Monday, August 31, 2015

U.S. Plans Sanctions for Chinese Cyberthefts Washington Post

U.S. developing sanctions against China over cyberthefts

   
The Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government’s cybertheft of valuable U.S. trade secrets.
The U.S. government has not yet decided whether to issue these sanctions, but a final call is expected soon — perhaps even within the next two weeks, according to several administration officials, who spoke on the condition of anonymity to discuss internal deliberations.
Issuing sanctions would represent a significant expansion in the administration’s public response to the rising wave of ­cyber-economic espionage initiated by Chinese hackers, who officials say have stolen everything from nuclear power plant designs to search engine source code to confidential negotiating positions of energy companies.
Any action would also come at a particularly sensitive moment between the world’s two biggest economies. President Xi Jinping of China is due to arrive next month in Washington for his first state visit — complete with a 21-gun salute on the South Lawn of the White House and an elaborate State Dinner. There is already tension over a host of other issues, including maritime skirmishes in the South China Sea and China’s efforts to devalue its currency in the face of its recent stock market plunge. At the same time, the two countries have deep trade ties and the administration has sometimes been wary of seeming too tough on China.
But the possibility of sanctions so close to Xi’s visit indicates how frustrated U.S. officials have become over the persistent cyber plundering.
The sanctions would mark the first use of an order signed by President Obama in April establishing the authority to freeze financial and property assets of, and bar commercial transactions with, individuals and entities overseas who engage in destructive attacks or commercial espionage in cyberspace.
The White House declined to comment on specific sanctions, but a senior administration official, speaking generally, said: “As the president said when signing the executive order enabling the use of economic sanctions against malicious cyber actors, the administration is pursuing a comprehensive strategy to confront such actors. That strategy includes diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities that engage in certain significant, malicious cyber-enabled activities. The administration has taken and continues to introduce steps to protect our networks and our citizens in cyberspace, and we are assessing all of our options to respond to these threats in a manner and timeframe of our choosing.”
China is not the only country that hacks computer networks for trade secrets to aid its economy, but it is by far the most active, officials say. Just last month, the FBI said that economic espionage cases surged 53 percent in the past year, and that China accounted for most of that.
The expected sanctions move will send two signals, a second administration official said. “It sends a signal to Beijing that the administration is going to start fighting back on economic espionage, and it sends a signal to the private sector that we’re on your team. It tells China, enough is enough.”
The sanctions would be a second major shot at China on the issue. In May 2014, the Obama administration secured indictments on economic spying charges against five Chinese military members for hacking into the computer systems of major U.S. steel and other firms.
“The indictments were a strong move,” said Rob Knake, a former White House cyber official and currently a senior fellow at the Council on Foreign Relations. “This is going to be an even stronger move. It’s really going to put China in the position of having to choose whether they want to be this pariah nation — this kleptocracy — or whether they want to be one of the leading nations in the world.”
Some officials within the government urged caution, arguing that sanctions would only create unnecessary friction. But everyone is on the same page now, officials said.
“Let’s be honest, I can see the White House saying, ‘Let’s not do [sanctions] while the head of state is here,” one administration official said. “I can see maybe they’d shift the timing by a few days . . . but I can’t imagine they’d shift the overall decision.”
In particular, officials from national security agencies, as well as at Treasury, which is the lead agency on economic sanctions under the executive order, have been eager to push ahead. The administration’s goal is to impose costs for economic cyberspying. And the best strategy for doing that, officials said, is to use a variety of tools — indictments, sanctions, maybe even covert cyber actions.
Sanctions alone likely will not change China’s behavior, some officials said. “Done in tandem with other diplomatic pressure, law enforcement, military, intelligence, then you can actually start to impose costs and indicate that there are costs to the bilateral relationship,” the first official said.
Some experts warn, though, that there are risks attached to imposing sanctions.
