OPM hack: US sanctions option

While the US’s tussle with China over cybersecurity often gets noticed because of the industrial espionage concerns,  the White House executive order designed to address economic espionage allows the US…

to sanction malicious cyber actors whose actions threaten the national security, foreign policy, or economic health or financial stability of the United States.

That could include the Office of Personnel Management hack. Yet the kind of data the Chinese are accused of accessing is plain ol’ vanilla details on 21.5 million US employees. Not the business plans and intellectual property theft that is outside the “norms” of accepted behavior in state sponsored hacking. If there is any takeaway on the US side, it seems to be how flawed the OPM’s security was.

OPMHow was the US be so complacent for so long? At some level, those in charge (including the White House) must have believed they had the luxury of working within a kind of vacuum of threats. The elites in Washington and everyone else are seeing that rather than a vacuum the US is in a kind of pressure-cooker. Call it, the new normal.

Former CIA, NSA director compares China’s cyberespionage on US to German submarine warfare during WWI, says its worse than Soviets during Cold War

General Michael Hayden, who has headed the NSA, uses some pretty alarming language in describing China’s cyber-espionage.

In the Australian Financial Review:

I believe the Chinese today are engaging in unrestricted espionage against the West that is comparable to the unrestricted submarine warfare waged by Imperial Germany in 1916. The intensity of Chinese espionage is certainly greater than that what we saw between the US and the Soviets during the Cold War.

The problem is China’s view is that industrial espionage by the state against relatively vulnerable private enterprise is a commonly accepted state practice. This is just unacceptable.

Industrial espionage by the Chinese has probably now become the core issue in the Sino-American relationship. It is not an irritant. It is not a peripheral issue. Believe me, I work closely with America’s congress and government, and this is now the dominant issue between the two countries, and runs the risk of undermining the entire relationship.

It’s worth considering the final line by Hayden. The problem with the issue is getting private sector companies to talk about the extent of the economic loss.

Another lingering issue is the lack of non-government contractors who are focusing on the challenges. Given the parasite-host relationship between government contractors and the US taxpayer, it would add to the credibility of the arguments if parties that didn’t stand to gain from a cyber war were speaking out about the situation.

Clearly the CSIS is a strong voice in the matter.

So far, the US has tried to use shame as a tool to get the Chinese to stop. We’ll see what difference it makes.

But comparing the effect of Chinese economic hacking to the events the submarine war that led to the sinking of the Lusitania is compelling.

However, at that time Germany was in a declared war with Britain and both sides were actively trying to degrade each others’ war machine by denying each other the imports they needed.

Between the US and China, there is no declared war. By day, in fact, it’s all about being partners for trade, when clearly this isn’t shaping up to be a win-win situation.

The US championed China’s entry into the WTO and gave it most favored nation status. But now, US economic information is plundered and fed into China’s economy.

Quite a contrast. 

Chinese businesses, executives involved in cyber espionage of US businesses targeted in bills in Congress

Republican congressman Mike Rogers wants to put prohibitions on Chinese products and executives linked to cyber-espionage, according this PBS report. The move would impose a high cost on the businesses that profit from trade secrets.

Republican Congressman Mike Rogers, the chairman of the House Intelligence Committee, has proposed legislation that would deny issuing visas to Chinese citizens involved in cyber-theft, and freeze their assets, too.

This is all about making sure that those actors that we can identify — and believe me we can identify them — they there is a cost for their cyber-espionage.

In the Senate…

Democratic Sen. Carl Levin and three Senate co-sponsors want to take the profit out of cyber-crime. They have introduced legislation that block products that use stolen intellectual property from entering the U.S. market.

The move to “hit people in their wallet” creating a “remedy that bites” could, if implemented, create all sorts of new issues – and even new markets. But as the BRICs economies rise, the question is, would the US be excluding itself from
beneficial trade. Or, would the US start down a path that would divide the global economy.

It’s possible that foreign countries that are also victim of China’s economic espionage would adopt the restrictions, as they can. In that scenario, you can see the balkanization of technology happening.

With swaths of Chinese designed routers, car components, and other high-end technology outlawed in the US, a new market would emerge for products that meet the criteria. 

Enforcement would be difficult too. But the fact that they are talking about this in the House and Senate shows the potential allure of such bans. It’s telling that both the bills sponsors are from Michigan – a manufacturing state – and one is a Republican while the other is a Democrat.

China hacking US universities – and hints at a new East-West normal

This might seem like a simple follow-on story to recent China-US hacking stories, but the NYTimes piece is really central to understanding what’s going on between China and the US. Yes, everyone is hacking everyone as the Snowden revelations make clear, but the threat of reams of intellectual property being siphoned off by China from the US is one of the biggest strategic worries in Washington because it could seriously undermine the US’s long term economic outlook. 

Two details of note in the NYTimes piece that may foreshadow the new normal, in which Western knowledge-workers dump their electronics upon leaving China, or don’t take them in the first place…

From NYTimes’ Richard Perez-Pena: 

Some universities no longer allow their professors to take laptops to certain countries, and that should be a standard practice, said James A. Lewis, a senior fellow at the Centre for Strategic and International Studies, a policy group in Washington. “There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you’ll take that computer back home and connect to your home network, and then they’re in there,” he said.


Last year, [The university of ] Wisconsin began telling faculty members not to take their laptops and cellphones abroad, for fear of hacking.


In other words, a future of ring-fenced, air-gapped technology, where, yes, it’s possible that tech people and academics would visit China and Russia armed only with paper and pen.