The Scope of the Problem
China is the world’s top perpetrator of commercial cyberespionage. Cyberspying usually focuses on trade secrets—financial, business, scientific, technical, economic, or engineering information that is more valuable because it is private. Patent, copyright, trademark, and technical data information are stolen as well. Chinese cyberthieves have targeted thousands of US companies encompassing almost all industries, including telecommunications, energy, and transportation. The Chinese government is heavily involved in its economic development; state-owned enterprises dominate important sectors of its economy, and its biggest companies are government-owned. Based on this knowledge, many analysts believe that much Chinese cyberespionage is government-directed or at least government-approved. A statement released by the US director of national intelligence in February 2016 reported that state-sponsored cybertheft has not been verified.
Cyberespionage worries American citizens as well as the US government and American corporations. A survey conducted by the Pew Research Center in Spring 2015 found that 86 percent of Americans see cyberattacks from China as a very serious or somewhat serious problem. In a separate response to the survey, Americans named cyberattacks from other countries (China was not specifically named) as the second greatest threat to the US.
Why Chinese Cyberespionage Occurs
Most analysts say that China’s commercial cyberespionage stems from its desire to rapidly transform its economy from an emphasis on low-tech, environmentally polluting manufacturing to a focus on global innovation. For example, China’s 2016–2020 five-year plan focuses on science and technology, emphasizing telecommunications and computers, medical research, robots, and clean use of coal. However, conducting research and development in order to innovate takes time. By illegally acquiring technological know-how that others have developed, China can move ahead more quickly.
One strategy Chinese companies use is to form a partnership with an American company to acquire the technology they need. For example, a US wind turbine manufacturer, American Superconductor, partnered with Sinovel, a Chinese company that is partly government-owned. Sinovel made the turbines, while American Superconductor developed the software controlling them. Using an employee who transferred information and also malware (software designed to damage or disable computers), Sinovel stole this proprietary software. The theft cost American Superconductor more than $1 billion in share value. Another tactic is for China to require foreign firms to transfer technology to a Chinese partner in order to do business in China. When China joined the World Trade Organization (WTO), it pledged not to require this. However, many US firms say that Chinese firms often break this pledge. When US companies outsource research and development to Chinese facilities, too, opportunities arise for cyberespionage.
Commercial cyberespionage is ubiquitous because it is easy to accomplish. Most idea development takes place in cyberspace, and almost all data is stored there. By downloading, cyberspies can easily and quickly gather huge amounts of information. With cloud computing and smartphones, employees who cyberspy can access data anytime and anywhere. Another reason cyberespionage is popular is because it is difficult to trace to its source. Perpetrators may share tools, and companies may outsource the spying to independent contractors or route operations through other countries. Chinese hackers also use malware that, when opened, allows them to access secret information.
A related though not identical issue to commercial cyberespionage is China’s lack of intellectual property rights enforcement. The US government’s Congressional Research Service (CRS) estimates that China accounts for $240 billion yearly of global intellectual property rights (IPR) theft, or 80 percent of the total. In 2015, 70 percent of software used in China was unlicensed. Effective enforcement of IPR in China could increase American employment in intellectual property fields by nearly a million jobs, according to the CRS. Some piracy of American IP occurs because the Chinese government restricts citizens’ access to non-Chinese movies, music, video games, and other entertainment, so Chinese citizens find ways to acquire such items illegally.
US Actions in Response to Chinese Cyberespionage
In 2013, a private US information security company revealed systematic, widespread cyberespionage by a group linked to the Chinese military, and thus the Chinese government. The group stole information from 141 companies covering 20 industries. Five army officials from this group were indicted by the US in May 2014 for stealing valuable trade secrets from steel, nuclear power, and solar power firms. Although the US has successfully prosecuted individual Chinese citizens for cyberespionage before, this was the first time it had charged a foreign country.
In April 2015, President Barack Obama issued an executive order authorizing sanctions against cybercriminals. Before Chinese president Xi Jinping visited the US in September 2015, the American press reported that the White House was preparing a comprehensive list of sanctions. During Xi’s visit, Obama and Xi agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” Chinese and American representatives will continue to meet twice a year regarding cyber issues. The US has not imposed sanctions. After Xi and Obama’s agreement, China made similar agreements with England, Germany, and other nations in the G-20 group of powerful economies.
Since then, Chinese cyberspying appears to have markedly decreased. However, some experts contend that the agreement fails to define “hacking” or “commercial.” They also assert that it is unenforceable because identifying cyberspies is very difficult and that China has inadequate legal and enforcement systems to stop cybertheft. The 2016 statement from the US director of national intelligence reports that cyberespionage is continuing to occur in countries including China, citing “the relatively low costs of entry, the perceived payoff, and the lack of significant consequences.” The director affirmed that China’s compliance with the 2015 agreement will be monitored.
The recent trade war between the United States and China in which both countries increased the tariff on the imports may have roots in the cyberespionage.