I have been beating this one the death, and will not for a while after this, but the gap between the supposed threat of cyberespionage and our response to it continues to amaze. From Ellen Nakashima, we learn this morning that a “new intelligence assessment has concluded that the United States is the target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness.” Not exactly news, but it does seem to be receiving elevated consideration inside the government. The planned USG response? According to Nakashima: “Analysts have said that the administration’s options include formal protests, the expulsion of diplomatic personnel, the imposition of travel and visa restrictions, and complaints to the World Trade Organization.” Wow, that will have the Chinese quaking in their boots. In reality, if the Chinese gains from cyberespionage are as great as the USG proclaims, these planned USG responses are an easy cost for the Chinese to absorb. The problem, of course, is that we have few other options. A threatened military response is not credible and would not be legally justified in any event. Our dependence (and interdependence) on the Chinese economy makes real economic sanctions very unlikely. And of course we spy on the Chinese (though not in the private sector in the same way as the Chinese) and promote hacktivism against the Chinese as well. So in truth we have little leverage beyond the weak steps being considered. The contrast between our strategy to confront cyber espionage and our strategy to defend networks from cyberattack continues to grow, as this NPR story – entitled Pentagon Goes On The Offensive Against Cyberattacks – shows. One wonders if the folks dealing with the cyberespionage threat are talking to the people dealing with the cyberattach threat. They must be, in Cyber Command and elsewhere, but there is little public evidence.