The Obama administration announced a broad new effort Wednesday to fight the growing theft of American trade secrets following fresh evidence linking cyberstealing to China's military.
The plan includes a new diplomatic push to discourage intellectual property theft abroad along with better coordination at home to help U.S. companies protect themselves. The administration says indications are that economic espionage is increasing, not only through electronic intrusion over the Internet but also through the recruitment of former employees of U.S. companies with knowledge of inside trade information.
"Trade secret theft threatens American businesses, undermines national security and places the security of the U.S. economy in jeopardy," said a report from the White House. "These acts also diminish U.S. export prospects around the globe and put American jobs at risk."
Earlier this week, a Virginia-based cybersecurity firm, Mandiant, accused a secret Chinese military unit in Shanghai of years of cyberattacks against more than 140 U.S. companies. Mandiant concluded that the breaches can be linked to the People's Liberation Army's Unit 61398. The accusations and supporting evidence increased pressure on the United States to take more action against the Chinese for what experts say has been years of systematic espionage.
China denies involvement
The Chinese government denied being involved in cybertheft, with China's defence minister calling the Mandiant report deeply flawed. China's Foreign Ministry said that country has also been a victim of hacking, much of it traced to the United States.
Military experts believe the unit is part of the People's Liberation Army's cybercommand, which is under the direct authority of the General Staff Department, China's version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China's military.
The release of the Mandiant report, complete with details on three of the alleged hackers and photographs of one of the military unit's buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.
'Now, Congress must act as well by passing legislation to give our government a greater capacity to secure our networks and deter attacks.'—U.S. President Barack Obama
"If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation," said Shawn Henry, former FBI executive assistant director. "This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be."
Wednesday's Obama administration report did not specifically target any one violator, but the China problem is evident in the case studies it cited. Those examples did not involve cyberattacks, but rather the theft of hundreds of millions of dollars in trade secrets by former employees of U.S. corporations including Ford Motor Co., DuPont Co., General Motors Corp., Cargill, Dow Chemical Co., Valspar and Motorola.
U.S. President Barack Obama signed an executive order last week aimed at helping protect the computer networks of American industries from cyberattacks. It called for the development of voluntary standards to protect the computer systems that run critical sectors of the economy such as the banking, power and transportation industries. It directed U.S. defense and intelligence agencies to share classified threat data with those companies.
He also prodded Congress during his State of the Union address to go further.
"Now, Congress must act as well by passing legislation to give our government a greater capacity to secure our networks and deter attacks," Obama said.
The president said America's enemies are "seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
The new report was short on specific consequences for trade secret theft, with no new fines or other trade actions announced. It included five actions to protect American innovation: Applying diplomatic pressure by senior officials to foreign leaders to discourage theft.
- Promoting best practices to help industries protect against theft.
- Enhancing U.S. law enforcement operations to increase investigations and prosecutions.
- Reviewing U.S. laws to determine if they need to be strengthened to protect against theft.
- Beginning a public awareness campaign.
Focus should be on hackers, not companies
Henry, the president of the security firm CrowdStrike, said that rather than tell companies to increase their cybersecurity, the government needs to focus more on how to deter the hackers and the nations that are backing them.
James Lewis, a cybersecurity expert at the Centre for Strategic and International Studies, said that in the past year the White House has been taking a serious look at responding to China. "This will be the year they will put more pressure on, even while realizing it will be hard for the Chinese to change. There's not an on-off switch," Lewis said.
In denying involvement in the cyberattacks tracked by Mandiant, China's Foreign Ministry said China too has been a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said that in 2012 alone foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.
"Among the above attacks, those from the U.S. numbered the most," Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.
Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies but acknowledge that intelligence agencies routinely spy on other countries.
China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing's military policies, such as any plans for action against Taiwan or Japan.
In its report, Mandiant said it traced the hacking back to a neighbourhood in the outskirts of Shanghai that includes a white 12-storey office building run by the army's Unit 61398.
Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks, or they are being done by a secret organization of Chinese speakers, with direct access to the Shanghai telecommunications infrastructure, who are engaged in a multi-year espionage campaign being run right outside the military unit's gates.
"In a state that rigorously monitors internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai," the Mandiant report said, concluding that the only way the group could function is with the "full knowledge and co-operation" of the Beijing government.
The unit "has systematically stolen hundreds of terabytes of data from at least 141 organizations," Mandiant wrote. A terabyte is 1,000 gigabytes. The most popular version of the new iPhone 5, for example, has 16 gigabytes of space, while the more expensive iPads have as much as 64 gigabytes of space. The U.S. Library of Congress' 2006-10 Twitter archive of about 170 billion tweets totals 133.2 terabytes.