What To Do About Chinese Cyber Espionage?

A few days after the New York Times, Wall Street Journal, and Washington Post all admitted that their computer networks had been attacked, apparently by China-based hackers, it seems fair to say that both sides agree the "naming and shaming" approach to the problem is not working. The United States can call China out, but it has no real affect on behavior.

In one of the interviews she did in her last days as secretary of state, Hillary Clinton said that "We have to begin making it clear to the Chinese—they’re not the only people hacking us or attempting to hack us—that the United States is going to have to take action to protect not only our government, but our private sector, from this kind of illegal intrusions." But as Jack Goldsmith notes, the use of "begin" is puzzling: administration officials say they have raised the point with their Chinese counterparts numerous times before. Perhaps Clinton’s statement should be read with less emphasis on "making it clear" and more on "have to take action." The National Intelligence Council is reportedly finishing a National Intelligence Estimate detailing the cyber threat, particularly from China, and suggesting concrete measures the United States may take, including cancelling visas and vetting "major purchases of Chinese goods through national security reviews."

Several commentaries and an article in the People’s Daily all suggest that Beijing is not reacting to the public announcements with anything approaching shame. In fact, they all portray the claims as part of an effort to discredit China and distract from the offensive actions the United States is taking in cyberspace. The People’s Daily notes that while the United States is portraying itself as the "patron saint of the free Internet" it has plans to expand U.S. Cyber Command fivefold. He Hui, deputy director at the Communication University of China, argues that the claims about Chinese hacking are getting tiresome and in fact serve three alternate purposes: they raise suspicion about China’s rise in the United States and the rest of the world; help raise defense budgets, especially for cyber weapons; and justify protectionist trade measures against Chinese firms that are beginning to challenge the big American companies.

All of these articles suggest a real problem in the U.S.-China cyber relationship: it seems to be happening primarily through the media. Cyber has been a topic at the Strategic and Economic Dialogue and other more formal discussions. But these do not seem to be succeeding in either mitigating the problem or addressing the mistrust between the two sides. Today the New York Times reported that President Obama has broad powers to order a pre-emptive cyber strike; the PLA Daily retorts that the United States is using the military to respond to network challenges and could trigger a worldwide arms race. Unless we find a better medium than the major papers to signal our disapproval, the PLA Daily may be right.