China’s hacking drains US economic power
There has always been industrial espionage, and sometimes it has involved governments spying on behalf of their home industries. In the last decade, however, China has stretched that practice to the point where it threatens the international economic system. By harnessing the power of the Internet and engaging in systematic, global industrial espionage on a massive scale, China’s cyber spies have made a mockery of international protections of intellectual property rights and patents.
Despite the seemingly cutthroat nature of global commerce and competition, there are rules. Without them, customs and tariffs would drive prices too high for trade to occur. Without rules of the road, product counterfeiting would be even more rife, labor conditions more heinous, and capital repatriation more problematic in much of the world. Through a variety of multilateral conventions and international organizations, notably the World Trade Organization (WTO), the fiercest economic competitors in global trade have found a way to cooperate and to define what is fair and what is out of bounds.
All of that has worked reasonably well, despite the occasional disagreement, until now.
It matters not how much of the Chinese cyber espionage is done by government employees and how much is done by “private sector” hackers, because in China no large scale cyber operation is unknown to the government’s secret police and its pervasive Internet monitoring system. The Chinese economy is the direct beneficiary of the theft of billions of dollars worth of research and development that had been paid for by stockholders and taxpayers in the United States, Europe, and elsewhere.
In a series of large-scale sweeps, Chinese cyber espionage has hit one industry after another. The phenomenon is so pervasive that the US government has had to assign names to the various campaigns. The Aurora campaign stole the source code, or secret software sauce, from leading US information technology companies such as Google, Cisco, and Adobe. The Night Dragon series stole the corporate secrets of the oil and gas industry. In the Zeus attacks, the financial sector was targeted. What the US government called Byzantine Hades saw successful penetrations of government networks. Research facilities such as Johns Hopkins Advanced Physics Lab have also been swept.
To date, the international response has been underwhelming. The US government has made diplomatic demarches. German Chancellor Angela Merkel reportedly personally protested to Beijing when her own laptop was hacked by the Chinese. Britain’s Security Service chief formally warned three hundred CEOs in the UK that their companies had been hacked by China. But no one has done anything that has deterred China.
In fact, from Beijing’s perspective, cyber espionage pays and pays well. Chinese leaders may well think that it is something that the West is willing to accept, because the West is in fact acquiescing to a persistent pandemic of cyber espionage raping government agencies, corporations, and research establishments. Until and unless something is done in response, China will continue to drain these resources.
In the global economic competition in which the US and others nations seek to offset China’s labor costs and trade imbalances with innovation and knowledge-based activities, massive cyber espionage ensures that China’s economy will continue to grow dramatically at the expense of their would-be competitors. If the US thinks that this theft is unfair, then the US should do something about it or just accept constantly growing Chinese global economic dominance.
If we do seek to take action, the US must expand its efforts beyond diplomatic demarches, beyond having cyber espionage as one item among many in ministerial meetings. The US could organize with other victimized countries and develop a joint cyber forensics capability sufficient to make a case in the WTO, seek financial damages, and establish new rules. Or, the US could use its own cyber capabilities to systematically defend US companies and hack back against the attackers. US government officials mutter that they do not have the legal authority to protect private companies or hack back. What is stopping them from getting that authority? Certainly it is not the Congress, where Members would likely stampede to the floor to co-sponsor a Stop Chinese Cyber Spying Act. What is missing is leadership from the Administration, where the economic advisors and Chinese handlers are leery of upsetting Beijing. It is unfortunate that the Administration’s economic advisors appear not to understand the economic effect of cyber espionage. Until they do, China will continue to rightly believe that their massive cyber espionage is cost free to Beijing. And they will continue to hack away at what little advantage the US has in the global economic competition.