A strong US diplomatic response has proven an effective strategy against Chinese cyber crime and espionage.

S

ince April 2015, Chinese-sourced cyber-attacks on US networks and targets have decreased by 90%, marking tremendous progress in establishing a stable cyber environment between the two nations.

Measured since their peak in August 2013, this represents a 95% reduction in attacks from groups of known Chinese origin.1 While this data is not exhaustive, it does provide strong evidence that a strategy of exposure, strength, and dialogue is an effective approach for addressing the conflict between US and Chinese interests in the cyber domain.

According to former Director of National Intelligence (DNI), James Clapper, cybersecurity is the greatest challenge the US faces today. While the internet enables unprecedented levels of connectivity and productivity, it also introduces an ever expanding range of threats with which security systems struggle to keep pace. Hacking groups either part of or sponsored by the Chinese government have been keen to take advantage of these lapses. Security firms such as Mandiant, McAfee, FireEye, and Kaspersky Lab in 2013 identified hundreds of breaches of American firms by Chinese based attackers. 2 This espionage primarily targeted intellectual property. At its peak, these attacks cost US businesses between $250 and 400 billion annually. 3 Accounting for the long-term damage of lost trade secrets, the hidden costs are far greater. Chinese firms benefited from American research and development for relatively no cost while American companies lost billions. A continuing pattern of Chinese cyber theft could result in American businesses losing their global competitive edge and slowly dying what former National Coordinator for Counterterrorism, Richard Clarke, called a “death of a thousand cuts.” 4

Policies like the threat of sanctions in Executive Order 13694, the broad and systematic exposure of Chinese attacks, and the agreement the US and the People’s Republic of China (PRC) reached in November of 2015 have contributed to a drastic reduction in cyber-attacks emanating from the PRC. 5 The White House has also been active in bolstering cyber security to meet heightened threat levels, establishing the Cyber Threat Intelligence Integration Center and promoting the creation of Information Sharing and Analysis Organizations. President Obama also worked to promote best practices in cybersecurity through the Cybersecurity Framework, and is working to implement legislation mandating an automation portal which will share cyber threat indicators between the private sector and the Federal government.5

President Obama’s approach of confronting the PRC, exposing their involvement, and making credible threats has proved markedly effective. Policymakers should continue pursuing this strategy while also exploring stronger defensive mechanisms for protecting the intellectual property of American companies. While negotiating from strength has succeeded in the short term, long-term security will require strengthening the international legal regime, encouraging companies to disclose attacks, and expanding public/private sector cooperation to develop better security software and more reliable attribution methods. ■

1. “REDLINE DRAWN: China Recalculates Its Use of Cyber Espionage.” FireEye iSight Intelligence. June 2016. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-china-espionage.pdf
2. Stephen Moore. “Cyber Attacks and the Beginnings of an International Cyber Treaty.” North Carolina Journal of International Law. Fall 2013. https://www.law.unc.edu/journals/ncilj/issues/volume39/issue-1-fall-2013/cyber-attacks-and-the-beginnings-of-an-international-cyber-treaty/
3. “Richard Clarke on Who Was Behind the Stuxnet Attack.” Smithsonian Magazine. April 2012. http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html
4. “Obama’s Summit With Xi Jinping: Where’s the Tough Love?” The Daily Beast. June 09, 2013. http://www.thedailybeast.com/articles/2013/06/09/obama-s-summit-with-xi-jinping-where-s-the-tough-love.html
5. “Administration Efforts on Cybersecurity: The Year in Review and Looking Forward to 2016.” The White House Blog, February 2016, https://www.whitehouse.gov/blog/2016/02/02/administration-efforts-cybersecurity-year-review-and-looking-forward-2016

Image Credit
Image @ https://static.pexels.com/photos/207580/pexels-photo-207580.jpeg