Last week, Mandiant, a private company, released a report that identified a specific bureau of China’s military as responsible for hacking massive amounts of data over the past seven years, mostly from the U.S. Yet, the Obama Administration has been actively trying to avoid embarrassing China for fear of repercussions.
Instead of worrying about the Chinese response, the Obama Administration needs to take a firm but sensible approach to combating cyber crimes.
Described as “one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen,” the People’s Liberation Army’s Second Bureau of the General Staff’s Third Department has been active since at least 2006. Since then, it has stolen hundreds of terabytes of information from over 100 organizations. And this is only one of over 20 Advanced Persistent Threats originating in China that Mandiant is aware of. It is clear that the Chinese government is actively seeking advantages in economic and information warfare, something that Chinese military doctrine calls for—even during peacetime.
Regrettably, the Obama Administration has been trying to play nice. Just a few months ago, Secretary of State Hillary Clinton claimed that both America and China “were both victims of cyber attacks…and it is vital that we work together to curb this behavior.” U.S. intelligence officials “were told directly embarrassing the Chinese would backfire.… It would only make them more defensive more nationalistic.”
Even now, the Administration is continuing to press for cooperation and employing the carrot instead of the stick. Under Secretary of State Robert Hormats thinks the solution is to convince the Chinese that it is in their long-term economic interests to stop hacking. The U.S. has not had much luck convincing China that its interests coincide with those of the U.S. President Obama also had the perfect opportunity to call out China’s bad cyber behavior in his State of the Union address, but he chose to pass.
As long as China can get military and commercial secrets at low or even no cost, there is no reason to stop. By choosing not to confront the Chinese, the Administration has kept the cost of China’s cyber crimes all too low.
The U.S. needs a robust response that challenges China’s bad cyber behavior and raises the cost of such actions:
- The U.S. needs to stop cooperating with China on cybersecurity issues while just hoping for some turn for the better.
- Chinese companies and personnel with stolen intellectual property should be subject to criminal charges.
- The U.S. should lead an international coalition in openly denouncing China’s cyber crimes and determining additional actions to take.
These and other options like visa and travel restrictions should be considered to make it clear that the U.S. will no longer stand for Chinese aggression in cyberspace.