Three years after the governments of America and China agreed not to hack corporations in each other’s countries, experts say Beijing is now back to its old ways.
And if that’s the case, we can well imagine Uncle Sam having a pop back.
Speaking at the Aspen Cyber Summit in San Francisco on Thursday, a panel including top NSA adviser Rob Joyce and Symantec CEO Greg Clark said the 2015 truce the Obama administration struck with Beijing has been all but wiped out over the past year. The Middle Kingdom has now returned to spying on American businesses, stealing secrets and gathering intelligence with a new zeal.
“It had a marked impact on the way that the Chinese were behaving,” former White House security czar Joyce said of the Obama-Xi agreement. “We have certainly seen the behavior erode in the last year, and we are very concerned with those troubling trends.”
The rise in activity comes amid the escalating trade war between the US and China, with each side raising tariffs on imports.
Post hoc ergo propter hoc
However, correlation does not necessarily mean causation. Dmitri Alperovitch, cofounder and CTO of CrowdStrike, noted that events within China, most notably a series of government reforms and anti-corruption campaigns, played a significant part in limiting activity against the US in past years as Beijing-backed hackers focused their activities within the country, spying on undesirables, rather than against foreign targets.
“We were tracking those Chinese threat actors,” Alperovitch said. “They didn’t cease to exist, but they were just hacking Chinese companies.”
Regardless of the cause, the panelists agreed that China is now back with a vengeance.
Clark said that things have got so bad that one of his clients has given up entirely on its latest generation of products, believing the blueprints to have been completely and comprehensively snatched by Chinese hackers.
“I had a very large corporate manufacturer come into our office and say ‘we have stopped trying to protect it, it has all been stolen, we want to innovate faster’,” the Symantec boss said.
Where the panelists differ is on what to do about the renewed hacking efforts from the world’s most populous nation. For Joyce, the US government and the information security community at large can help by making life more difficult for President Xi’s hackers themselves.
“Overall, it is about making it harder for them to succeed, and some of that will be taking away the infrastructure they’re using, some of that will be exposing their tools,” Joyce said. “There are a number of strategies you can come up with that make it less effective, less efficient, and less likely to be successful.”
The solution: more war
Alperovitch argued that further economic sanctions will go a long way toward sending a message to Beijing.
“It is not a cyber problem, it is an economic warfare problem,” he said. “Responding with economic actions of our own and putting pressure on China is the right strategy,”
There is also hope that China’s own internal development will alleviate the problem. Panelist Elsa Kania, adjunct fellow at the Center for a New American Security, believes that as Chinese companies further move into the international market, coming up with their own innovative ideas and concepts will take precedence over stealing intellectual property from rivals.
“There is clearly an ambition to graduate beyond IP theft and become more of a leader,” Kania said. “There may be a broader transformation going forward.” ®