The Office of the National Counterintelligence Executive released a report on foreign economic and industrial espionage today. The top two suspects are no surprise: Russia and China, with Chinese hackers taking the prize as the “world’s most active and persistent perpetrators of economic espionage.” Chinese intelligence services as well as private companies are said to conduct spying operations and the list of sectors they are interested in is long: information technology; oil and other natural resources; clean energy; health care systems and pharmaceuticals; as well as military information, in particular maritime systems, unmanned aerial vehicles, and space and aviation.
The New York Times story notes that U.S. government officials “took pains” to alert journalists that the report explicitly named China and Russia. Officials are usually more circumspect, offering something more like, “well it is always hard to say where a cyberattack originated from, but if we’re talking on background: yes, most attacks come from China and Russia.”
Can we call two events a trend, or a change in policy? At the beginning of October, House Permanent Select Committee on Intelligence Chairman Mike Rogers called Chinese economic cyber espionage “a massive and sustained intelligence effort by a government to blatantly steal commercial data and intellectual property.” Is this the beginning of more comprehensive efforts by the government to draw a line in the sand, to use public pronouncements to get the Chinese government to rein in the attacks?
When I was in the United Kingdom last month, I heard an interesting historical parallel. In the 1980’s, Britain expelled 104 Soviet spies sending the signal that espionage had reached “an unacceptable level that could no longer be tolerated.” This did not stop spying but limited it and so contained the risks. Of course, cyber hackers sit in China and so cannot be expelled. And they are stealing massive volumes of data in hours or minutes. But can these public announcements act similarly as “exposure operations” and perhaps limit the attacks? Can we expect a more direct statement, from State or the White House?
The report itself is fairly pessimistic. Attacks will continue because of technological and economic change (more mobile devices and move to cloud), the globalization of science and technology, and the continued interest of Russia and China in U.S. secrets. I think the report is probably right.