The U.S. Needs to Take a Firm Stand Against China on Cyber Attacks

Last Thursday, United States officials revealed that they believe Chinese hackers were responsible for the May cyber attacks on U.S. federal agencies. The attacks compromised the personal information of more than four million current and former government workers. China responded by dismissing such accusations as “groundless” and “irresponsible,” stopping just short of ensuring that China does not condone cyber attacks. “We are very firm on this,” said China’s Foreign Ministry Spokesman Hong Lei. This is just the latest incident in a back-and-forth saga between the U.S. and China when it comes to cyber crimes.

Lei’s statement may not have been completely truthful. In May 2014, Lei released a similar response to the Justice Department’s indictment of five Chinese hackers for cyber crimes against five U.S. companies and a labor union in the steel, solar, and nuclear-power industries. According to the Guardian, “China’s foreign ministry called the allegations preposterous and accused the U.S. of double standards.” But the accused in the 2014 case were members of China’s People’s Liberation Army. In other words, their attacks do represent China engaging the United States. It is evident that the U.S. must take a firm stand against China’s aggression. Nevertheless, there are numerous challenges and implications to consider on that front.

For one, China’s assertion that the U.S. resentment of Chinese attacks represents a double standard is justified. Edward Snowden’s release of NSA files unveiled a surveillance program that spanned numerous countries, including China. In March of last year, Snowden leaked another document exposing the NSA’s penetration into the networks of Chinese telecommunications giant Huawei Technologies in search of evidence that the company was involved in espionage operations for Beijing. This complicates how far the U.S. can go to condemn China’s actions in the cyber sphere.

The potential costs of engaging China in cyber warfare are massive. Cyber attacks can threaten the control systems of dams, water-treatment plants, and power grids, compromise sensitive information stored on government networks, and access video surveillance cameras. Electronic door locks, elevators, and even life-sustaining medical devices are vulnerable to cyber attacks. While the U.S. rarely has to worry about war in its territory, in the cyber realm, physical boundaries are irrelevant. The statistics regarding the cost of cyber crimes are staggering. The Center for Strategic and International Studies estimates the annual cost of cybercrime and economic espionage to the world economy at $375-575 billion. Telecommunications giant IBM claims that there were 1.5 million monitored cyber attacks in the United States in 2013 alone. In a “60 Minutes” interview, FBI Director James Comey said, “There are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese, and those who don’t know they’ve been hacked by the Chinese.”

Political action is fraught with challenges, too. China, with its massive population and rapidly developing economy, lends itself to lucrative opportunities for American corporations. Consequently, the Chinese and U.S. economies are closely intertwined. According to the CIA World Factbook, China ships 17 percent of its exports to the U.S. and is the largest foreign holder of U.S. Treasury bills, bonds, and notes. So, the government response to Chinese cyber attacks cannot deter China from doing business with American corporations. Germany’s cancellation of its longstanding contract with Verizon following Snowden’s NSA leaks serves as a cautionary tale, and the fact that most major Chinese corporations are government owned only further complicates the issue.

So, the U.S. government is left with few options. One thing it can do is encourage the development of cyber technology. The government should support programs such as the DARPA Cyber Grand Challenge, a competition aimed towards creating an automated cyber defense system, and incentivize the best cyber experts to work with the government by providing resources and appropriate compensation.

More importantly, the government needs to send the message that attacks on American networks will not be tolerated. This could mean under-the-table threats of retaliation to avoid negative media attention. Fear of retaliation should deter Chinese attacks, and if attacks persist, the government can deny visas to Chinese citizens, limit military ties, or implement economic sanctions. It is important to keep the campaign low-key and ensure that economic sanctions do not incite an aggressive Chinese response.

Examples of the United States asserting itself following a breach of security are littered throughout history; the U.S. defeat of Japan following Pearl Harbor and the assassination of Osama bin Laden following 9/11 demonstrated that we are not afraid to track down and engage our enemies. It is time to assert our status as the world’s leading superpower once again.

Hyunjae Ham

Hyunjae Ham is a member of the University of Maryland Class of 2015 and a Law Street Media Fellow for the Summer of 2015. Contact Hyunjae at staff@LawStreetMedia.com.