This week, the US-China relationship has entered unfamiliar territory. Many Americans have long alleged that China is the major source of cyberattacks on the US, but a new 60-page report from American security firm Mandiant featured unprecedented evidence linking at least 141 cyberattacks since 2006 to four large computer networks in Shanghai.
The report attributes the most sophisticated attacks to a 12-story office tower in Shanghai’s Pudong District that is home to Unit 61398 of the People’s Liberation Army. The only other possibility, the report concludes somewhat cheekily, is that “a secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multiyear enterprise-scale computer espionage campaign right outside of Unit 61398’s gates.”
The attacks were often commercial in nature, according to Mandiant, focused on acquiring intellectual property including technology blueprints, manufacturing processes and business plans in many of the industries the Chinese have identified as strategic to their growth. Others pose a clear security threat to the US, targeting critical infrastructure such as the electrical grid, waterworks and gas mains.
The report’s unprecedented level of detail – including that 97% of operators’ keyboard layout settings were “Chinese (Simplified),” and that the identities of several Chinese hackers were revealed when they accessed Facebook or Twitter – has made the usual evasive dance of Chinese officials sound increasingly unconvincing. “Hacking attacks are transnational and anonymous … We don’t know how the evidence in this so-called report can be tenable,” Foreign Ministry spokesman Hong Lei said in response to the report.
In the past, the Obama Administration has chosen to complain about cyberattacks to the Chinese in private. That tactic now looks increasingly unsustainable. Evan Osnos of The New Yorker writes that the Mandiant study and the willingness of US officials to confirm its findings signal “a blunt new American counteroffensive against the era of Chinese cyber attacks.”
The first step in this counteroffensive is the kind of “naming and shaming” that we are seeing right now, Adam Segal, an expert on Chinese cyberattacks at the Council on Foreign Relations, wrote in an emailed response to China Economic Review. The US government has begun talking more publicly about Chinese hacking, including President Obama’s mention of cyber threats during last week’s State of the Union Address. The Obama Administration has also promised to warn Chinese counterparts in coming weeks that these attacks are becoming so intense as to damage the Sino-US relationship.
These threats have helped unite the US government and companies to mount a defense. President Obama signed an executive order on February 12 calling for the government and companies that oversee critical infrastructure, like the electrical grid and gas mains, to share information on cyber threats – though it remains to be seen how close or effective this cooperation will be.
In the longer run, the US Congress could counter the attacks by launching targeted sanctions against individuals and organizations, likely related to travel or trade. But these methods are unlikely to be used until the first approach is exhausted, said Segal.
So will naming and shaming work? The tactic could disrupt cyberattacks initially, as the Chinese government tries to smooth over the many disruptions these reports have caused. These exposés will be a blow to China’s commercial and political partnerships overseas, not to mention its “soft power” strategy. With mounting economic and social problems to address at home, China’s top officials are likely to try to defuse any conflicts that could disrupt trade and the US-China relationship – though of course they will deny any involvement in attacks.
But cyberattacks seem likely to continue in the longer run, albeit in a savvier form. The Chinese have huge commercial and security incentives to continue this sort of theft. In the end, US actions are likely to merely drive these networks further underground. Next time, Chinese hackers certainly won’t log on to their Twitter accounts.
