US Official: Chinese Want NSA Cyber Schools. Really.
The offer of shared cybersecurity training comes at a time when both countries are exchanging accusations of hacking each other’s trade secrets.
Chinese universities are welcome to adopt the U.S. National Security Agency's cyber education program, the top U.S. computer security education official said, after a recent trip to Beijing.
Entrepreneurs in China have voiced support for improving the notoriously spotty relations between the U.S. and China in cyberspace by patterning Chinese courses on NSA-approved curricula, said Ernest McDuffie, head of the National Initiative for Cybersecurity Education.
The offer of shared cybersecurity training comes at a time when both countries are exchanging accusations of hacking each other’s trade secrets. Both parties have denied these allegations.
"It’s not like we’re giving away some deep, dark secret that they didn’t know before," McDuffie said during an interview. "And it gives you the chance to put ethics into the mix.”
Through the National Centers of Academic Excellence in Information Assurance program, launched in 1998, more than 180 U.S. public and private universities have mapped their curricula to NSA standards involving faculty, training and facilities. The Department of Homeland Security joined the initiative in 2004.
About 60 Chinese schools are interested in incorporating the NSA-DHS Centers of Academic Excellence cyber model, McDuffie said.
US Curriculum Typically Includes Cyberspying
The U.S. program includes sections focused on information protection, research and development, and "cyber operations," -- a diplomatic term for cyberspying and offensive hacking.
"Specialized cyber operations (e.g., collection, exploitation and response)," states the NSA academic website, are used "to enhance the national security posture of our nation."
The cyber operations coursework, which includes classified information, would not be distributed to Chinese counterparts, McDuffie said.
"None of this model involves us sharing actual material," but rather syllabi and course titles, he said. "We're not teaching people how to be hackers -- it's really a fundamental education.”
McDuffie’s visit to Beijing happened to coincide with the week U.S. Justice Department officials accused five alleged Chinese military hackers with cyber espionage against various American corporations. Nevertheless, he went through with a previously scheduled meeting with Chinese business people who advocated for the U.S. government-created training courses. They were fascinated about the chance to “help raise that level of ethical consideration across the board," McDuffie said.
However, a separate, planned sit-down that week with a Chinese government official was canceled.
"When I arrived in Beijing, I got a call from the U.S. Embassy in China telling me that the Chinese government had prohibited him from meeting with me personally,” McDuffie said. “My government didn't have any problems with whoever I wanted to meet with."
The Chinese, on the other hand, were perturbed with the U.S., he said.
Shared Training Could Defuse Tensions
Whatever acrimony might remain has not deterred McDuffie from believing that teaching can overcome even this frosty cyber Cold War, he said.
The idea is, when company leaders, rather than government officials, hash out principles for behaving in cyberspace, the tensions defuse.
"It’s always been my view that education is the way out of all these kinds of conflicts and military engagements," McDuffie said. “If we raise the education level globally, people start to see opportunities that they have" outside of cyberattacks and other forms of aggression. "I think that’s the best defense as opposed to having an army division in every country."
It's unclear whether the Chinese government would have to approve the center rubrics or whether universities could choose to incorporate the curricula on their own.
"Everything in China is in this kind of quasi-state," McDuffie said. The country is in a "no man’s land" linked to the days of Communist China, "where the state really dictated everything -- to this kind of quasi-capitalist environment where a lot of businesses act independently, but they still have some kind of ties to the government itself."
Attempts to reach the Chinese embassy in Washington for comment on the cyber education initiative were not immediately successful.
Meanwhile, other corners of the government are taking a different tack with cyberspying.
On Wednesday afternoon, the House Judiciary Committee approved legislation, called the Trade Secrets Protection Act, that would create a federal civil remedy for intellectual property misappropriation.
The measure "will help American companies protect their intellectual property from criminal theft by foreign agents and those engaging in economic espionage," committee Chairman Rep. Bob Goodlatte, R-Va., said in a statement.
Misappropriation can take many forms, "whether it is an employee selling blueprints to a competitor or a foreign agent hacking into a server," he said.