With regular ChinaFile Conversation contributor Elizabeth Economy on the road, we turned to her colleague Adam Segal, Maurice R. Greenberg Senior Fellow for China Studies at the Council on Foreign Relations in New York. Segal said that “the time for naming and shaming has passed. That strategy is clearly not working.”
Even if the Obama Administration plans to make it clearer to the incoming leadership in Beijing that cybersecurity is significant to bilateral relations between the world’s two largest economies, the U.S. must take more concrete actions to solve the problem, Segal said in a telephone interview.
“First, the U.S. government has to put some of its own cards on the table in addition to those laid out by Mandiant,” Segal said, referring to the Virginia-based information security firm whose February 19 report labeled a unit of the China’s People’s Liberation Army an “Advanced Persistent Threat” of the highest order. “I suspect that the U.S. has better intelligence than Mandiant.”
Indeed, last October, outgoing Defense Secretary Leon Panetta, in a speech to the Business Executives for National Security, said that attribution is getting easier, which was clearly meant as a deterrant to Chinese and other hackers. But that hasn’t happened yet, Segal said, adding that it must if American businesses are to be shielded from cyberespionage that threatens to undermine the American competitive edge. “Thus far, the U.S. and China are dealing through proxies in this war of words. We’ve been relying on Mandiant and the press to deliver the message, which is an effective tool to avoid making the issue too hot,” Segal said. “But it’s not an effective way to solve the problem.”
If other countries—Russia, Israel, France, and the U.S. itself, to name but a few—are known to engage in cyber espionage, why all the attention on China now? Segal says that China is in the hot seat because while U.S. law makes it illegal to engage in industrial espionage, China does not recognize any distinction between economic espionage and military espionage or spying for the good of the nation. “China is trying to move up the value chain in the world economy, partly through cyber espionage. This is a threat to U.S. economic competitiveness,” Segal said. "While Israel, France, and Russia may also be involved in these practices, it’s about the pure scale of the attacks from China.”
Why, then, if it’s about safeguarding intellectual property and economic competitive edge might some of the attacks have been aimed at private firms that are linked to computer system controls of America's energy grid?
“In that case, the hacking is not going after industrial information but is China sending a message of deterrence, if there’s a conflict over islands in the South China Sea, China wants Washington to understand that if they wished to they could see to it that the U.S. homeland also could be compromised.” This is dangerous, Segal said, because while the U.S. has said the law of international armed conflict applies to cyberspace, China has signaled that cyberspace should be considered a new kind of turf altogether, one that requires new regulations.
“The potential for misperception is great, because we don’t really know what set of assumptions under which the Chinese are operating.”