The U.S. and China opened high-level security and economic discussions last week in Washington, and critical cybersecurity concerns are on the agenda. The Administration’s diplomatic efforts on cybersecurity, however, have so far failed to deter aggressive Chinese cyber attacks against the U.S. public and private sectors.
Over the past year, several reports have been released that outline the scope and scale of Chinese hacking against the U.S. government and private-sector companies. While this naming and shaming is the first step, more must be done to prevent the People’s Liberation Army (PLA) and other cyber entities from continuing their cyber attacks on the U.S. Indeed, without any real pushback from the U.S., the Chinese have no incentive to change their bad cyber behavior, and politely asking them to stop is unlikely to be effective.
Larry M. Wortzel—an expert on the Chinese military, security, and politics—testified recently that military entities in China are using advanced cyber-technology to conduct large-scale cyber-espionage against the U.S. The goal of these operations, he stated, is to gain strategic advantages and to infiltrate sensitive defense networks. As recent cyber attacks on Nortel and Lockheed Martin demonstrate, Beijing is able to take advantage of foreign information and innovation without the financial costs of research and development.
The ultimate goal for China, Wortzel testified, is to achieve the offensive capability to shut down U.S. ports and compromise critical infrastructure. This is a genuine threat to national security, as China has already demonstrated this ability: In 2011, NASA revealed that Chinese hackers were able to gain “full functional control” over one of its critical mission systems.
Before further damage is done, the Obama Administration and Congress should act to deter aggressive nations such as China through financial, legal, and travel sanctions.
To bolster the U.S.’s domestic cyber defenses, Congress should enact a framework for voluntary information sharing between the public and private sectors, which would enable cooperation and remove the legal ambiguities currently in place. It is important that such a framework protect well-meaning companies from regulatory or legal penalties. The government should also be compelled to share information and intelligence more quickly with the private sector.
The invasion of U.S. cyberspace provides China with economic and military advantages over the U.S. and, without a strong U.S. response, is unlikely to stop any time soon. Therefore, before the U.S. engages in hollow cybersecurity discussions with a bad actor such as China, the Administration and Congress should enact policies that increase the international costs of hacking and enhance U.S. cybersecurity efforts at home.