White House should take stronger action against China over cyberespionage


The White House this week released a strategy aimed at countering cyberespionage as well as cyberattacks by state-sponsored groups on U.S. companies (see related story).

The Administration Strategy on Mitigating the Theft of U.S. Trade Secrets lays out a five-part strategy to counter the theft of U.S. intellectual property. The strategy includes focusing on diplomatic efforts, promoting volunteer best practices for privacy industry, enhancing domestic law enforcement operations, improving domestic legislation and public awareness and stakeholder outreach.

The White House said it would use its trade policy tools against governments where there are "high incidents of trade secret theft." In addition, the Department of Justice will prosecute foreign competitors and foreign governments that engage in trade secret theft, related Victoria Espinel, U.S. intellectual property enforcement coordinator, in a statement releasing the strategy.

"With respect to China, protection of intellectual property and trade secrets remains a serious and highly troubling issue," Robert Hormats, undersecretary of state for economic affairs, was quoted by the Wall Street Journal as saying during the strategy launch.

The strategy is riddled with instances of IP theft by the Chinese government, which has long been identified as the main source of cyberespionage against U.S. companies.

Last October, the House Intelligence Committee accused Chinese telecom equipment makers Huawei and ZTE of inserting back doors into their network equipment so the Chinese government could steal industrial and military secrets. The Chinese government and companies vehemently denied those charges.

In 2011, China was fingered as being behind the hack of RSA's SecurID database and the defense contractors that depend on the SecurID token for secure remote access by employees. China had earlier been named as the source of the 2009 Operation Aurora attack that exploited a zero-day flaw in Internet Explorer to penetrate Google's networks. Google said the attackers stole intellectual property from the company and also targeted 20 other US companies.

China was also suspected of being behind the 2009 Night Dragon attacks on oil, gas and energy companies. Chinese hackers stole sensitive intellectual property from these companies as well.

In a 2009 report on Chinese cyberwar activities, the US-China Economic and Security Review Commission concluded that the Chinese People's Liberation Army (PLA) is developing advanced cyber warfare capabilities.

The PLA has created special computer network attack and exploitation units using civilian as well as military personnel, the report noted. These units are engaged in a long-term, sophisticated computer network exploitation campaign against Western targets.

report released this week by cybersecurity firm Mandiant contained data that linked the PLA to a massive cyberespionage operation against U.S. companies codenamed APT1.

With such overwhelming evidence, stronger action is needed from the U.S. government. A strategy that threatens diplomatic wrist-slapping will not stop China--or anyone else for that matter--from stealing billions of dollars worth of trade secrets. Rather, the government needs to impose trade sanctions now that have enough bite to make the Chinese government sit up and take notice. -Fred