By Matt Luby ‑ August 12, 2016
China is well known for its bustling counterfeit trade. If you cannot afford the latest technology in the US, you will almost certainly find a cheaper alternative on the Chinese market. Chinese cyber-criminals and state proxies have famously stolen designs to reproduce on an industrial level in China. However, China’s cyber-activity is unusual because it is motivated to breach the security of US companies for an economic objective, and not a geopolitical one. Following landmark talks in September 2015, the United States and China publicly agreed not to digitally spy on each other for commercial gain. Has US indictment pressure finally curbed China’s cyber-espionage?
Managing Chinese cyber threats and protecting US intellectual property and trade secrets has been a longstanding issue between China and the US. Security breaches at insurer Anthem, medical device maker Medtronic and US steel have been attributed to Chinese espionage. Prior to meeting with officials, President Obama considered imposing sanctions on Chinese companies known to benefit from breaches.
Following talks between President Obama and Chinese President Xi Jinping in 2015, US officials began pressing their Chinese counterparts to improve co-operation and stop cyber-attacks. Some US lawmakers and presidential candidates claimed the pact agreed between the US and China was a weak display of power from the Obama administration, urging the President to be tougher on the nation responsible for a 53 percent increase in cases of cyber-espionage.
Some US law enforcement and intelligence officials have failed to see a positive change in cyber-activity since the September pledge. Crowdstrike, a cyber security firm, reported China was still engaging in hacks and there have been seven attempted breaches at companies in the technology and pharmaceutical sectors.
Assistant attorney general for US National Security, John Carlin, admitted China’s behaviour could pose a serious threat to national security: “Our economy depends on the ability to innovate and if there is a dedicated nation state who is using its intelligence apparatus to steal, day in-day out, what we’re trying to develop – that poses a serious threat to our country.”
The latest brief from the Institute for Critical Infrastructure Technology (ICIT) warns China's five-year plan for 2016-2020 is still largely dependent on the digital theft of intellectual property from Western nations. The brief, titled “China’s Espionage Dynasty: Economic Death by a Thousand Cuts”, highlights that while it is possible China has reduced its targeted attacks against American organisations, China has restructured its cyber operations to assert greater control over its operatives. China may have reined in its most obvious threats, but continues to infiltrate Western businesses with virtually undetectable advanced persistent threat (APT) attacks. Further, ICIT predicts growth in China's cyber-espionage program based on the aggregation of reports from the US government and cybersecurity firms.
Following China’s persistent IP theft and cyber-activity, the US will likely take a tougher approach to protect its intellectual property – issuing sanctions or public deterrents to regain complete IP ownership. At the very least, an evaluation of current relations between the US and China will be required in order to halt this very significant threat to US National Security.