The US government has charged five Chinese PLA officers with economic espionage in a case filed in the Federal court on May 19, 2014. The charge is based on evidence collected by Mandiant over a period of two years. The Chinese are accused of hacking and stealing information – intellectual property – from a number of US companies to benefit Chinese industry. The US government is said to have discussed this internally at the highest levels, including the President, before confronting the Chinese government through the legal suit against its military officials. The Americans claim that diplomacy over the last of couple of years had failed – Hillary Clinton had gone hyper on this issue after Google raised its voice against the Chinese spying on its servers, and those of some other companies. Criminal action on cyberspying was the next best option. This signals a major change in Obama administration’s strategy.
But what do the Chinese say? They say that China is a victim of the US National Security Agency (NSA) espionage, by virtue of the agency’s global surveillance program, since 2009. The Chinese Defence Ministry, in a statement on May 20, 2014 said that, “from Wikileaks to the Snowden incident, the U.S. hypocrisy and double standards on the issue of network security have long been obvious….China’s military forces have suffered severely from such U.S. actions.”
China says that the US “has been conducting cyber intrusion, wiretapping, and surveillance against Chinese government departments, institutions, companies, universities, and individuals.” Snowden revelations began in June 2013, only two days before the US and Chinese presidents were to meet in California to discuss cyber security, among other things. The US offensive and high moral ground on espionage suddenly got punctured. The Chinese see no difference between the US surveillance and spying for counterterrorism versus Chinese economic espionage, since they believe that the former aids the US government gain an upper hand in trade negotiations, which in turn helps it grow its economy. The distinction between foreign intelligence for national security and economic competitiveness is lost simply because the former deals with bulk data that does not exclude economic spying by the US.
There is ample evidence based on Snowden revelations of the US NSA surveillance program. For example, according to a Reuters report from January 26, 2014 (“Snowden says NSA engages in industrial espionage: TV”) the NSA does not limit its espionage to issues of national security. To quote Snowden: “If there’s information at Siemens that’s beneficial to U.S. national interests – even if it doesn’t have anything to do with national security – then they’ll take that information nevertheless.” Brazil’s Petrobas too has been the object of commercial spying by the NSA, with data possibly shared with Canada for competitive bidding. Moreover, Brazil president and Germany chancellor have been victims of political espionage along with scores of foreign missions, which led to the UN General Assembly passing a Privacy Resolution in December 2013.
China has predictably retaliated. It has called off the next meeting of the Working Group on Cyber Security that was set up last year after John Kerry’s visit to China, and it had met in July, 2014. It has also taken steps like banning the use of Windows 8 in its government departments, asking banks not to use IBM machines, accusing Cisco of cooperating with the NSA in spying. Is it the beginning of a Cyber Cold War?
The US, on the other hand, claims that hundreds of its computers have been hacked by the Chinese since 2002, including penetration of its critical infrastructure such as electric utilities. In a couple of books on cyber security, spectre of electric power outage in major American cities as a result of cyber attacks by the Chinese has been linked to stand off between American and Chinese warrior ships in South China Sea, has been raised in future scenarios and war games. It is the national security dependence on cyber security that is driving the strategy and policy after the US declared the cyberspace as the fifth domain, which needs to be protected at par with other four domains. Several studies over the last few years have pointed out that it is the economic security of the US that is getting undermined since its intellectual property is stolen through cyber espionage. Years of R&D, billions of dollars of investment, patents, and copyrights stand to be eroded by a successful cyber attack. The adversary can use all of those to get a march on technology without having to invest in research to innovate.
The western media has reported stories of Chinese espionage. The final proof came in the Mandiant report of February 2013; it provided evidence linking hackers to PLA 61398. The US started raising this in its bilateral discussions with China, leading to the establishment of cyber security working group. But then Snowden changed everything. Recent revelations that Cisco routers, as early as 2010, were being intercepted by the NSA who were installing backdoors before the routers were repackaged and shipped out, prompted John Chambers, CEO of Cisco to write to the US President on May 15, 2014. In his letter to the President, Chambers wrote, “this issue affects an entire industry that depends on our global supply chain and global shipments… if these allegations are true, these actions will undermine confidence in our industry and the ability of technology companies to deliver products globally.” He further urged the President that “we need… a new set of ‘rules of the road’ to ensure that appropriate safeguards and limits exist that serve national security objectives, while at the same time meet the needs of global commerce.”
It is clear that such equipment with backdoors (if this is proven to be true) shipped to all parts of the world, including India, is putting us under NSA surveillance. However, we have done no study to understand the extent that our systems, networks, companies, government departments, military have been subject to spying. The China Academy of Cyber Space released a report entitled “America’s Global Surveillance Record”, which concluded that “America’s spying operations have gone far beyond the legal rationale of “anti-terrorism” and have exposed the ugly face of its pursuit of self-interest in complete disregard for moral integrity.” It is time we put the Chinese observation in appropriate context along side John Chambers’ letter to the President, so as to draw rules of the road for limits to surveillance in the name of counterterrorism.
Dr. Kamlesh Bajaj is CEO, Data Security Council of India – a NASSCOM initiative. He was the founding director of CERT-In, Government of India.