Chinese Hacking Threats Target U.S. Defense Sector
LAS VEGAS — The capabilities of the Chinese government in the realm of cyber warfare have reached alarming proportions, as they now extend their espionage activities to encompass smaller firms within the U.S. defense industrial base, entities that were previously considered off the radar, according to remarks made by a National Security Agency (NSA) official on Wednesday.
“China possesses hacking resources that eclipse those of the United States and its allies combined, having accumulated more corporate data through cyber theft than any other nation,” remarked Bailey Bickley, chief of Defense Industrial Base (DIB) defense at the NSA’s Cybersecurity Collaboration Center, during a discussion at the Black Hat USA cybersecurity conference.
While the NSA is predominantly recognized for its intelligence-collection activities, it also plays a crucial role in aiding defense contractors in securing their digital infrastructures. To this end, the agency has been offering complimentary security services, which include the sharing of classified information and a protective DNS solution designed to fortify cybersecurity defenses.
“In our interactions with small companies within the defense industrial base, many express disbelief that their operations are significant enough to attract Chinese targeting,” noted Bickley. “However, with such abundant resources at their disposal, mass scanning and exploitation yield no targets too diminutive for them to pursue.”
Major U.S. arms manufacturers and other substantial defense contractors typically boast extensive cybersecurity budgets and large teams dedicated to safeguarding sensitive information—including classified military technology—from threats posed by adversaries like Russia and China. Nonetheless, “the defense industrial base is comprised of 80% small businesses,” Bickley emphasized, highlighting their minimal cybersecurity capabilities and scant awareness of best security practices.
During her presentation, Bickley displayed an image of a small defense contractor’s headquarters she had visited. The space was cluttered with printers and filing cabinets, framed by taxidermied animals adorning the walls.
This particular firm specializes in “custom radio frequency solutions” tailored for military personnel deployed in “extremely austere environments worldwide.” Bickley underscored that despite their exceptional manufacturing skills, their information technology setup may not meet the ideal standards expected of a defense contractor.
“These are the entities that find themselves in direct confrontation with state-sponsored actors in an exceedingly uneven contest,” remarked Bickley. “Their focus is not on two-year-old vulnerabilities but on creating the best antennas imaginable for the Department of Defense.”
The NSA also faces the formidable challenge of catering to an ever-diversifying array of companies constituting the defense industrial base.
“The DIB has evolved from a mere handful of traditional defense contractors to encompass numerous firms from emerging sectors,” Bickley explained. This category now includes organizations specializing in artificial intelligence, commercial transport services that operate during wartime, and foreign-owned infrastructure providers such as water treatment facilities at overseas military bases.
“The landscape of battle is undergoing significant transformation,” Bickley stated, acknowledging a pressing need for scalable solutions to address these new challenges.
In an effort to adapt, the NSA has entered into a partnership with the penetration-testing firm Horizon3.ai, enabling the provision of complimentary penetration tests for small enterprises. Bickley noted that in this and similar instances, the NSA has collaborated with emerging firms to bring their expertise directly to small businesses nestled within the defense industrial base.
For more updates from Black Hat USA 2025, click here.
Source link: Cybersecuritydive.com.
