Cyber Coverage Faces Legal Challenges as Foreign Attackers Step Up Their Game

With Chinese and Iranian hackers launching aggressive new attacks on businesses and government agencies in the U.S., there are obvious business interruption and data security concerns.
By: | February 27, 2019

The Gist: Chinese and Iranian hackers have launched aggressive new attacks on businesses and government agencies in the United States, according to a new investigation by the New York Times. The Times spoke with seven people briefed on the Iranian attacks and nine intelligence officials, private security researchers and lawyers familiar with the Chinese attacks.


China hacks to be a tech leader: Boeing, General Electric Aviation and T-Mobile were all targets of Chinese hacking, according to the Times. It was part of a “renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies.”

The hacking is meant to help China become a technology leader, part of Beijing’s five-year economic plan. Adam Segal, the director of the cyberspace program at the Council on Foreign Relations, told the Times: “Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies.”

Iran hacks to gain state secrets: Iranian cyber attacks hit “dozens of corporations and multiple United States agencies,” according to the Times. Iran appears to want state secrets rather than profits, as they’ve targeted police, intelligence agencies and foreign ministries.

Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence, told the Times that a big motivation was the U.S. pulling out of the Iran nuclear deal: “If you tell the Iranians you’re going to walk out on the agreement and do everything you can to undermine their government, you can’t be surprised if they attack our government networks.”

Why is this happening now? The Times linked the increased hacking efforts to President Donald Trump’s escalating trade tension with China and his pullout of the Iran nuclear deal. Back in 2015, two significant events happened: President Barack Obama and President Xi Jinping of China struck a deal to curb hacking. That same year, the U.S signed the Iran nuclear deal. Both events slowed hacking activity significantly.

“Threats from China and Iran never stopped entirely, but Iranian hackers became much less active after the nuclear deal was signed in 2015. And for about 18 months, intelligence officials concluded, Beijing backed off its 10-year online effort to steal trade secrets,” the Times wrote.

Today, those hackers are coming back strong — and they’ve gotten far more sophisticated, particularly the Chinese.

“These hackers are better at covering their tracks. Rather than going at targets directly, they have used a side door of sorts by breaking into the networks of the targets’ suppliers. They have also avoided using malware commonly attributed to China, relying instead on encrypting traffic, erasing server logs and other obfuscation tactics.”

What’s at stake: Hacking from hostile governments can have sweeping effects on global business. Supply chains can be disrupted significantly. This report from the U.S.-China Economic and Security Review Commission offers a deep dive into the political landscape driving the problem. There are obvious business interruption and data security concerns. Meanwhile cyber threats are devouring billions of dollars in uninsured losses and risk managers are seeking protection through cyber insurance. But that hasn’t been easy.


Risk & Insurance® took its own deep dive into the topic to learn how risk managers are analyzing the threat and determining what coverage is best.

What to watch: A recent lawsuit may help everyone understand how these issues will shake out. Mondelez, the maker of Ritz crackers and Oreo cookies, has sued Zurich for $100 million in the wake of a 2017 cyber attack.

The attack rendered 1,700 servers and 24,000 laptops dysfunctional, but Zurich declined to pay, citing an exclusion clause for a “hostile or warlike action” by a sovereign power after finding that the attacks were launched by Russia on the Ukraine. The result of the case will be undoubtedly impactful. &

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance