This week, three years after President's Xi and Obama signed an agreement that neither side would engage in cyber espionage for economic advantage, the International Cyber Policy Centre at the Australian Strategic Policy Institute has published a report looking at the state of the agreement, along with China's adherence to follow-on agreements it signed with Australia and Germany. The findings, based on public reporting and interviews with government officials and cybersecurity companies, are not good: "In all three counts, it was found that China was clearly, or likely to be, in breach of its agreements."
Despite a downturn in Chinese hacking after the agreement with the United States, there is now evidence that Beijing has adapted its methods. Much of the responsibility for industrial espionage has moved from People's Liberation Army to the Ministry of State Security. Attacks are becoming more targeted and hackers are deploying more sophisticated tradecraft. The correct metric is not the number of attacks, but the impact on U.S. economic interests.
Washington and its allies will soon have to decide what they are going to do (again) about Chinese industrial cyber espionage. The Trump administration’s approach so far has been indirect, raising China-based hacking in the context of a larger critique of Beijing’s industrial policy and failure to protect intellectual property. Without significant pushback, China is likely to believe that it has reached a new equilibrium with Washington defined by an absolute smaller number of higher impact cyber operations.
You can read the whole report here.