Cybersecurity

Maybe Those Chinese Cyber Espionage Indictments Weren't So Dumb

By Benjamin Wittes
Tuesday, December 1, 2015, 3:15 PM

A few weeks ago, I took note of the comments of China-cybersecurity expert James Lewis to the effect that those much-derided US indictments of PLA hackers had actually had a big impact of Chinese cyber-spying. At the time, I described Lewis's comments as offering a "far more optimistic analysis of what the administration has been able to accomplish than I had previously entertained."

Now comes along Ellen Nakashima of the Washington Post with a remarkable story that powerfully backs up Lewis's analysis:

The Chinese military scaled back its cybertheft of U.S. commercial secrets in the wake of Justice Department indictments of five officers, and the surprising drawdown shows that the law enforcement action had a more significant impact than is commonly assumed, current and former U.S. officials said.

The People’s Liberation Army (PLA) has not substantially reengaged in commercial cyberespionage since then-Attorney General Eric H. Holder Jr. announced charges against the officers in May 2014, the officials said.

It is still unclear, however, whether President Xi Jinping will be able to deliver on a September pledge to President Obama that China would not conduct economic spying in cyberspace to benefit its own companies.

As the United States and China prepare for high-level cyber-talks in Washington beginning Tuesday, officials and private-sector analysts say there is evidence that China’s civilian spy agency, the Ministry of State Security, continues to conduct significant commercial espionage operations.

The story has some other notable claims:

In the following months [after the indictments], the Chinese military quietly began dismantling its economic espionage apparatus, officials said. PLA leaders, with Xi’s approval, reviewed the military’s cyber-activities. They cracked down on moonlighters within the PLA who were hacking on the side to sell information to companies, and they attempted to halt collection of data that was not central to the national security mission.

What the change in PLA activity shows is that “China is not this implacable, immovable object,” said Rob Knake, a senior fellow at the Council on Foreign Relations and a former White House cyber-official. “We can in fact alter the behavior of at least portions of the Chinese government.”

If Nakashima's account is accurate, it seems to me to present a genuine way forward on China and cyber-spying—which is to say to rely on policies based on public naming and shaming and legal sanction. Another way to describe this is that we should rely on responses outside of cyberspace (in addition to improving cyber defenses, of course) to deter bad behavior inside cyberspace.

I'm honestly not sure why these indictments so bother Chinese officialdom. They wouldn't have particularly bothered me had I been in their shoes. But it's just possible that the administration has found a real point of sensitivity here. Sanctioning of individuals and companies would push on this sore spot and take that pressure to the next level.

That's really good to know.