Cybersecurity firm Crowdstrike has accused a unit of the Chinese military—apparently operating under a code name of “Putter Panda”—of engaging in “targeted economic espionage campaigns,” principally against U.S. and European industries. Those campaigns, it alleges, are part of a “decade-long economic espionage campaign [that] is massive and unrelenting.” This charge comes three weeks after U.S. Attorney General Eric Holder announced “an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.” He avowed that “state actors who engage in economic espionage…will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.” After warning that Holder’s accusation would undermine “China-U.S. cooperation and mutual trust,” a spokesman for the Chinese Foreign Ministry announced that China would be suspending the “activities of the China-U.S. Cyber Working Group,” a fledgling body that the two countries established last April. A few days later China ordered the country’s state-owned enterprises (SOEs) to sever ties with U.S. consulting firms such as McKinsey and Company and the Boston Consulting Group.
This cycle of accusation and counteraccusation has become routine. The United States charges Chinese individuals or organizations with hacking into the networks of its companies and government organizations in order to gain secrets that privilege Chinese SOEs. China denies the allegations and declares that it is a victim of cyberattacks, often emanating from U.S. servers.
To move past this unproductive exchange, the two countries are increasingly trying to document their accusations. Last March, for example, Laura Saporito and James Lewis of the Center for Strategic and International Studies prepared a report identifying “six groups and fourteen individuals, all but one connected to the Chinese government and most with connections to the PLA, as responsible for cyberespionage.” The same month China announced that of “85 websites of public institutions and companies [that] were hacked from September 2012 to February 2013,” 39 of the attacks “were recorded from IPs within the United States.” The Chinese report “also recorded 5,792 hacking attempts from U.S. IP addresses” between November 2012 and January 2013.
Even though forensic capabilities in cyberspace are improving, attribution remains a significant challenge. Henry Farrell, an associate professor of political science and international affairs at George Washington University, explains that “[i]t is often possible for attackers to hide their origins, through various technical means. And even when forensic techniques can be used to trace an attack back…it is often impossible to tell whether the hackers were working, for example, for the Chinese government or military, or working on their own account.”
Complicating matters is that the conversation between the United States and China about challenges of cyberspace changed significantly a year ago, following leaks by former National Security Agency (NSA) contractor Edward Snowden. On June 5, 2013, the Guardian reported that the NSA had been gathering in bulk the phone records of millions of U.S. Verizon customers. The next day, the Washington Post detailed the Agency’s Internet surveillance program, PRISM. Snowden’s disclosures also exposed that the NSA had been spying on Chinese companies.
China has cited that fact—and, more generally, the revealed scope and functions of NSA surveillance—as evidence that U.S. accusations lack both credibility and sincerity. While the United States continues to differentiate between foreign intelligence gathering, a universal practice, and commercial espionage, which it regards as illegitimate, China suggests that the United States is contriving the distinction to deflect attention away from its double standard.
With China having put the United States on the defensive for the past year, one could interpret Holder’s indictment as an effort to regain U.S. “naming and shaming” leverage. If it indeed marks “the first-ever charges against known state actors for infiltrating U.S. commercial targets by cybermeans” (Holder’s words), it will likely move the two countries’ dispute over the norms of cyberspace onto new and unstable turf. Jin Canrong, associate dean of Renmin University’s School of International Studies, notes that “[i]n the past, the U.S. talked about [Chinese economic espionage] but never took any real actions. If the U.S. freezes some Chinese military assets as a result of this, China will respond with counteractions accordingly.” In a blog post late last month, Dan Drezner echoed Jin’s concerns about the precedent this latest round of recriminations could set: “If China is willing to cut the McKinseys of the world loose,” he concluded, “it suggests that China’s leadership does not believe that these interest groups are useful anymore in altering U.S. foreign policy….Any action that weakens Sino-American interdependence also weakens the constraints that stop conflicts from spiraling out of control.”
It is clear, then, that strategic tensions between the United States and China have deteriorated in recent weeks. Less clear is how much the two countries’ activities in cyberspace will change as a result. The United States has been unable to convince China that foreign intelligence gathering and commercial espionage should be treated differently. China has yet to convince the United States that it suffers as greatly from cyberattacks. The United States alleges that its government’s computer systems “[continue] to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military.” China demands proof and asks why, especially in light of Snowden’s disclosures, it should not conclude that the U.S. government and military are engaged in comparable activities.