“Chinese pursuit of intellectual property, sensitive research and development plans, and U.S. personnel data remains a significant threat to the United States government and the private sector,” Dan Coats, the Director of National Intelligence, said in a testimony at the Senate Select Intelligence Committee in January 2019. What Director Coats forewarned is happening in real time, too—a woman at Mar-a-Lago, Yujing Zhang, was recently caught by the Secret Service in an espionage attempt, carrying four cell phones, a laptop, external hard drive, and a USB containing malicious malware. President Trump dismissed this case, claiming he was “not concerned at all.” For years, the president has touted a hostile rhetoric toward China vis-à-vis trade and how it ruins the U.S. economy, even demanding tariffs on over 250 billion dollars worth of Chinese goods. Yet, in its relationship with China, a traditional trade war is not the only thing the United States should be concerned with. Recently, China has unleashed multiple cyber efforts to hack into U.S. businesses to benefit Chinese state-owned enterprises, otherwise known as commercial espionage. This is disturbing and alarming, as Director Coats’ sentiment has noted, because it directly harms U.S. national interest of retaining economic power, as well as the economic prosperity of U.S. private firms.
Much of Trump’s rhetoric and agenda is geared towards making the United States economy as great as possible. To ensure this, though,, there must be larger efforts to prevent Chinese commercial espionage by first identifying the trends and wants of Chinese firms and simultaneously assisting U.S. private firms in boosting their cyber defenses.
China Resurgent
China has been rising as a strong economic power ever since Deng Xiaoping took lead with his reforms in 1978. China’s GDP had risen steadily in that frame, and even more so in the mid 2000’s when China had joined the WTO and started to regionalize Asia. The ever-increasing economic strength continues to this day as China continues its massive trade venues with multiple countries. This sentiment speaks largely to Chinese intentions of becoming the world’s strongest economic power, and China is doing so with commercial espionage. Indeed, much of Chinese economic espionage benefits the Chinese government’s economic policies.
Many of the economic espionage cases are attributed to Unit 61398, China’s cyber-warriors in the People’s Liberation Army. A large portion of these hacking attempts against U.S. businesses, such as Google, typically involved highly sophisticated and targeted attacks on computer infrastructure. The result usually ends not with cyber-sabotage, but rather theft of protected intellectual properties. Chinese companies use this information to compete on the market, and as a result, U.S. companies lose potential profits to counterfeit items. These exploits have great consequences for the U.S. economy and national interest.
The U.S. no longer holds any sort of competitive advantage, so long as Chinese hackers continue to steal sensitive company secrets. As such, profit margins crash, which leads to weaker rates of market growth. However, aside from an economic loss, the United States faces long-term challenges from China in the realm of state competition. The more China steals from the U.S., the more Chinese markets become appealing; other countries might be swayed to the Chinese market because it is cheaper and might offer more than what the U.S. offers vis-à-vis private sector firms. The United States, at that point, might begin to lose economic partners to China, tipping the power scales toward China. Put another way, China may be able to sway many of our trading partners, such as Japan or South Korea, weakening the U.S. position in East Asia. However, East Asia isn’t the only area of concern—China also has begun to expand its soft power reaches through the Belt Road Initiative. If China continuously steals U.S. trade secrets to make their markets more competitive, that in tandem with the increased BRI soft power reaches speaks to a stronger hold over the world by China. While that kind of speculative threat is far in the future, it is still of serious concern to the U.S.—commercial espionage causes the United States to lose the power status held in the world, while also threatening U.S. economic national interests.
Chinese espionage is only getting worse, though. China has ramped up its cyber-espionage once Trump came into office. Prior to Trump’s presidency, President Obama made an agreement with Xi Jinping to assure that Chinese theft of intellectual trade property would no longer occur. However, this agreement was broken as soon as Obama left office because the agreement Xi Jinping had with him was no longer seen on-going into the next presidency.
Currently, to combat Chinese commercial espionage, there have been some developments. Former Attorney General Jeff Sessions started the China Initiative, which tries to identify priority Chinese theft cases, while also aiming to prosecute hackers quickly and effectively. The U.S. Senate also created a bill that targets Chinese economic espionage and seeks to bring charges against those who are perpetrators; however, finding perpetrators and prosecuting them is harder than it seems. Most Chinese hackers will never see the trials that occur in a courtroom because China is not going to willingly extradite government authorized hackers within their territories. Moreover, these current efforts by the U.S. government are more offensive than they are defensive, and that’s the problem. The U.S. needs to ensure that it has a strong defense before we can start to search for and prosecute hackers.
