First, House Permanent Select Committee on Intelligence Chairman Mike Rogers calls China out for cyber espionage. Then the Office of the National Counterintelligence Executive called Chinese hackers the "world’s most active and persistent perpetrators of economic espionage." Now, according to reports by the AP and the WSJ, U.S. intelligence officials have identified a dozen groups connected to the People’s Liberation Army as well as another six tied to universities that are responsible for the majority of the attacks. U.S. officials have reportedly warned their Chinese counterparts that economic espionage will have serious diplomatic consequences.
This September I asked someone in the administration why the United States did not respond more vocally and visibly to Chinese attacks. Obviously annoyed by the suggestion that Washington was making cyber issues less of a priority compared to the pursuit of other goals—say Beijing’s cooperation on the renminbi or Iran—he argued that it was difficult to present evidence of Chinese hacking without revealing American capabilities. That no longer seems to be an issue; the National Security Agency reportedly used improved cyber forensics and human and signals intelligence to identify the hackers.
I am guessing that the Chinese authorities will not rush out and arrest hackers with ties to the PLA (Chinese Foreign Ministry spokesman Liu Weimin said yesterday that "Chinese governments have always opposed and strictly forbidden any illegal activities related to cyber hackings") but what happens next? The best case is that Beijing gets the message that the hacking has reached intolerable levels and begins to ratchet down—though probably not completely end—attacks on defense contractors, high technology firms, oil companies, and others. I have no evidence of its existence, but we could speculate that within the Chinese government there is a faction that does not really know what to make of all the American claims about Chinese hacking. They have no direct knowledge of the program and are skeptical of U.S. motivations, but worry that if the Chinese government really is behind the attacks, they are not in China’s long-term interests. This group would think it hard to build a truly innovative economy when you’re busy stealing intellectual property and, more important, they fret about the damage cyberattacks inflict upon relations with the U.S. and Europe. Evidence would goad them to mount a coherent argument about the costs of hacking.
This group, however, may not actually exist, or Beijing might not take U.S. threats seriously. The United States would then move to the next stage of pressure. If the NSA has actually identified the individuals and groups involved, then it theoretically could target them. The legal issues involved in attacking foreign computers remain uncertain, but offensive computers in China could perhaps be taken offline or, if black ops are considered, individual bank accounts manipulated. Diplomatically, the United States might sanction the specific individuals and groups involved in the attacks like it has done with persons involved in selling missile and WMD technology. James Farwell has argued that evidence of cyber espionage could be used to pursue a case in the WTO. A ruling against China under the Trade Related Aspects of Intellectual Property (TRIPS) Agreement would allow the United States to collect damages or apply trade sanctions.
Whatever happens next, we are clearly only at the beginning. Claiming specific individuals and groups are behind the attacks is an important step forward, but where this all ends will ultimately depend on politics—how important cyber threats are compared to all the other issues in the U.S.-Sino relationship.