Cyber-espionage: Is industrial cyber-espionage the biggest threat to relations between America and China?

Against the motion

Minxin  Pei 

Director, Keck Center for International and Strategic Studies, Claremont McKenna College

In the context of Sino-American strategic distrust and the changing balance of power, geopolitical risks far outweigh specific acts motivated by commercial interests in setting the course of US-China relations.

The moderator’s opening remarks

 Vijay V. Vaitheeswaran

The notion that industrial cyber-espionage could be the biggest threat to relations between America and China would have seemed far-fetched until recently. Even if the problem was widespread, it was not much discussed.

All that has changed over the past few months. China’s vast, government-orchestrated effort at industrial cyber-espionage has gone from a dirty little secret to front-page news. The administration of President Barack Obama has made numerous angry denunciations in recent weeks of China’s industrial cyber-spying, and businesses and leading news organisations say they have been victims.

China’s government vociferously denies the allegations, especially those suggesting that the People’s Liberation Army is orchestrating such espionage. On the contrary, insist Chinese officials, it is America that is the most aggressive cyber-attacker and China but a victim.

During the course of this debate, we will be wrestling with the question of whether concerns over China’s use of industrial cyber-espionage will be merely a minor irritant in US-China relations or if they could prove to be the main source of friction between these great powers.

We are fortunate in having two formidable debaters on opposite sides of this tussle. Duncan Clark of BDA Consulting and Stanford University, a leading expert on China’s growing technological prowess, will argue in favour of the motion. He is likely to observe that the economic symbiosis that has long benefited both powers is being jeopardised by cyber-hacking. If evidence piles up that China’s government has been undermining that economic relationship through widespread cyber-theft designed to benefit its state-owned industries, he is likely to argue, that would undermine the most important economic relationship of the 21st century.

Minxin Pei, a respected China scholar at Claremont McKenna College, will probably cast a wider net in making his arguments. The US-China relationship has many areas of potential geopolitical conflict, for example the continuing war of words between China and Japan over the Diaoyu/Senkaku islands. If that conflict escalates, it threatens to bring America in too, given the US-Japan security alliance. Yes, cyber-hacking is a sore point, he is likely to say, but it surely pales in comparison to the threat of armed conflict between these superpowers.

Along the way, the debaters may well touch on questions of intellectual property rights and China’s capacity to innovate, America’s own secret history of cyber-hacking and its much-trumpeted “pivot” to Asia in its foreign policy.

Which of our gurus will win you over? Let the war of words begin.

The proposer’s opening remarks

Duncan  Clark 

While relations between the American and Chinese governments are rarely easy, and occasionally tense, the economic relationship between the two countries has proven remarkably robust. Over the past three decades, and especially since its entry to the World Trade Organisation in 2001, China has benefited from tens of billions of dollars of foreign direct investment from American companies and investors, and the associated development of human capital and technology transfer.

Many American companies have benefited greatly by shifting or outsourcing production to China. Rapid economic growth and urbanisation in China have also unlocked major infrastructure contracts and, especially in recent years, a burgeoning consumer market for American multinationals to tap. For a growing number of companies, China is now one of their most important markets. Being a leader in the global market often means being a leader in China, and vice versa.

Business is the bedrock of US-China relations. So it is all the more concerning to observe a crack appearing in this foundation: allegations of increasing, and increasingly sophisticated, cyber-espionage attacks that emanate from China and target the confidential business information and proprietary technologies of American companies. Cyber-attacks are nothing new. Rumours have been circulating in computer security circles and in the Western business community in China for years. But the increasing volume and sophistication of the alleged attacks have reached a level where American officials are now publicly voicing concerns that they endanger US-China relations as a whole.

Barack Obama highlighted cyber-security threats on March 14th in his very first call to China’s newly appointed president, Xi Jinping. Although he referred diplomatically to the issue as a “shared challenge”, in the State of the Union address the previous month President Obama stated “we know foreign countries and companies swipe our corporate secrets” and that “we cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy”. These remarks were echoed by the US Director of National Intelligence, which ranked cyber-attacks for the first time ahead of terrorism as the leading threat to US security.

In this context, in an important speech on March 11th Thomas Donilon, an American national security adviser, singled out China: “US businesses are speaking out about their serious concerns about … cyber intrusions emanating from China on an unprecedented scale.”

American executives may share their concerns with their government, but have little incentive to voice them in public given the consequences for the reputation, or share price, of their organisations. But public awareness of the threat of Chinese cyber-espionage has been growing since the release in February of detailed allegations by Mandiant, an American computer security firm. Its report details over 140 cyber-intrusions into the computer networks of American and other Western corporations or organisations which it alleges were conducted since 2006 by hundreds of employees working for Chinese military unit “61398” from a building in Shanghai.

