Published daily by the Lowy Institute

Cyber espionage and US-China relations: The world's biggest candy store

Cyber espionage and US-China relations: The world's biggest candy store

Don't believe anything you read on the cyber espionage spat between US and China. Depending on who's talking, the US is a 'thief crying stop thief' and a 'mincing rascal'; or China's 'scale of commercial hacking is immense', perhaps the 'greatest transfer of wealth in history'.

After attending several conferences on this topic, including one recently held at RSIS, the one thing I can say confidently is that the public must know only a fraction of what's really going on. That may sound nihilistic, but keep reading, because despite the secrecy, the broad outlines of 'cyberwar' are becoming troublingly clear.

For a start, the dispute bodes poorly for US-China relations. The very nature of cyber espionage — its potency, low cost and complete deniability — makes it especially corrosive to strategic trust. Expect retaliation for the US Department of Justice's indictment of five uniformed PLA officers. The legal logic in prosecuting the case so publicly is debatable, and Washington is straining to make the distinction between commercial and military or political espionage.

China dismisses that argument as a sly artifice. After all, commercial espionage has been a fact of economic development since ancient times, including by the US itself. The Americans contend that '(we) stole books; China steals libraries'. But why the surprise at the scale of this activity? China graduates at least 4 million engineers annually; they need jobs. Beijing does not feel beholden to 'rules of the game' it views as hypocritical. That China systematically collects information, both open source and classified, has been well understood for years. In fact, given the PRC's style of capitalism, it would be amazing if were not undertaking massive state-sponsored cyber-espionage.

Ideally we should draw boundaries between commercial and political conduct; no country openly advocates state-backed commercial theft. But when the South China Morning Post editor (a member of the Chinese Communist Party) states that 'in modern rivalry, security and economic strength are more interdependent than ever...espionage is espionage', he makes a dangerous case. He is acknowledging that business faces unrestricted competition with the Chinese party-state. Caveat emptor.

The US is not blameless. [fold]

Its government agencies designed the architecture of the internet, including that crucial quality of non-attribution. They performed numerous other exploits to their advantage. By going online, America created the world's biggest (virtually free) candy store. Now it finds the tables turning. Beijing is moving to replace American firms with home-grown IT champions. We face the 'balkanisation' of the internet and techno-nationalism. Beijing is so serious that Xi Jinping himself oversees cyber-security. As the Financial Times says, 'Chinese experts see the US indictment…not as confirmation Beijing should cease its activities, (but as) a wake-up call for China to enhance its capabilities to compete with the US'.

Edward Snowden's leaks were gasoline on the bonfire. China was already well aware of the Americans' prowess and has been encouraging an indigenous high-tech industry for years; the Huawei fuss is just the visible manifestation of a fierce secret struggle over network vulnerability. If US lawmakers worry about 'backdoors', then perhaps Chinese officials should too? But the faux Chinese outrage at the NSA aside, the real hit to US credibility would come if neutrals like India and Brazil decided to build their own infrastructure, or if they decided that Chinese kit is more trustworthy than American products.

Snowden has undeniably done huge damage to the NSA but he has served the public by highlighting the use of its mass surveillance techniques. He has confirmed that his own government (there won't be a Chinese whistleblower) continues a tradition of snooping. Look up the HT/LINGUAL operation in the 1960s. Who thought the US government would stoop to opening millions of letters in the US postal service? Evidently, the USSR didn't. It's a long time since 'gentlemen don't read each others' mail'.

When Australian government officials come to Hong Kong, they're advised against bringing their computers and phones. Law firms here have 'electronic cloak rooms' where all devices used in China and Russia must be disassembled and the hard drives destroyed. Japanese and Korean firms bring their own home-country maintenance crews into China to service critical equipment. And the Financial Times recently published a fascinating piece on the elaborate precautions German technicians take in China. Do they take the same precautions when they visit their factories in Alabama?

Smart companies understand the need to guard their technology. This is an exercise in corporate responsibility and self-defence. Rather than embarrassing Chinese officers for doing their jobs, however sloppily, the US might instead 'name and shame' the companies involved for lax internet defence. The SEC is already moving in this direction.

Nothing online is safe. Vladimir Putin gets it. He's unplugged.

You may also be interested in