restore capabilities or services that were impaired due to a cybersecurity incident. In the context of the US-China cyber conflict, this involves:
    • Ensuring business continuity: Have plans in place to ensure business continuity and minimise disruption in the event of a cyberattack that could impact essential services.
    • Data backup and recovery: Implement robust data backup and recovery mechanisms to restore systems and data in case of destructive attacks, such as wiper malware, which have become more prevalent in cyber conflicts linked to geopolitical events.


By applying the five core functions of the framework, a comprehensive cyber resilience assessment should be conducted that specifically addresses the heightened risks associated with the US-China cyber conflict amidst the escalating trade war. This proactive approach will help the organisation prioritise cybersecurity efforts, fortify defences, and navigate the evolving cyber threat landscape.
 

Going beyond Cyber Risk Assessment

An organisation can go beyond cyber risk assessment and focus on key areas, like further strengthening its cybersecurity posture, understanding the geopolitical implications on cyber risk, and potentially fostering collaborations. Below are some additional measures that can be taken to enhance organisational cyber resilience.

Strengthening Cybersecurity Posture:

  • Given the escalation of the US-China trade war, experts fear China might retaliate with systemic cyber-attacks, leveraging footholds within critical infrastructure for destructive purposes. The "typhoon campaigns" by Chinese government-backed groups like Volt Typhoon, which have infiltrated US critical infrastructure, demonstrate this potential.
  • Prioritise the protection of critical infrastructure. Digitisation has made advanced networks the driving force of a country's economy. Sectors such as finance, transport, and utilities are digitally controlled. In Singapore, the CII sectors include Energy, Water, Banking and Finance, Healthcare, Transport (Land, Maritime, and Aviation), InfoComm, Media, Security and Emergency Services, and Government. Organisations within or supporting these sectors must be particularly vigilant.
  • Implement robust cybersecurity practices and invest in advanced security technologies. The asymmetry between well-equipped offensive state actors and potentially under-resourced private sector security teams necessitates strong defences.
  • Enhance cyber threat intelligence capabilities. A predictive approach is crucial to protect reputation, ensure business continuity, and safeguard interests. Platforms that provide real-time cyber threat visibility by discovering evolving threats are needed.
  • Address vulnerabilities in IT systems, as poorly configured and outdated programs and applications are often exploited by hackers carrying out advanced persistent threat (APT) attacks. These attacks aim to establish long-term connections and exfiltrate sensitive data.
  • Promote a culture of cybersecurity awareness and provide regular training to mitigate risks like phishing and social engineering attacks that can be linked to geopolitical events.
  • Develop and regularly test incident response plans. Given the potential for rapid escalation of geopolitical incidents, well-designed plans are essential to minimise disruption.
Understanding Geopolitical Implications on Cyber Risk:
  • The escalating US-China trade tensions suggest that economic retaliation could extend into cyberspace. This is a growing concern among cybersecurity and national security experts.
  • Recognise that geopolitical decisions directly affect the threat landscape in both physical and cyberspace. Events like trade wars can fuel cybercrime and cyber warfare.
  • Organisations with business interests in regions experiencing active cyber conflicts or geopolitical tensions are at higher risk and need to review their supply chains. Even without direct operations in an adversary's country, geopolitical alliances can make organisations targets.
  • Consider the interconnectedness of geopolitics and cyber risk. Geopolitical unrest in one region can have cybersecurity implications globally due to cyberspace’s  lack of physical boundaries.
  • Be aware of state-sponsored threat actors associated with China, such as the Winnti Group (APT41), Redfly, Axiom, APT17, and Ke3chang, which engage in activities ranging from corporate espionage and intellectual property theft to targeting critical infrastructure.
  • Understand that cyberattacks can be part of broader geopolitical strategies, with nation-states using cyber capabilities for espionage, warfare, and influence.

Fostering Collaboration and Balancing Relationships:

  • While directly taking sides in the US-China conflict could be risky, participating in international forums and initiatives aimed to establish norms of responsible behaviour in cyberspace can contribute to a more stable global cyber environment. The UN Group of Governmental Experts (GGE) norms, which include refraining from damaging critical infrastructure, are relevant.
  • Engage in information sharing and collaboration with cybersecurity organisations and potentially trusted partners without necessarily aligning politically with the US or China. Sharing real-time threat intelligence can enhance collective defences.
  • Focus on maintaining a stable and secure digital environment conducive to international trade and investment —Highlight Singapore's commitment to cybersecurity for all stakeholders.
  • Consider a Zero Trust mentality that assumes a breach across the attack surface, especially the extended supply chain, given the complex geopolitical landscape.

Having completed the cyber risk assessment and focused on key areas to strengthen its cyber posture, an organisation can build resilience against the rising cyber conflict stemming from the US-China trade war, protect its digital assets, and maintain its operational integrity.
 

How can BDO help?

BDO offers comprehensive cybersecurity services to help enterprises strengthen their security posture and build cyber resilience. With expertise in cyber risk assessment, security testing, and strategic program design, BDO assists organisations in identifying vulnerabilities, mitigating risks, and implementing robust security frameworks. Their services include penetration testing, compliance assessments, and digital forensics, ensuring businesses are well-prepared to defend against evolving cyber threats. By leveraging industry best practices and a global network of cybersecurity professionals, BDO enables enterprises to proactively manage risks, respond effectively to incidents, and safeguard critical digital assets.

 

Article contributed by: Gerald Tang, Associate Director, Cybersecurity



References: