Exposing China's cyber espionage campaign hasn't lessened scope, US says
'China has not reduced its cyber intrusions against the United States despite recent public exposure of Chinese cyber espionage in technical detail,' a commission set up by Congress to monitor US-China ties reported.
China is “directing and executing a large-scale cyber espionage campaign against the United States” and has succeeded in targeting networks belonging to the US government, Defense Department, and private companies, according to a new government report.
These activities are designed to reap economic and strategic benefits, including providing Chinese firms with an advantage over competitors around the world, advancing research and development goals, and obtaining information for future military operations, according to the US-China Economic and Security Review Commission’s 2013 report, which was released late Wednesday.
“China has not reduced its cyber intrusions against the United States despite recent public exposure of Chinese cyber espionage in technical detail,” concluded the Security Review Commission, which was set up by Congress to report annually on the relationship between the two countries. “This suggests Beijing has decided to continue its cyber campaign against the United States.”
Such findings are not a huge surprise to cyber experts or anyone else watching the drumbeat of cyber security company reports over the past two years implicating Chinese hackers with the wholesale theft of intellectual property from US corporations – their “crown jewels.”
One of the most damning of those reports cited by the commission was a study released in February by Mandiant, a US-based cyber security company. It laid bare a wholesale multi-year cyber economic espionage campaign that it carefully linked back to an address in Beijing – a 12-story building occupied by an intelligence unit of the the People’s Liberation Army (PLA). Since 2006, the PLA’s Unit 61398 had penetrated networks of 141 organizations, including US companies, foreign governments, and others, Mandiant reported.
Eighty percent of the organizations infiltrated were located in the US or had their headquarters in the US. While cyber espionage declined for about a month from the Beijing-based groups that Mandiant was watching, it soon rebounded using different cyber techniques and malicious software.
In April, Verizon’s cyber security team reported that in 621 cases of ‘‘confirmed data disclosure” in 2012, at least 19 percent of the intrusions were espionage carried out by ‘‘state-affiliated actors.’’ Among that latter group, 96 percent were linked back to China, it found.
“The public exposure of Chinese cyber espionage in 2013 has apparently not changed China’s attitude about the use of cyber espionage to steal intellectual property and proprietary information,” said Dennis Shea, vice chairman of the commission in his prepared remarks unveiling the report. “Mitigating the problem will require a long-term and multifaceted approach.”
Recommendations by the commission to deal with the problem and moderate China’s economic cyber espionage include:
• New legislation to clarify what actions US companies are allowed to take to track intellectual property stolen through cyber intrusions
• Amending the Economic Espionage Act to permit “a private right of action” when trade secrets are stolen – including getting the information back, or even possibly taking action to damage a cyber spy’s computer systems
• Urging the White House to expedite measures that would enable the Department of Defense to more effectively limit risks associated with certain Chinese-made equipment that enter the Defense supply chain.
Other steps that could have an impact in changing China’s spying could include linking Chinese economic cyber espionage to trade restrictions; preventing Chinese firms that use stolen US intellectual property from accessing the US banking system; and creating a list of banned entities whose members would not be allowed to travel to the US.
“If I were the Chinese I wouldn’t worry about Congress doing anything about this report, which is unfortunate because congressional action is one of the best levers we have,” says James Lewis, a cyber security expert with the Center for Strategic and International Studies in Washington. “Even small symbolic actions can be influential with the Chinese. Putting names on a treasury or travel list really can have an effect. If you put Unit 61398 on a no-travel or other list, that would get global attention and make the Chinese unhappy.”
So far, however, US steps to get the Chinese to back off have been undermined by recent revelations of National Security Agency spying. In April 2013, US Secretary of State John Kerry announced that the US and Chinese governments would establish a working group to discuss cyber security. But progress in the talks has been stalled by the leaks of NSA documents by Edward Snowden, the former NSA contractor, experts say.
Since June the leaks have overshadowed those talks and China’s interest in cyber accommodation has appeared to cool, experts say.
Lewis says the chilly cyber relations are a significant bad sign. Some reports have put US economic losses of intellectual property as high as $300 billion so far.
“What leapt out of this report is that the cyber dialog has been put on hold by the Snowden revelations,” he said. “This is really a major issue for the US. Let’s not forget this is a big problem. We had the secretary of the Treasury travelling to China last week – and he didn’t raise cyber at all. That sends a signal.”