Low Point

05.19.14

#ShotsFired in U.S.-China Cyberwar

The Justice Department’s indictment of Chinese military officers for cyberespionage Monday was billed as a law enforcement matter, but the high-profile rollout shows the Obama administration wanted to admonish China publicly.

The Justice Department may not have meant to start another battle with China at the worst possible time, but that’s what it has done. Just as U.S.-China relations have hit a low point, for the first time ever the United States is charging Chinese government officials with conducting cyber espionage against private American companies.

Flanked by federal prosecutors and a member of the FBI at a podium Monday, U.S. Attorney General Eric Holder announced the indictment of five officers in the Chinese People’s Liberation Army for “serious cyber security breaches against six American victim entities.” The companies—Westinghouse, Alcoa, U.S. Steel Corp., the United Steel Workers Union, Allegheny Technologies, and SolarWorld—were targeted for “no other reason than to advantage state-owned companies and other business interests in China,” he said.

In response to the Chinese government’s public challenge to the U.S. “to provide hard evidence of their hacking that could stands up in court,” Assistant Attorney General John Carlin named the clandestine military hacker outfit accused of masterminding the spying operation, Unit 61398. Carlin, who works in the Justice Department’s national security division, then made a statement that seemed to be a challenge of its own to the Chinese: “For the first time,” he said, “we are exposing the faces and names behind the keyboards used in Shanghai.”

The Chinese government reacted swiftly, calling the charges “extremely absurd” and canceling the U.S.-China working group on cyber security that was begun in the context of the Strategic and Economic Dialogue, co-run by the State and Treasury departments. State Department spokeswoman Jen Psaki said she hoped the next meeting of the S&ED would proceed as planned in July but that there was no certainty.

The decision to expose Unit 61398 comes less than a week after a top Chinese general toured the U.S. on what many believed was a diplomatic trip intended to give U.S. officials the chance to deescalate tensions in China’s territorial disputes with its neighbors.

But the visit failed to produce the hoped-for deescalation. Instead, Defense Secretary Chuck Hagel sparred publicly with Chinese Defense Minister Gen. Chang Wanquan over Chinese actions in the East China Sea, including China’s recent declaration of an air defense zone that spans disputed territories.

“This is for diplomatic purposes. This isn’t even necessarily for law enforcement purposes,” Bejtlich said. “This move is more of a publicity-type maneuver.”

Hagel was reportedly rebuffed in his plea to the Chinese military for greater transparency during a visit there last month. And recently revealed documents provided by former NSA contractor Edward Snowden show that the U.S. intelligence community spied on the Chinese telecommunications giant Huawei, a company suspected by U.S. defense officials of having ties to the People’s Liberation Army.

A Pentagon spokesman declined to say whether the Defense Department was involved in the decision to indict the Chinese military officers identified by the Justice Department. A White House spokesperson declined to say whether the timing of the indictments was related to recent tensions in U.S.-Chinese relations.

White House press secretary Jay Carney said Monday that the indictments were strictly “a law enforcement matter” while noting that President Obama has raised the issue of Chinese economic cyber espionage with Chinese President Xi Jinping on multiple occasions. Carney declined to specify how the decision to indict Chinese officials publicly was coordinated with the White House.

“The case has been in the works for about a year, and this was the Department of Justice piece of a strategy the White House began developing two years ago,” said James A. Lewis, a senior fellow at the Center for Strategic and International Studies. “When you get the prosecutor started, it’s hard to turn them off.”

It took time for the Justice Department to round up companies willing to go public as victims, a move that could invite Chinese retaliation, Lewis said. The case was pursued because it highlights the American position that economic espionage is considered out of bounds, while military-related espionage is somewhat tolerated as part of the bilateral relationship.

Paul Tiao, former special counsel and later senior counselor for cybersecurity and technology to the director of the Federal Bureau of Investigation, said Monday that there’s no way a case of this significance could be compiled and then moved forward without the coordination of senior officials across the Executive Branch.

“This is not a run of the mill criminal investigation,” he said. “Frankly, this is the sort of indictment that has to be reviewed by the White House. It’s got major national security and diplomatic implications. This is a precedent-setting indictment. I’m sure this was subject to the maximum level of review.”

Even if the White House didn’t involve itself directly in the investigation or the timing of the indictments, it was surely involved in the rollout, said Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council.

“The way that this was done, it strikes me as coordinated,” he said, referring to the fact that the attorney general himself made the announcement and the White House and State Department reinforced the indictments by publicly declaring their concern about Chinese economic cyber snooping.

Moreover, the public nature of the indictments shows that the Obama administration doesn’t believe there’s much to lose in ongoing bilateral cooperation on cyber issues by antagonizing the Chinese government now, he said.

“It’s a reflection of the frustration in the U.S. government that nothing has been working over the last couple of years,” said Healey. “If that process had been going well, we would not be seeing this today.”

Experts warned that Chinese retaliation could come not only in the form of actions against the American companies that spoke up about the spying but also possibly the naming and shaming of American military and intelligence officials Beijing knows are spying on China.

“You may see the Chinese indict American hackers. They may stay at the same level of operator hackers, or they may go higher and bring charges against [Director of National Intelligence James] Clapper or [former NSA director Keith] Alexander,” said Richard Bejtlich, a senior fellow at the Brookings Institution and the author of an influential report on cyber warfare.

Whatever the reasons for the Justice Department’s timing, Bejtlich stressed that he didn’t see the indictment having much impact on the Chinese military’s hacking operations or its government’s commitment to economic espionage.

“This is for diplomatic purposes. This isn’t even necessarily for law enforcement purposes,” Bejtlich said. “This move is more of a publicity-type maneuver.”

The publicity, though, may be important in its own right. For one thing, the indictment could be “a signaling mechanism to the Chinese—a way of telling them that we can push this further and open up other venues to impose costs for these attacks,” said Peter Singer, author of Cybersecurity and Cyberwar: What Everyone Needs to Know, and another senior fellow at the Brookings Institution.

“Snowden rocked the U.S. back on its heels on anything and everything cyber-related,” he said. “The indictment may be a way of showing that we’re trying to bring that agenda back.”