recommended reading

Cyberspying Indictments Will Not Stop China From Hacking U.S. Businesses, Insiders Say

Charles Dharapak/AP

The high-profile U.S. indictments against five Chinese military officers will not encourage China to stop hacking American businesses to steal valuable trade secrets, virtually all of National Journal's National Security Insiders said.

It was the first time the U.S. brought a criminal case against a foreign government for cyberspying, but 91.5 percent of NJ's pool of security experts downplayed the move, calling the charges "simply silly" and "an empty gesture."

"China will continue to pursue its interests in acquiring access to U.S. secrets at any cost," one Insider said. China will meet last week's indictments, another Insider added, "with a big yawn (and lots of self-serving rhetoric) and continue business as usual."

The legal action might instead encourage China to try harder to avoid detection, Insiders said. "The door to the bank vault is still open."

The real solution, one Insider said, "is to stop complaining and start developing robust widespread encryption to protect everyone from China and the NSA." One Insider said China "won't stop until the U.S. finds an effective sanctions mechanism—and we don't have that yet." 

A slim 8.5 percent minority said the cyberespionage indictments might make an impact on China. "It will infuriate them, but it will also underscore to them the potential costs associated with what they have assumed, up until now, is risk-free (and potentially very profitable) behavior," one Insider said. 

Just days after the charges, Beijing accused the U.S. of launching its own large-scale cyberattacks against the Chinese government and Chinese companies. Yet 76 percent of Insiders said Attorney General Eric Holder's high-profile, public announcement of the charges—the Obama administration's most direct confrontation over China's alleged theft of intellectual property—was the right approach. 

The problem of China's cyberspying has "already been raised at the head of state level, the secretary of Defense level, and multiple political and diplomatic avenues, to little effect," another Insider said. "The Chinese minister of defense challenged the U.S. to provide evidence of the allegations; ... well, here it is. In itself, the indictments are not sufficient, but in tandem [with] other means, it is an important tool in our tool kit."

The indictments are also an important signal to the U.S. business community, an Insider said, "that the U.S. government is taking action to protect U.S. interests."

A vocal 26 percent objected to the new tack, especially after Edward Snowden revealed the National Security Agency's mass surveillance operations. "The Obama administration's approach looks like blatant hypocrisy," one Insider said. "It would seem that we would be in a much stronger position to make such strong allegations were we not engaged in so many questionable cyberpractices across the globe, not to mention against American citizens."

The Chinese, another Insider said, "will do their homework, build the case against our own electronic intrusions, and quite possibly regain the high ground here. The old rule of espionage applies here: 'Read my mail once, shame on you; read my mail twice, shame on me.' Like so many of our foreign adventures, this will not end well for us."

See the full results of the survey at National Journal.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.