Defensive Measures
A lot of the current initiatives by the U.S. are offensive, leaving a gap in our defenses. This is evident in the 2015 Office of Personnel Management hacking via China, or perhaps the 2014 Sony hack via North Korea. Commercial espionage by Chinese hacking will continue to happen so long as this gap remains. While pursuing U.S. offensive strategies, defensive measures should be adopted. Building defenses against Chinese commercial espionage must begin with a fast and comprehensive identification process of what Chinese firms are targeting in the United States. This includes identifying trends in the market and observing what Chinese firms are doing. The point of this is to first understand what Chinese firms’ goals and which economic policies the Chinese government forwards, and then adjust U.S. business cyber-defenses accordingly.
This identification process should entail multiple inter-agency cooperation—primarily through the Department of Treasury, Department of State, and the Central Intelligence Agency. The CIA is necessary because they have authority to gather and disseminate information. CIA can push for more intelligence officers to gather information abroad on what Chinese firms are looking for. For instance, valuable information that can be obtained would be what Chinese CEOs are lacking in terms of profit margins and diversification of products to sell, or perhaps long-term investments that Chinese CEOs and companies might have. Data-analysis should be conducted in the form of competing hypothesis analysis to identify the possibilities of what Chinese firms want.
Such information of what Chinese firms want should be passed to other branches of the government, while also being given to the U.S. private sector. Though, to some, the legality of forwarding intelligence data-analysis, which is typically classified, might be controversial because some may argue that is too much government intrusion. However, the Trump administration is starting to warn private firms of Chinese hackers and their targets, and this should continue. It is imperative that the private sector understands trends and differences of Chinese firms, as that will allow private companies to better protect their intellectual property. How private companies decide to use that information is entirely to their own discretion. For instance, if a U.S. biotech firm knows from intelligence analysis that a Chinese firm is seeking new biotech hardware, then it will be more alert and conscious of protecting its assets. The U.S. government can also play a large role in bolstering private sector defenses by offering voluntary assistance in identifying weaknesses in computer infrastructure that protects intellectual property.
Moreover, the Department of Treasury can begin placing more sanctions on Chinese firms, as well as other firms in China that aren’t sanctioned, and begin to trace their economic movements. While this is an offensive tool in the U.S. arsenal, sanctions can be used defensively. If China continues to hack into U.S. private firms, the Treasury Department can begin to threaten sanctions (primary and/or secondary) on particular Chinese firms or market industries. For example, if a particular Chinese biotech firm is accused of using sensitive, stolen intellectual property from a major U.S. biotech company for its own gain in the market, the Treasury Department can threaten primary sanctions to forbade trade with that Chinese firm and the U.S. market. This will incentivize Chinese firms to carefully consider if they want to use stolen information at the risk of losing its biggest trading partner, the United States. Additionally, the Treasury Department can utilize secondary sanctions on Chinese firms, which boycotts and punishes other foreign countries from trading with the United States if they choose to trade with that targeted Chinese firm. Secondary sanctions incentivize other countries to refuse trade with a Chinese firm that is being sanctioned, thus forcing Chinese hackers and policymakers to contemplate the benefit and cost of engaging in commercial espionage. The purpose of utilizing sanctions against Chinese firms should not only disincentivize them from stealing commercial information, but also bring them back to the negotiating table. The threat of sanctions may bring U.S. and Chinese diplomats to discuss an advantageous strategy and policy that does include the theft of U.S. commercial information and sanctions on China.
In the course of renegotiations, the Department of State can continue diplomatically discussing all other venues with Chinese officials and to stop economic espionage. The diplomacy between the two countries is nothing more than a never-ending ballroom dance, but it is necessary. At the same time, the State Department should keep close tabs on Chinese economic intentions stated in diplomatic meetings. The entirety of this solution is a cycle that is, first and foremost, defensive and reactionary. Moving too hastily into demanding prosecutions and other offensive measures against an abundance of Chinese hackers will do no good, so long as our companies remain vulnerable.
Uncertain World
China is increasingly becoming a challenger to U.S. interest, and that should not be underestimated. Understanding how the Chinese operate and where they intend go with their broader goals via economics is paramount to ensuring we do not lose our economic status, as well as harm our businesses, in the world. It is essential that the United States adopts a defensive policy measure in tandem with its current offensive course of action. This will not only continuously pursue hackers to bring them to justice, but also ensure the safety and economic integrity and growth of the United States. Chinese hacking and commercial is a serious threat, and as the world evolves into a more regionalized and interconnected economic field, the more prevalent the threat of Chinese espionage will become. For that reason, the United States must be pre-emptive in action, but also cautious of our cyber defenses.