I have often asked whether the Obama administration had a strategy to confront the apparently enormous problem of cyber exploitation by the Chinese against U.S. firms. Yesterday it published the Administration Strategy on Mitigating the Theft of U.S. Trade Secrets. John Reed at FP describes this document as a “strategy to fight back against the wave of intellectual property (IP) theft facilitated by cyber espionage that has hit U.S. businesses in recent years.” But it does not purport to be that, and I certainly hope it is not the full USG plan to deal with Chinese cyber exploitation. The Strategy mentions cyber-theft as one element of a larger U.S. problem of theft of U.S. intellectual property by many means. Consistent with this broader theme, the Strategy begins with an (inadvertently) ironic and, in context, self-refuting three-year-old quotation from President Obama (“We are going to aggressively protect our intellectual property”) that was delivered in a speech about enhancing U.S. trade (and in a paragraph promoting the Anti-Counterfeiting Trade Agreement). The Strategy is twelve pages long followed by Annexes that contains mostly previously published information (such as this 2011 Office of the National Counterintelligence Executive Report). Those twelve pages outline a legal-diplomatic-educational approach to the general problem of intellectual property theft that has been characteristic of the U.S. intellectual property protection strategy for a long time.
As a response to the Chinese cyber exploitation problem – especially coming on the heels of Mandiant’s Report on China’s extensive cyber espionage, and at about the same time as this morning’s WP story that “almost all” of Washington’s “powerful … institutions have been penetrated by Chinese cyberspies” – the Strategy is a disappointment. Law enforcement and educational tools are useless as a response to hackers residing in China. And unless the diplomatic and trade law tools are ratcheted up to near-trade-war levels – which the Strategy does not propose, and which I seriously doubt will happen – they are almost certain not to have much of an impact on the problem of Chinese cyber exploitation, especially if, as the USG maintains, the Chinese are reaping such huge rewards from cyber theft.
In addition, as Adam Segal, the best China Cyber watcher, explained a few weeks ago, the Chinese aren’t reacting as hoped to the USG shaming strategy:
Several commentaries and an article in the People’s Daily all suggest that Beijing is not reacting to the public announcements with anything approaching shame. In fact, they all portray the claims as part of an effort to discredit China and distract from the offensive actions the United States is taking in cyberspace. The People’s Daily notes that while the United States is portraying itself as the “patron saint of the free Internet” it has plans to expand U.S. Cyber Command fivefold. He Hui, deputy director at the Communication University of China, argues that the claims about Chinese hacking are getting tiresome and in fact serve three alternate purposes: they raise suspicion about China’s rise in the United States and the rest of the world; help raise defense budgets, especially for cyber weapons; and justify protectionist trade measures against Chinese firms that are beginning to challenge the big American companies.
In analyzing international relations, it is often fruitful to see problems from the adversary’s perspective. As Segal’s post suggests, and as China’s reaction this week confirms, from China’s perspective, the USG – with its redoubtable National Security Agency, its newly established Cyber Command, its documented successes in true cyberattacks, its publicly announced plans to enhance significantly its cyber capabilities (including offensive capabilities), its commitment to preemptive offensive measures to check serious cyber threats, and its aggressive policy of promoting online censorship-defeating tools (which the Chinese government sees as a core attack on Chinese sovereignty) – is at least as big a bully on the block.
The United States and China have for a while been engaged in a cyber arms race of sorts (though the “weapons” are various). It is an especially dangerous arms race because of its vast potential scope and because it is taking place almost entirely in the shadows. I don’t have any great solutions to the problem (compare this novel proposal by Stewart Baker, which is interesting but does not consider how China might retaliate), and my criticisms of the administration should definitely be seen in that light. But I feel pretty confident that unless and until we seek to better understand and (to some degree) to accommodate cybersecurity problems as the Chinese see them – a step that would be contrary to many American values, and thus something I do not expect to happen anytime soon – the arms race will continue, unabated, and not obviously to our net benefit.