If sanctions are imposed, “I’d say the chances of Chinese retaliation are high,” said Jeffrey A. Bader, Obama’s principal adviser on Asia from 2009 to 2011. But, he said, “if a Chinese company was a beneficiary of stolen intellectual property from an American company, and the evidence is clear cut, then actions or sanctions against that Chinese company strike me as appropriate.”
While some officials fear that China might retaliate by discriminating against U.S. companies or freezing them out of contracts or markets, other officials counter that China has long discriminated against foreign companies, including U.S. firms, restricting access and procurement opportunities to create protected markets for domestic companies and instituting polices that require companies to turn over technology and intellectual property as a condition of doing business there.
The executive order authorizes the Treasury secretary, in consultation with the attorney general and secretary of state, to impose the sanctions on companies, individuals or entities that have harmed national security, or the nation’s economy or foreign policy. It’s not clear how many firms or individuals will be targeted, though one official said the Chinese firms would be large and multinational. Their activity must meet one of four “harms”: attacking critical infrastructure, such as a power grid; disrupting major computer networks; stealing intellectual property or trade secrets; or benefiting from the stolen secrets and property.
It is that last prong, in particular, that has the potential to be quite effective, sanctions experts say. “Obviously, there’s no silver bullet,” said Zachary Goldman, a former policy adviser at the Treasury Department’s Office of Terrorism and Financial Intelligence and now executive director of New York University’s Center on Law and Security. But if the sanctioned companies are large and global, “they will effectively be put out of business.”
In practice, he said, most significant financial institutions refuse to do business with individuals who have been sanctioned by the United States. “So any company that’s been targeted under this authority,” he said, “will likely find it very difficult to participate in the international financial sector.”
The designations are being drawn up by a number of agencies, including the Treasury and Justice departments, the White House and the intelligence community. Evidence that the Justice Department has assembled over the past year or so in preparing possible indictments for economic espionage against Chinese companies and individuals is being used in support of the designations, officials said.
Sanctions provide government officials a greater ability to protect classified sources and evidence than a criminal prosecution might. But, analysts point out, there likely will be significant pressure on the administration to release as much evidence as possible to back up its designations to convince skeptics.
It is possible, some officials said, that entities or individuals from other countries besides China could be included in the sanctions package.
The sanctions would not be imposed in retaliation for China’s hacks of the Office of Personnel Management databases, which compromised the personal and financial data of more than 22 million current and former government employees and family members. The data heists, which took place last year but were discovered this year, were judged as having been carried out for traditional intelligence purposes — not to benefit Chinese industry.
Nonetheless, the severity of the OPM incidents helped convince wavering officials that firm action in the economic spying realm was warranted.
The U.S. government’s response to the personnel data hacks has been much more muted. Rather than a public naming and shaming, it is considering covert cyber action. Officials have hinted at this, saying they may be taking steps that are not public.
The administration plans to raise the issue of China’s behavior in cyberspace at the upcoming Obama-Xi summit, just as it has done at every major bilateral meeting. Cybersecurity is one of the top policy issues in the relationship, and also among the thorniest.
Ruan Zongze, a former Chinese Embassy official in Washington, said in a recent interview that separating economic from political espionage in cyberspace is “impossible.” He said: “It’s really difficult to tell one from the other.”
Ruan, vice president for the China Institute of International Studies, a think tank affiliated with the Chinese Foreign Ministry, said the two sides should talk about this. “Finger-pointing,” he said, “is not the best way.”
The relationship between China and the United States is large and complex. “There are going to be areas where we have cooperation and disagreement all at the same time,” the first U.S. official said. “That’s just the reality of the relationship. The economic espionage and cybersecurity issues are going to continue to be a major irritant to the bilateral relationship.”
David Nakamura, Steven Mufson and Alice Crites contributed to this report.
Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.
Get the Checkpoint Newsletter
Free twice-weekly updates delivered just for you.
 
337
 
Comments

No comments:

Post a Comment

Please leave a comment-- or suggestions, particularly of topics and places you'd like to see covered