CybersecurityFollowing indictments, China’s military reduces its commercial cybeespionage against American companies

Chinese military officers indicted by U.S. // Source: brookings.edu

The People’s Liberation Army (PLA) has reduced its cyberespionage activity targeting American companies since five PLA officers were indicted by the Department of Justice in May 2014 (see “A first: U.S. indicts Chinese military officials for cyber-theft of U.S. companies’ industrial secrets,” HSNW, 20 May 2014).

“The big picture is that from 2014 on, the administration pursued a much more direct and coercive approach with China, and it has produced results over time,” Evan S. Medeiros, a former senior director for Asian affairs on the National Security Council, told the Washington Post.

“For a period of time following the indictments, there was a very significant decrease [by the PLA]. And today we are definitely not at the level that we were before the indictments,” revealed a U.S. official on condition of anonymity.

The Post notes, however, that as the United States and China were preparing for high-level cyber-talks in Washington earlier this month, officials and private-sector analysts say that China’s civilian spy agency, the Ministry of State Security, has not slowed down its commercial espionage operations.

During a state visit in September, Chinese president Xi Jinping pledged to President Obama that China would not engage in economic cyberspying to benefit its own companies.

“China strongly opposes and combats the theft of commercial secrets and other kinds of hacking attacks,” Xi said during the visit.

Experts say that it is yet to be seen whether the Chinese president will deliver on this pledge.

The Obama administration closely monitors China’s cyber activities to ensure that the Chinese adhere to all the commitments that were made, and see whether the changes China does make are real changes or merely tactical moves.

The National Security Agency and the FBI have been tracking Chinese cyber activity, but these agencies were not the first to expose the Chinese cyberespionage to the world. Mandiant, a cyber-threat intelligence firm, released a report which described in detail how hackers with the Shanghai-based Unit 61398, part of the PLA, conducted a wide-ranging industrial espionage campaign and described its targets, methods, and personnel (see “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013). DHS also released to companies a series of Chinese IP addresses so that these companies can safeguard their systems from the malicious activity.

In April, Obama signed an executive order calling for impose economic sanctions on individuals and entities that take part in or benefit from illicit cyber-activities such as commercial espionage. Analysts say that the executive order has contributed to the Chinese military quietly dismantling their espionage tools.

“The indictments had an amazing effect in China, more than we could have hoped for,” James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies, told the Post. “The Chinese hated them. They complained about them every time there was a meeting. They said there couldn’t be any progress [in cyber-talks, which the Chinese pulled out of] until the indictments were withdrawn and we promised not to do them again.”

Rob Knake, a senior fellow at the Council on Foreign Relations and a former White House cyber-official, agrees.“If the indictments had the effect of getting the PLA to scale down, then sanctions likely will have a wider effect on other Chinese state-sponsored groups,” Knake said.