China and America's Dangerous Battle in Cyberspace

Move. Countermove. It's cyberspy vs. spy—but will things get out of control? 

Cybersecurity firm Crowdstrike has accused a unit of the Chinese military—apparently operating under a code name of “Putter Panda”—of engaging in “targeted economic espionage campaigns,” principally against U.S. and European industries. Those campaigns, it alleges, are part of a “decade-long economic espionage campaign [that] is massive and unrelenting.” This charge comes three weeks after U.S. Attorney General Eric Holder announced “an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.” He avowed that “state actors who engage in economic espionage…will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.” After warning that Holder’s accusation would undermine “China-U.S. cooperation and mutual trust,” a spokesman for the Chinese Foreign Ministry announced that China would be suspending the “activities of the China-U.S. Cyber Working Group,” a fledgling body that the two countries established last April. A few days later China ordered the country’s state-owned enterprises (SOEs) to sever ties with U.S. consulting firms such as McKinsey and Company and the Boston Consulting Group.

This cycle of accusation and counteraccusation has become routine. The United States charges Chinese individuals or organizations with hacking into the networks of its companies and government organizations in order to gain secrets that privilege Chinese SOEs. China denies the allegations and declares that it is a victim of cyberattacks, often emanating from U.S. servers.

To move past this unproductive exchange, the two countries are increasingly trying to document their accusations. Last March, for example, Laura Saporito and James Lewis of the Center for Strategic and International Studies prepared a report identifying “six groups and fourteen individuals, all but one connected to the Chinese government and most with connections to the PLA, as responsible for cyberespionage.” The same month China announced that of “85 websites of public institutions and companies [that] were hacked from September 2012 to February 2013,” 39 of the attacks “were recorded from IPs within the United States.” The Chinese report “also recorded 5,792 hacking attempts from U.S. IP addresses” between November 2012 and January 2013.

Even though forensic capabilities in cyberspace are improving, attribution remains a significant challenge. Henry Farrell, an associate professor of political science and international affairs at George Washington University, explains that “[i]t is often possible for attackers to hide their origins, through various technical means. And even when forensic techniques can be used to trace an attack back…it is often impossible to tell whether the hackers were working, for example, for the Chinese government or military, or working on their own account.”

Complicating matters is that the conversation between the United States and China about challenges of cyberspace changed significantly a year ago, following leaks by former National Security Agency (NSA) contractor Edward Snowden. On June 5, 2013, the Guardian reported that the NSA had been gathering in bulk the phone records of millions of U.S. Verizon customers. The next day, the Washington Post detailed the Agency’s Internet surveillance program, PRISM. Snowden’s disclosures also exposed that the NSA had been spying on Chinese companies.

China has cited that fact—and, more generally, the revealed scope and functions of NSA surveillance—as evidence that U.S. accusations lack both credibility and sincerity. While the United States continues to differentiate between foreign intelligence gathering, a universal practice, and commercial espionage, which it regards as illegitimate, China suggests that the United States is contriving the distinction to deflect attention away from its double standard.