It might be tempting to dismiss such attacks as common-or-garden, state-to-state cyber-espionage, especially when some of the companies targeted are American government departments or companies active in defence technologies, aerospace or advanced electronics. But the Mandiant report also details attacks in the health-care, entertainment and food industries. Specifically, Coca-Cola’s networks were allegedly hacked at the same time as the company was conducting its ultimately unsuccessful attempt to acquire the China Huiyuan Juice Group for $2.4 billion.

These attacks are indeed industrial, both in scale and in their ultimate beneficiaries. Although Mandiant does not provide explicit evidence of the connection, it would be odd if any sensitive commercial information successfully downloaded was not then handed over to those companies that could ultimately benefit the most: leading Chinese enterprises, principally state-owned.

With spiralling labour costs and serious environmental challenges, China urgently needs to move up the value chain and away from low-margin, high-polluting manufacturing. As Mr Donilon pointed out, both America and China recognise that intellectual property and trade secrets are vital to innovation and economic growth. But if China develops a dependency on cyber-espionage as the principal means to bolster its industrial performance, this will seriously undermine both US-China relations and China’s own capacity to innovate.

Already bloated from their monopolistic positions and preferred access to state-directed lending, state-owned enterprises’ dead weight on the economy could become unsustainable—creating trade tensions abroad but more importantly crowding out private-sector companies that are the key drivers today of employment, economic growth and emerging innovation in China.

It is time to blow the whistle. As Mike Rogers, chairman of the United States House Permanent Select Committee on Intelligence, commented recently: “Right now there is no incentive for the Chinese to stop doing this … If we don’t create a high price, it’s only going to keep accelerating.”

America and China are increasingly dependent on each other, and on the internet. For the sake of each country and the global economy, it is vital that the world’s largest and second largest economy work to build a new set of ground rules for how to deal with each other in cyberspace.

The opposition’s opening remarks

Minxin  Pei 

Allegations of China’s industrial cyber-espionage against American companies may have captured headlines in American newspapers and prompted angry calls to punish China on Capitol Hill, but it would be a gross exaggeration to claim that Chinese industrial cyber-espionage presents the biggest threat to US-China relations.

To be sure, industrial cyber-espionage attributed to China is a serious issue that has harmed ties between America and China. Such activities may have allowed China to obtain valuable technology and commercial secrets. But in the complex and multi-faceted US-China relationship, there are other factors that affect the tenor and nature of this relationship in a far more important and substantive way than industrial cyber-espionage.

Those familiar with US-China strategic rivalry probably would agree that China’s military modernisation, designed to counter America’s technological advantages and deny the unfettered access so far enjoyed by the American navy in the Western Pacific, is a far more contentious factor in US-China relations than industrial cyber-espionage. Another related development that has the potential of turning US-China relations in a far more adversarial direction is the much-hyped American “pivot to Asia”, which is supposed to result in the transfer of the bulk of America’s naval assets to the Pacific, a move seen in China as overt military containment.\

China’s territorial disputes have a destabilising effect far more potent than allegations of industrial cyber-espionage as well. The ugly row between China and Japan over a few rocks in the East China Sea not only risks accidental military confrontation, but has already dragged America into the spat. To demonstrate its commitment to the US-Japan security treaty, America has publicly announced its opposition to recent Chinese moves to contest Japan’s administrative control of the Senkaku/Diaoyu Islands and pledged that the security treat will apply to the defence of these islands. China’s expansive maritime claims in the South China Sea have also provoked America to take a stand that publicly repudiates Chinese claims and implies support for other claimants, such as Vietnam and the Philippines. Any military clash between China and Vietnam or China and the Philippines (an American treaty ally) could result in a confrontation between the Chinese navy and the American Seventh Fleet.

In the context of Sino-American strategic distrust and the changing balance of power, geopolitical risks far outweigh specific acts motivated by commercial interests in setting the course of US-China relations. Even if we concede that industrial cyber-espionage is fast emerging as a huge irritant, with the potential of severely damaging bilateral relations, we need to consider the following mitigating factors.

First, industrial espionage is no different from other forms of espionage. If nations accept espionage as part of the game they play (although individuals caught doing it get punished), it is unlikely that they will treat industrial cyber-espionage differently. It is also very likely that America has used its potent cyber-offensive capabilities to purloin valuable information from Chinese entities. In other words, China’s actions, however deplorable from the American point of view, may merely mirror America’s actions.\

Second, in industrial cyber-espionage cases, victims tend to get as much blame as perpetrators. Their lax security is often seen as equally responsible for the loss of secrets.

Finally, based on published investigations, the alleged Chinese cyber-attackers seem to observe some sensible rules: they may have stolen secrets, but they have chosen to do no damage to the critical infrastructure (such as power grids and computer networks). As long as espionage is confined to theft of commercial secrets or national security intelligence, the political fallout is real, even substantial, but ultimately manageable for China and America.