It looks serious this time: the Trump administration says it’s ready to hit China with direct
sanctions for what the US says is a sustained digital industrial
espionage campaign. It’s quite unprecedented – at least as far as US policy is concerned – and is intended to apply real-world pressure on China so it stops what the Western world agrees it has been doing for a decade: the practice of gaining intellectual
property, trade secrets and R&D information via military grade hacking, aka Advanced Persistent Threats (APTs).
Economic sanctions are a hard lined departure from the prior administration’s policy of treading lightly when it comes to China. Faced with a tsunami of APTs in 2009-2012, made famous by the 2011
attack on security giant RSA and targeting pretty much any vertical and any major US corporation, the official US reaction was extremely careful. Obama’s retaliatory measures were
few and far between, erring to the side of caution.
The only high-profile attempt at forcing China’s hand was the 2014 public
indictment of 5 military hackers belonging to
Unit 61398, which threat intelligence companies say is the elite cyber espionage shop of the Chinese military. Many raised an eyebrow, suggesting this slap on the wrist looks a relatively minor reaction when taking into account the massive, five-year-long
state sponsored campaign that stripped the US of ridiculous amounts of intellectual property.
Later on Obama’s administration used diplomacy to try to settle with China, and in 2015 the two powers agreed to put a stop to industrial espionage where state sponsored actors penetrate private sector networks. A 2016
report showed attack level on US targets dropped, but digital industrial espionage did not disappear; the attacks got more focused and high-yield.
As Trump went into office, he called a far more
aggressive action on cyber attacks against the US. This is easier said than done: to make such a strategy effective, the US had to invest in more than offensive capabilities. In order to use offensive measures and create deterrence, it's critical to have
very good cyber intelligence, quick detection of attacks, and the ability to build a precise profile of hacker tools, methods and behaviors, making attribution extremely accurate. The other and equally important requirement would be strong defensive measures
to avoid a backlash.
Are economic sanctions effective against state sponsored attacks? Actually, there’s historic precedence to the effectiveness of such tools: in 2012 Australia sent a
very clear message to Beijing, preventing Chinese IT companies from taking part in gigantic broadband infrastructure projects designed to connect the inland of the continent
to fast Internet. The result: attacks against Australian companies dropped to a mere trickle.
How will China respond to the new measures? Like in any high-stakes diplomacy issue, all bets are off and only time will tell. In any event, we should expect Interesting Times…