The Justice Department announced last week that
it had indicted five members of the Chinese
People’s Liberation Army on charges of cybertheft. According to the
indictment, the five hackers systematically stole business secrets from
American corporations — household names like Westinghouse, Alcoa, and U.S.
Steel.
The alleged thefts were not aimed at boosting
Chinese national security
or undermining ours. Rather they appear to be part of a scheme, going back at
least to 2006, to boost Chinese companies by stealing American know-how.
For example, while one company was negotiating
to build and operate four power plants in China, the Chinese stole the bidder’s
proprietary and confidential business specifications for piping used in its
nuclear power plants. Beijing apparently finds it easier to steal a new idea
than think one up.
The indictments should surprise no one. In 2013,
Mandiant, a private American cybersecurity
company, released a report on the activities of Unit 61398 of the
signals-intelligence branch of the PLA — the same group cited in the
indictment. According to Mandiant, Unit 61398 had penetrated more than 140
western companies. Also in 2013, the congressionally chartered Commission on
the Theft of American Intellectual Property estimated that the losses from IP
cybertheft totaled some $300 billion per year.
And, so, this week’s indictment is quite
welcome. Finally, after a number of years of just talking about the problem,
the United States is responding.
To be sure, nobody actually expects this case to
ever come to trial. The Chinese are simply not going to extradite members of
their military to stand trial in an American courtroom. Still, the indictment
sends several powerful messages.
First, the charges set an important precedent:
That the U.S. government sees state-sponsored economic espionage as a crime.
While the five PLA officers are beyond our borders, the companies that benefit
from the theft are not. Someday, therefore, we may see Chinese companies and
corporate officials indicted for their role in the theft of American
intellectual capital.
Second, the charges tell corporate America that
the government will defend their interests. Even if the Chinese hackers are
never brought to justice, the indictment will have the positive effect of
assuring American companies that Washington is willing to incur significant
diplomatic costs on their behalf. This will likely persuade corporations, in
turn, to be more willing to come forward when they are victimized.
Third, the indictment serves as a warning. It
says to the Chinese “we are watching you and we know what you are doing.” This
remarkably transparent action reflects a conscious decision to risk the
disclosure of sources and methods of how the U.S. collects intelligence data
for the benefit of deterring Chinese misconduct. Buried in the indictment, for
example, is a discussion of Chinese cyber espionage tradecraft (which false domains and websites they use). It
contains the details of specific intrusions into specific identified companies
and provides a highly particular list of exactly how the attacks were carried
out. That kind of detail has to give Chinese hackers some pause. They can no
longer be sure they are cloaked in anonymity.
And, finally, the indictment says that the U.S.
is coming out of its post-Snowden defensive crouch. No matter what the world may
think of Snowden’s revelations, we are putting the embarrassment behind us and
resuming our efforts to manage the cyber domain.
The indictment may have been a long time coming.
(I suspect that the Snowden disclosures altered the timing quite a bit). But
whatever the timing, it is good news that our government is finally willing to
stand up to Chinese theft and call it what it is: state-sponsored crime.
No comments:
Post a Comment