mead cohen berger shevtsova garfinkle michta grygiel blankenhorn
Cyber Insecurity
All Quiet on the Cyber Front?

Confirming a recent report from cybersecurity firm FireEye, U.S. Assistant Attorney General John Carlin says China has cut back its cyber espionage efforts. His remarks suggest that last September’s agreement between Washington and Beijing that neither would support cyber theft of intellectual property may have been successful. Reuters reports:

U.S. Assistant Attorney General John Carlin said on Tuesday that Chinese hacking activity appears to have declined since the Chinese government vowed last September to stop supporting the hacking of U.S. trade secrets.

The assertion supports findings released earlier this month from cyber security firm FireEye that breaches attributed to China-based groups had plunged by 90 percent in the past two years.

“Generally, people have seen a change in activity,” Carlin said at the Center for Strategic and International Studies think tank in Washington.

While a decline should be cause for some optimism, any attack at all still constitutes a violation of last year’s agreement. Moreover, it is uncertain whether the drop itself is the result of a diplomatic handshake or due to changes which predate September.

Moreover, these reports may not have captured evolving Chinese cyber operations according to Bloomberg:

“It’s extraordinarily difficult to verify if that drop is real,” said Bob Stasio, a former member of the National Security Agency’s offensive cyber unit and a fellow at the Truman National Security Project. “It’s very easy to hide much of that activity by shifting it to the private sector, universities or unaffiliated actors.”

Even if the overall number of attacks has dropped as reported, the focus is shifting toward high-value tech companies. From April to May, three groups compromised the networks of four semiconductor companies based in the U.S., Europe, and Asia. This is just another reminder that incentives for intellectual property theft are as high as ever as China scrambles to move up the value chain in its increasingly tumultuous transition away from an industrial economy.

These factors may explain why defense officials have been careful not to declare victory. There have been lulls in cyber attacks before, and officials continue to remind Congress and the public that U.S. capacity to mitigate even a waning Chinese cyber pressure is still far from adequate.

Indeed, Washington has retaliate against Beijing-backed cyber espionage not only with stern words but also with prosecutions and even hints of sanctions. The change in approach may also have caused China to back down, at least for the moment. But considering escalating tensions on other fronts, it seems questionable that this decline in cyber attacks will persist. What is more certain is that complacency after a relative peace forged by non-binding diplomacy would be a grave mistake.

Features Icon
Features
show comments
  • Jim__L

    “It’s extraordinarily difficult to
    verify if that drop is real,” said Bob Stasio, a former member of the
    National Security Agency’s offensive cyber unit and a fellow at the
    Truman National Security Project. “It’s very easy to hide much of that
    activity by shifting it to the private sector, universities or
    unaffiliated actors.”

    Or, they may just have gotten better at it so we’ve stopped noticing. An order-of-magnitude drop could be consistent with the discovey of a few new Best Practices. If there’s an uptick in private sector, university, or unaffiliated cyber espionage, that would support his initial claim.

  • FriendlyGoat

    There is not much reason to think the range of cyber-mischief even CAN level off or decline, much less that it HAS or ever WILL. Was it Mark Cuban who said “there are two kinds of companies, those which have been hacked and those which don’t know they have been hacked”?

    • Jim__L

      It’s an arms race, measure and countermeasure, like anything else. Doing what’s right for America involves staying ahead in the race.

      The radically optimistic assessment of the data presented above is that our countermeasures have become ten times more effective.

      Unless the drop the article saw is across the board, that’s highly unlikely.

      • FriendlyGoat

        Like the other arms race, the offensive and defensive weapons get bigger and better. It’s hard to believe, though, that the race ever even slows down. I would think that the lives of system-security people are fraught with worry every minute whether they are in government or private business.

© The American Interest LLC 2005-2016 About Us Masthead Submissions Advertise Customer Service