According to public reports, over the last several months computer hackers have stolen proprietary information from DuPont, Johnson & Johnson, General Electric, RSA, Epsilon, NASDAQ, and at least a dozen other firms. Many of these attacks have been traced back to networks in China, but it is unclear whether criminals, government agencies or some combination of the two are responsible for the attacks.
U.S State Department cables obtained by Wikileaks further describe attacks code-named Byzantine Hades on U.S. technology and defense companies that appear to be the work of China’s People’s Liberation Army.
Regardless of the source of the attacks, the United States must work independently and, when possible, cooperatively with China to reduce the threat.
Chinese cyber espionage is part of a larger effort to reduce China’s dependence on foreign technology. Chinese leaders are unhappy with being a factory to the world. It is too labor and energy intensive. Chinese leaders fear that Chinese firms will be trapped producing low-value components while American, Japanese and European companies dominate the high-return, intellectual-property-intensive sectors.
The desire for technological self-sufficiency is also tightly tied to concerns about national security. As former Chinese minister of science Xu Guanhua put it in January 2006 when he unveiled a new plan designed to make the country one of the world’s leading science powers by 2020, “China still lacks capability in innovation, particularly in those strategically important areas. We would never buy or borrow the key technologies from the global leading economies.”
The move from “made in” to “innovated in” China has been pushed along by three policy instruments: industrial policy, innovation strategy, and industrial and cyber espionage. Industrial policy involves top-down, state-directed technology programs often focused on specific sectors and the government research institutes. Innovation strategy includes more bottom-up efforts to encourage technological entrepreneurship through university-industry collaboration and small start-ups.
Cyber espionage is a concerted effort to steal all types of high-value technologies. Cyber attacks are becoming more pervasive and often rely on spear phishing – targeted emails that trick recipients into clicking on bad links or attachments.
Efforts to raise the issue of hacking directly with Chinese policymakers have generally elicited two responses. There is a Captain Renault-like response that Beijing is “shocked, shocked” that this could happen since hacking is illegal in China.
Other policymakers complain, with some justification, that China is itself victim to cyber attacks, many of them appearing to originate in the United States. The People’s Daily, for example, cites a 2006 report that the approximately 27,000 Trojan horse attacks on China came mainly from the United States.
Still it may be possible to shift Chinese decision makers’ view on the utility of cyber attacks. The security researcher Dillon Beresford’s announcement that he successfully entered the networks of central ministries and provincial governments as well as the People’s Liberation Army and universities can only heighten the sense of mutual vulnerability that Chinese and American policymakers must feel. Cooperative efforts, like the FBI dispatching a cyber security expert to cooperate with Chinese authorities on investigations, are an important first step to building trust between the two sides on criminal hacking.
The United States may also be able to appeal to those who want China to become more innovative but think industrial policy and cyber espionage are counterproductive. Advocates of innovation strategy fear state-led efforts will lead to the isolation of the Chinese market, further inhibiting technological development.
This innovation-strategy faction should be sympathetic to similar arguments about the deleterious effects of cyber espionage on Chinese innovation capabilities. In fact, dependence on foreign secrets is likely to lessen the ability (and desire) of Chinese firms to push the technological envelope.
The desire to reduce dependence on foreign technology is tightly held by the Chinese leadership so progress on the cyber espionage front is likely to be halting. This means that while the United States should continue to try to shape the debate within China on the subject, in the near term a better defense is the best option.
via Curbing Chinese cyber espionage – Global Public Square – CNN.com Blogs.