Chinese efforts to spy on the Dutch are intensifying, with the focus on semiconductors, Dutch Defence Minister Ruben Brekelmans said on Saturday.
“The semiconductor industry, which we are technologically leading, or technology advanced, of course, to get that intellectual property - that’s interesting to China,” Brekelmans said in an interview on the sidelines of the Shangri-La Dialogue security meeting in Singapore.
[…]
When asked if the spying had stopped, Brekelmans said: “It’s continuing. In our newest intelligence reports, our intelligence agency said that the biggest cyber threat is coming from China, and that we do see most cyber activity when it comes to us being as from China. That was the case last year, but that’s still the case. So we only see this intensifying.”
[…]
Dutch intelligence agencies first publicly attributed cyber espionage to China last year, when they said state-backed cyber spies had gained access to a Dutch military network in 2023.
Brekelmans said security is becoming increasingly important for the Netherlands as China is “using their economic position for geopolitical purposes and also to pressure us”.
[…]
The minister said the Netherlands has introduced instruments to protect key industries and vital interests but the country and region also need to reduce their dependency on China for critical raw materials.
“Both on the European Union level, but also on the national level, we need to make bigger steps in order to reduce those dependencies.”
Over the decades, we’ve been kind of casual about computer security, when you consider that we’ve connected up a lot of the world’s computers and put a lot of pretty vital information on those networks.
I mean, we have unmaintained devices sitting on networks. It’s hard for most users to pick up on a compromised system; IDSes aren’t typically deployed on home networks. Most software running on personal computers doesn’t run isolated; if you execute code, it has access to all your data and can reconfigure your environment. There are credentials floating around all over the place. A lot of weight is placed on keeping someone from getting into a LAN/WAN, but the larger the network, the more potential holes. There are very big supply chains that have a lot of potential attack vectors.
The other day I was commenting on how many pieces of software I’ve purchased in Steam. Those aren’t even open-source, and one way one might get more revenue out of a game that is no longer selling many copies is to sell it to another publisher (which also tends to happen if a publisher goes under). Such a product isn’t just a game, but access to be able to install software on anyone’s computer who has the game installed. Some people have isolated Steam (with some level of compatibility issues) using flatpak on Linux, but individual games aren’t isolated, and I doubt that most people have even that level of isolation.
And then there’s all the IoT devices out there that aren’t necessarily maintained or where random company out there can push updates to said devices and where their ability to push updates is something that might have commercial value.
Not to mention the question of how well all of these companies have secured their own networks and supply chains.
A lot of hard-to-solve problems there, I think.