The Top Five Cyber Policy Developments of 2014: The DOJ Indicts the PLA

Over the past few days, Net Politics has been examining the top five developments in cyber policy of 2014. Each cyber policy event has its own post, explaining what happened, what it all means, and its impact on cyber policy for 2015. In this post, the U.S. Department of Justice’s indictment of five officers from the People’s Liberation Army. 

On May 19, 2014, the Department of Justice indicted five members of Unit 61938 of the People’s Liberation Army (PLA) for hacking into six American organizations. The U.S. government alleged that the five—who operated online with aliases like UglyGorilla and KandyGoo—stole trade secrets and information that could be useful to state-owned enterprises in the nuclear power, metal, and solar products industries. While the United States government had been increasingly calling out China-based hackers for cyber espionage (and there had been a number of reports published by private cybersecurity companies that held Chinese hackers responsible), the indictment was a huge step because it held the government of China directly responsible. FBI Director James B. Comey said, “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries.”

Since there is little chance that the five will ever be turned over to the United States for prosecution, there were questions about what purpose the indictments served. Some argued that with no clear endgame in sight, it was bad strategy that threatened the bilateral relationship. But U.S. officials have suggested that it will act as a deterrent. UglyGorilla may never see the inside of a court, but younger would-be hackers might want to travel to the United States and so they will hesitate before they break into American companies’ networks. In an Asia Unbound podcast, Evan Medeiros, special advisor to the president and senior director for Asian affairs at the National Security Council, suggested that the next step might be punishing the state-owned enterprises that have benefited from the stolen intellectual property, business plans, and trade secrets.    

Beijing’s response was predictable. It denied that China engages in cyberattacks and denounced the United States as a hypocrite, citing the Snowden revelations as evidence that Washington is the “real hacking empire.” It also suspended the U.S.-China Cybersecurity Working Group. There has also been a notable increase in pressure on U.S. technology companies operating in China, though that is also a byproduct of the NSA revelations.

As the United States has criticized China, it has tried to differentiate between "good spying"—the political and military espionage that every country engages in—and "bad spying"—the theft of intellectual property to benefit individual companies. There is no sign that Beijing will accept that norm. In a June 2014 speech, Vice Foreign Minister Li Baodong rejected the distinction. “An individual country,” said Li, “has exercised double standards on the cyber issue, drawn lines out of its selfish interests and concocted ‘regulations’ only applicable to other countries.”

The suspension of the U.S.-China Cybersecurity working group is bad for both sides. Washington and Beijing have a shared interest in confidence building in the areas of cyberconflict and in preventing third party attacks on critical infrastructure. These discussions are happening in other international forum, but they need a dedicated bilateral channel to make any real progress.

Chinese cyberattacks continue, and the United States is still searching for ways to raise the cost for the attackers. In the short term, Washington will need to focus on self help: technical innovation and better defense.