The Real Aim of U.S. Indictment of Chinese

Analysis: U.S. Government's Message to China, Others
The Real Aim of U.S. Indictment of Chinese

There are a number of reasons why the U.S. government indicted five Chinese army officers for hacking American corporate computers to steal intellectual property (see U.S. Charges 5 Chinese with Hacking). Bringing the assailants to justice isn't one of them.

See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises

Despite Attorney General Eric Holder's official pronouncement that he hopes the Chinese government will hand over the accused officers to face the 31 charges brought by U.S. prosecutors, few believe a trial will ever take place.

Tim Ryan of Kroll characterizes the indictments as a cyber-age "persona non grata," the diplomatic expulsion of government officials caught - or believed to be - spying. "Spies are no longer residing in the country where they're doing their work, so this is kind of the evolution of a diplomatic row," says Ryan, managing director of the risk consultancy's cyber-investigations practice. "It's to register a diplomatic protest."

The Obama administration is using the indictments to send messages to three different groups: the Chinese government, other nations and American businesses.

The message to the Chinese is that the U.S. is serious about getting them to stop pilfering intellectual property from corporate America. The message directed to other nations: U.S. spying in cyberspace is done for military, political and homeland defense purposes and not to steal commercial ideas to pass along to private companies - or, as in China's case, to state-sponsored enterprises. And the message to corporate America is that businesses can cooperate with federal authorities to go after those who steal intellectual property by hacking into computers - whether the thieves are governments or criminals.

The Indictments

On May 19, Holder announced federal prosecutors indicted five officers of the People's Liberation Army for hacking into the computers of aluminum manufacturer Alcoa, specialty metals producer Allegheny Technologies, the U.S. subsidiaries of Germany's solar-power-products maker SolarWorld, steelmaker United States Steel, trade union United Steelworkers and nuclear plant builder Westinghouse Electric.

The U.S. government has been working on these criminal cases for years, but experts say the indictments were delayed because of last June's revelations by Edward Snowden of National Security Agency e-spying activities.

"Snowden derailed the whole conversation," says Jacob Olcott, principal of cybersecurity practices at risk consultants Good Harbor Consulting and a former top cybersecurity adviser to the Senate Commerce Committee. "When I was working on the Hill, from 2005 to 2011, people were always talking about doing something like this - that we needed a public confrontation with the Chinese. The political calculus at the time was that that public confrontation wasn't really worth it."

But now it is.

"This move indicates the U.S. government is shifting from playing defense in response to Snowden to going on the offensive on matters of fundamental concern to U.S. cybersecurity and economic power," says Indiana University law professor David Fidler, senior fellow at the university's Center for Applied Cybersecurity Research. "One casualty of Snowden's leaks was the initiatives the Obama administration mounted in the first half of 2013 against the pervasive nature of Chinese economic cyber-espionage. The U.S. government is returning to what had been, pre-Snowden, one of the biggest cybersecurity problems the U.S. and other countries faced."

The U.S. government wants to distinguish its e-spying activities for government-political-defense purposes with the espionage conducted by the Chinese to steal corporate secrets to help advance Chinese businesses.

"This distinction, between economic and national security espionage, is not one that the Chinese hold," says Adam Segal, senior fellow for Chinese studies at the think tank Council on Foreign Relations. "And in the wake of National Security Agency's alleged hacking of Chinese technology company Huawei and Brazilian energy company Petrobras, the argument is not one that has much traction with the rest of the world. China will play up its status as victim and see this as a significant escalation."

Challenge of Building Support

Besides, he says even some American allies - Israel and France, for example - don't make the distinction between economic and national security espionage.

Getting other nations to back American principles poses a challenge. "The revelations from Snowden about alleged NSA activities make it very hard to build support for large-scale diplomatic efforts from the rest of the world," Segal says.

Still, George Washington University's Allen Friedman says the U.S. government sees the indictments as a way of getting the Chinese to deliberate about whether to continue their commercial e-spying practices.

"When you're talking at this level, there is no single action that's going to create change," says Friedman, co-author of Cybersecurity and Cyberwar: What Everyone Needs to Know. "Eventually, they'll be a phased shift. This is working in that direction. The challenge is, how do you create progress without creating backlash?"

But Friedman, research scientist at George Washington University's Cybersecurity Policy Research Institute, says the U.S. government might have gone too far in embarrassing the Chinese by posting most-wanted-like posters of the five PLA officers.

"The United States has an international reputation of being cowboy country, and now we literally put up a 'wanted' poster of another sovereign country's military officers," he says. "It's one thing to [send] a direct message to leadership in Beijing; it's another thing to create an optic that could turn out to play very poorly internationally."

Signaling Corporate America

Domestically, though, the indictments send a signal to American corporations that they have a partner in the federal government to battle intrusions into their computer systems, whether from nation states or criminals, to steal intellectual property.

"This is the Department of Justice really trying to double down on being a trusted partner in working with companies," Friedman says. "The FBI has worked very hard for the last three or four years to be a first responder to a lot of these attacks. And now they're trying to up their game."

By upping their game, the FBI hopes to work more closely with business in going after those who infringe on intellectual property through cyber-attacks. Friedman, though, wonders if other businesses in other sectors would be as cooperative with law enforcement as U.S. Steel and Alcoa, companies that have worked with the U.S. government for decades to battle the dumping of steel and aluminum by foreign manufacturers.

But Kroll's Ryan contends that companies in other sectors might have little choice but to cooperate with federal authorities, who usually notify businesses that their systems have been breached and their intellectually property pilfered.

"There are some companies that have suffered multiple intrusions, and they really haven't been aggressive in mitigating these intrusions," says Ryan, a former FBI special agent who once supervised the bureau's largest cyber squad. "Now, they have to start thinking, 'Hey, two to three years down road, could the guy who had done this to us be getting indicted, and will our company's name end up in media?'"

That could serve as motivation to cooperate with law enforcement. At least that seems to be one reason why the U.S. government brought charges against the Chinese.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.