How to fight Chinese cyber attacks without starting a cold war.
The Chinese People’s Liberation Army has been systematically stealing technology worth billions of dollars from countless American companies in many industries. Is this news?
Not to American intelligence agencies. Not even to anyone else who’s been paying attention. But publicly available evidence is new and fascinatingly detailed, as the recent report from the private forensics firm Mandiant showed. The hidden story here is that the private sector can perform first-class intelligence collection and analysis that a few years ago could have been done only by a nation-state. Meanwhile, our own government is keeping mum — tangled in World War II-era rules about classified information and fearful of disrupting relations with a nation that owns huge amounts of our national debt.
If we’re waiting until China decides to "play fair," we’re in for a long wait. China won’t play fair with us any more than Western powers played fair with China when we carved it up into concessions in the 19th century and imposed Western law on Chinese territory. This is realpolitik. China’s intelligence services will continue to steal Western technology unless the price of that behavior becomes too high.
We’re in a strategic trap that’s partly economic and partly in our heads. We tend to think strategic relationships are governed by an on/off toggle switch between peace and war. When things go wrong, this crude dichotomy condemns us to think we have only two choices: Call in the lawyers, or call in an air strike. In fact, international relations are messy and fluid. We sometimes have serious disputes with allies, and we sometimes find common ground with adversaries. Permanent alliances have begun to seem less than permanent. When adversaries get aggressive with one another, there is a wide gray space between war and peace. The Cold War with the Soviet Union took place largely in that gray space, and it was often nasty.
But we are not in a cold war with China and don’t wish to be. During the Cold War, we did not trade with the Soviet bloc, and travel across the Iron Curtain was virtually nil. When the Soviet Union went bankrupt, we cheered. In contrast, U.S.-China trade is vast, travel is free, and China bankrolls our appalling national debt. If China went bankrupt, we’d have a depression, not a celebration. War talk of any kind, even cold war talk, is therefore rash. We are dealing with a very rough competitor — but not an enemy.
It’s always easier to see one’s own vulnerabilities than the other side’s. China cannot bring the United States to its knees without doing worse to itself. A depression in the United States would cause crippling hardship, but economic collapse in China would not only create widespread hardship, it would threaten the future of the Chinese Communist Party. If we are over a barrel, so are they. But China understands our appetite for its markets, so it’s willing to take risks with the relationship. So far we haven’t made its risks seem very risky.
To change that, the United States will have to play more aggressively in the gray space, both openly and not-so-openly. On the open side, we should begin imposing visa and financial restrictions on a select set of actors and their families. If we can prove particular companies have benefited from stolen technology — that’s difficult, but we should devote more resources to it — let’s ban their products or impose heavy import duties and encourage our allies to do the same.
Legislation pending in the House would push the government to provide more classified information to the private sector, or at least to the companies that own the vertebrae of the telecommunications backbone. Less well known is the reluctance of private firms to share information about network threats among themselves. Sometimes the reluctance arises from perceived competitive advantage. But that explanation cannot possibly apply to every firm in an industry, and even the most secure firms would be better off if they were privy to industry-wide information about emerging cyberthreats. The House bill would protect companies that act in good faith to protect their networks or share threat information, and it contains strong privacy protections. Passing this bill should be a no-brainer, but the civil liberties lobby has consistently opposed it. Their opposition is a replay of that lobby’s defense of the pre-9/11 "wall" that prevented the criminal side of the Justice Department from knowing what the intelligence side of the department knew and vice versa. Artificial legal barriers that prevent the flow of threat information to agencies and companies that need it cannot be defended. It’s time to pass the House bill.
The name for the not-so-open side is covert action — carefully calibrated and decidedly unfriendly steps to raise the price to China of its wholesale economic espionage. Speculating openly about actions intended to be covert would be decidedly unhelpful, so I’ll say only: This sphere of action demands serious consideration. But this is no time for chest-thumping. Frozen relations between the United States and China would be costly; war would be a strategic disaster for both sides. America’s strategic goal must remain China’s peaceful integration into international institutions and expanded trade while maintaining our strategic position in the western Pacific.
In the Cold War, the United States and Soviet Union took years to understand each other’s strategic behavior and reach tacit agreement on how to escalate and de-escalate tensions before they led to war, and even then we came terribly close to conflagration. Similar understandings do not yet exist in cyberspace, but they can emerge only through carefully considered action and reaction, much of it out of public view. Those who say the threat is hyped must now confront the evidence. Inaction on our part will make the situation worse. American and other Western businesses are being stripped of their intellectual property. It’s time we defended ourselves.