Confirming a recent report from cybersecurity firm FireEye, U.S. Assistant Attorney General John Carlin says China has cut back its cyber espionage efforts. His remarks suggest that last September’s agreement between Washington and Beijing that neither would support cyber theft of intellectual property may have been successful. Reuters reports:
U.S. Assistant Attorney General John Carlin said on Tuesday that Chinese hacking activity appears to have declined since the Chinese government vowed last September to stop supporting the hacking of U.S. trade secrets.
The assertion supports findings released earlier this month from cyber security firm FireEye that breaches attributed to China-based groups had plunged by 90 percent in the past two years.
“Generally, people have seen a change in activity,” Carlin said at the Center for Strategic and International Studies think tank in Washington.
While a decline should be cause for some optimism, any attack at all still constitutes a violation of last year’s agreement. Moreover, it is uncertain whether the drop itself is the result of a diplomatic handshake or due to changes which predate September.
Moreover, these reports may not have captured evolving Chinese cyber operations according to Bloomberg:
“It’s extraordinarily difficult to verify if that drop is real,” said Bob Stasio, a former member of the National Security Agency’s offensive cyber unit and a fellow at the Truman National Security Project. “It’s very easy to hide much of that activity by shifting it to the private sector, universities or unaffiliated actors.”
Even if the overall number of attacks has dropped as reported, the focus is shifting toward high-value tech companies. From April to May, three groups compromised the networks of four semiconductor companies based in the U.S., Europe, and Asia. This is just another reminder that incentives for intellectual property theft are as high as ever as China scrambles to move up the value chain in its increasingly tumultuous transition away from an industrial economy.
These factors may explain why defense officials have been careful not to declare victory. There have been lulls in cyber attacks before, and officials continue to remind Congress and the public that U.S. capacity to mitigate even a waning Chinese cyber pressure is still far from adequate.
Indeed, Washington has retaliate against Beijing-backed cyber espionage not only with stern words but also with prosecutions and even hints of sanctions. The change in approach may also have caused China to back down, at least for the moment. But considering escalating tensions on other fronts, it seems questionable that this decline in cyber attacks will persist. What is more certain is that complacency after a relative peace forged by non-binding diplomacy would be a grave mistake.