Earlier this month, marking the 70th anniversary of the end of World War II, China showed off its military might in a grand fashion. The country pulled out all the stops as it paraded its latest fighter jets, amphibious tanks, and other advanced hardware for all to see. But one vital component of China’s military prowess wasn’t on display that day: its cyber war division.
According to a report by the Center for Strategic and International Studies released earlier this month, cyber warfare has become a key component in China’s military modernization. The country has used online incursions in its effort to become a global economic superpower, major regional military force, and key geopolitical influencer in the Pacific. And in the past five years, Chinese hackers may have been responsible for more than 600 successful hacks, says the National Security Agency (NSA). These include attempts to steal corporate and military secrets, as well as to gather data and information about America’s electrical power, telecommunications, and Internet infrastructure.
Now finally, the U.S. seems to be be saying ‘enough is enough,’ and has been reportedly been preparing sanctions against the country, even as Chinese President Xi Jinping prepares to meet with President Obama at the White House on Friday. The sanctions could ban businesses and even individuals from using the U.S. financial system.
“The sanctions being used as propaganda prior to the state visit by Chinese President Xi Jinping could be helpful to gain leverage during the discussions, but it was not prudent to announce these sanctions before his visit,” says Jay Marwaha, a long time Department of Defense intelligence contractor who is now CEO of SYNTASA, a D.C.-area firm that provides analytic tools originally developed for the government to enterprise customers looking to shore up their cyber security.
Marwaha believes that with the recent shakiness in China’s financial markets, the U.S. already had a stronger position prior to the state visit. Sanctions would be another ‘arrow in the U.S. Government’s quiver’ to weaken the Chinese economy, making it more difficult for the country’s businesses to utilize the U.S. financial system.
In the past, these same types of sanctions have been effective with North Korea—most recently in the case of the Sony Pictures (SNE) hack. However, one key difference is that those sanctions were essentially against North Korea’s military organizations. Any sanctions against the Chinese would likely be on businesses and individuals, creating new trade restrictions with the U.S.
But President Xi may have already gotten the message. In a speech to American business executives last night, he pledged to work with the U.S. in fighting cyber crime. Xi suggested that the Chinese government would not engage in commercial theft, and added hacking against government networks are crimes should be punished in accordance with laws and existing international treaties.
Effectively China and the United States have been negotiating what could be argued to be the first true arms control accord for cyberspace, and such a deal could safeguard critical infrastructure during peacetime. But it isn’t expected to cover other outstanding issues such as theft of intellectual property or data.
While not directly tied to the any new sanctions, some Chinese firms—notably Huawei and ZTE—have already been prohibited from selling their hardware and other products to the U.S. government over concerns that these firms essentially have been spying for the Chinese government. The Chinese government responded by banning purchases from Cisco, Apple and other tech firms.
Embargos and sanctions such as these could be the new norm in dealing with cyber warfare threats—especially since companies have no real teeth to fight back.
“It has become painfully clear that even the largest corporations are incapable of preventing state sponsored cyber attacks on their own,” says Nathan Sportsman, CEO of the Praetorian Group, which provides security assessment and advisory services.
For instance, corporations can’t exactly “hack back” against state-based incursions. The response would have to come from the U.S. government, Sportsman says. “While economic sanctions should not be considered a panacea, U.S. sanctions will provide a partial deterrence to the rampant cyber attacks that we are currently experiencing,” he says.
But the greatest challenge is often identifying the hacker. For this reason it could be argued that international hacking should be treated as a criminal activity, much in the way other international financial crime is now treated. And after last night’s comments, it appears that this is Xi’s thinking, too.
Prior to this week, this cyber cold war had seemed like a staring match, with China waiting to see if the U.S. government would move first, and keeping quiet to see how serious the response would be. But last night, China blinked first and based on Xi’s words, its clear that the threat of sanctions alone might have been enough to convince the Chinese that cyber crime doesn’t pay.