A new report from a U.S. panel suggested sanctions may be necessary to push Beijing to take action to curb cyberespionage. From AFP:

In an annual report to Congress, the US-China Economic and Security Review Commission charged that Beijing “is directing and executing a large-scale cyberespionage campaign” that has penetrated the US government and private industry.

“There is an urgent need for Washington to take action to prompt Beijing to change its approach to cyberspace and deter future Chinese cybertheft,” said the commission, which was set up by Congress to make policy recommendations.

The report listed proposals aimed at “changing the cost-benefit calculus” for China including banning the import of the manufacturing giant’s goods that are determined to include technologies stolen from the United States.

Other possibilities include restricting access to US banks for companies deemed to have used stolen technologies or banning travel to the United States for people involved in hacking. [Source]

Though cybersecurity was notably absent from the talking points when U.S. Treasury Secretary visited Beijing earlier this month, national security adviser Susan Rice yesterday called on China to rein in cyber theft before it further undermines trade between the two countries. The report also claimed that Edward Snowden’s revelations about U.S. spying efforts overseas set back bilateral dialogue on the issue “by at least six months,” and called cloud computing a potential threat. From Bloomberg:

“Our focus has been on making sure that Defense Department or State Department data, or other government information, is secure,” William Reinsch, chairman of the commission, told reporters before the report’s release. “To the extent those entities use the cloud as well, we think that they need to get a better grip on who’s actually providing their services and where their data is going.” [Source]

U.S.-based security firm FireEye claimed on Wednesday that a number of Chinese cyberattacks appeared to originate from a single source, according to The Wall Street Journal:

By repeatedly turning to previously unknown holes in programs like Internet Explorer and Adobe Flash, 11 different Chinese hacking campaigns targeted high-tech, financial services and telecommunications companies in other countries, according to FireEye.

The researchers say the evidence suggests there is a single group in China – akin to a defense contractor – that built these cyberweapons and distributed them to various hacking teams who focused on different targets.

“Many seemingly unrelated cyberattacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure—a finding that suggests some targets are facing a more organized menace than they realize,” says a new FireEye report. [Source]