Chinese Cyber Espionage: What To Do?
In the wake of both revelations that the U.S. government has accused five People’s Liberation Army officers of crimes related to economic espionage and the threat of cyberwar brought on by hackers like UglyGorilla, Adam Segal at the Council on Foreign Relations reports that three documents have surfaced that explain the “who,” “how,” “why,” and “why it matters” of Chinese cyber espionage:
The “why” was laid out in a speech Chinese President Xi Jinping made on science and technology to the Chinese Academy of Sciences and Chinese Academy of Engineering on Monday, June 9. As the New York Times notes, Xi hit many of the nationalistic notes that have motivated technology policy over the last twenty years: China was in the past a great science and technology power; China is now too dependent on the West for critical technologies and must spur its own indigenous innovation; and science and technology are key to economic and national security. China is pursuing this goal through massive investments in science, technology, and education; the continued reform of research institutes, state-owned enterprises, and government agencies; and efforts to create incentives for entrepreneurship and innovation. Research and development (R&D) investments have increased by double digits annually for each of the past twenty years, and in 2011 China passed Japan as the world’s second largest spender on R&D. There is, however, a darker side to these efforts. The illicit transfer of intellectual property (IP) through the failure to protect IP in the domestic market, industrial espionage, or cyber theft, also plays a role in efforts to move the economy up the value chain and to bolster the competitiveness of Chinese companies.
The “why it matters” was answered when the Center for Strategic and International Studies (CSIS) and McAfee published their attempt to determine the costs of cyber crime and espionage. They estimated the annual cost to the global economy to be more than $400 billion; this includes crimes like bank fraud and identity theft targeted at individuals and cyber espionage directed at governments and companies. The report argues that the situation will get worse as more businesses move online creating more targets and as countries get more adept at using the IP they have stolen to manufacture competing goods.
Over a three-day period we answered the “who,” “how,” “why,” and “why it matters,” but we’re still struggling with the “what to do about it.” The CSIS-McAfee report suggests that countries will tolerate cyber crime as long as it stays at acceptable levels—less than 2% of GDP. Though the report estimates that the cost of cyber crime to the United States is 0.64% of GDP, the DoJ indictment is certainly escalated the issue in the U.S.-China relationship. George Kurtz, CEO and President of CrowdStrike, hopes to build on the campaign of “naming and shaming” and that Panda Putter “further cast the spotlight on China, and helps encourage the dialogue on dealing with this issue.” The CSIS-McAfee reports argues that there are two possible responses to the rising tide of cyber crime: improved technology and better defenses, and international agreements on law enforcement and state behaviour. [Source]