When US President Obama met with Chinese President Xi Jinping, he was planning to raise the thorny issue of China’s alleged sustained hacking of US computers and ongoing theft of US intellectual property. The importance of the issue of Chinese hacking had been heightened in recent months with the escalation in reports of US businesses being hacked and having information stolen. As a consequence of this, the US Senate is considering a bill requiring the President to block imports of products that use stolen US technology or are made by companies implicated in computer theft. Exactly how these companies would be identified of course remains to be seen. But the point is that the hacking has become a central threat to the US across a broad range of fronts.
Any intention to raise this fully with the Chinese President however was completely undermined by the the revelations that the US have also been engaged in the systematic hacking of Chinese assets via their secret service surveillance program, Prism. Obama has subsequently tried to make a clear distinction between what he terms cyber attacks from China and what he believes the US is doing which is solely undertaking surveillance for counter-terrorism purposes.
Of course, this was all before NSA whistle-blower Edward Snowden revealed that in additon to the mass surveillance by Prism, the US had been directly hacking computers in Hong Kong and the Chinese mainland since 2009. Chinese targets allegedly included Chinese university and public officials.
Making matters worse are fears that Snowden will defect to China taking all of the other secrets he has accumulated from his time with the NSA. For NSA director General Alexander, there is a benefit in building up the case against Snowden by talking about the extreme harm he has created to US security by his revelations. Whether this is really the case will depend on the nature of the secrets Snowden had access to. So far, the revelations Snowden has made have been about what things have been done, rather than any specific details of how. For example, Snowden has talked in general terms of the US targeting “Internet routers” to give them access to “hundreds of thousands of computers”. This information might allow the Chinese to re-examine the security of these routers and adopt defensive procedures against future attacks, but unless Snowden is also able to reveal exactly how these hacks worked, it gives the Chinese only a small advantage.
In terms of how much Snowden’s knowledge would help the Chinese, the question to consider is how much of this information do they already know? The Chinese have applied huge resources to building up their cyber security capabilities, for offense certainly but also likely for defensive strategies. They have also gained a huge amount of information through their hacking activities to date. According to one report since 2006, a single Chinese espionage group (PLA61398) has stolen hundreds of terabytes of data from at least 141 companies across 20 industries including aerospace and defence.
So would it come as a great surprise to the Chinese that the US have compromised network infrastructure or computer assets in Hong Kong and China? Probably not. The Chinese have claimed in the past that they have “mountains of data” concerning cyber attacks on China, many of which emanated from the US. It is likely that they are only too aware of the extent of the US’s abilities in this area. Snowden’s information might help in narrowing down the range of areas to focus on.
We are likely in the midst of a global Cyber War that is in essence a continuation of the Cold War. The potential military and industrial gains of cyber-espionage are so great that it is difficult to see any rationale for any country to stop engaging in it.
Before the secrets of Prism and Snowden’s other revelations were made public, it was possible for the US to take the higher ground and make demands on China to act to curb the attacks. Since the revelations however, their position has been extremely weakened and any demands will just sound hollow. What this will mean is that countries will need to expend more money and resources on shoring up their defences with the expectation that the cyber attacks will not only continue, but will inexorably get worse.
Another question arising out of the ongoing exchange of cyber hostilities between the US and China is whether the US will eventually take steps to reduce its reliance on electronics and electronic products built outside of the US. As with the move to make the US less reliant on external sources of oil and gas, Obama and future presidents may decide that independence in the area of manufacturing vital electronics is even more important. This would have the effect of lessening the reliance on China even if it made these goods more expensive.
Whatever the path, it is fair to say that the relationship between China and the US will be tested in the coming weeks, especially if Snowden defects to China or is given safe harbour in Hong Kong. Whether China actually wants to accept Snowden if he decided to defect is another matter. Snowden might present the Chinese Government with more problems than any potential advantages. Both governments are perhaps wishing that they were living in less interesting times.