U.S. Seeks to Combat Cyber-Theft With Sanctions, Talks
The Pentagon spotlights China for sanctioning cyber-espionage, and Congress proposes a bill to block the import of products using stolen technology.The U.S. government dialed up its war of words with China over cyber-espionage this week, with a Pentagon report clearly placing blame on the Chinese government for sanctioning information theft and legislators proposing a bill that would block imports of products using stolen technology. The legislation, introduced May 7 by a bipartisan group of U.S. senators, aims to build a registry of stolen technology and punish foreign firms that attempt to sell products based on the technology. Called the "Deter Cyber Theft Act," the bill would require the Director of National Intelligence to report annually on the theft of government and industry secrets and build lists of countries that engage in cyber-espionage and trade secrets. "The historical precedent [for this action] would be financial sanctions to prevent proliferation," Adam Segal, the Maurice R. Greenberg Senior Fellow for China Studies at the Council on Foreign Relations, told eWEEK. "We have punished specific Chinese firms when it comes to sales of weapons technology to Iran and other places. People are looking at that and saying we could do the same." The legislation follows the release, earlier in the week, of a Pentagon report that recognized the links between the Chinese government and military and intrusions into government and corporate networks that exfiltrated mass quantities of data. The attacks "appear to be attributable directly to the Chinese government and military," stated the annual report to Congress on China's military strategy. The stolen information "could potentially be used to benefit China’s defense industry, high-technology industries, [and] policymaker[s]."
While China has denied its involvement in the attacks, a report released in February by incident response firm Mandiant laid out the forensic evidence linking a group within the People's Liberation Army, known as Unit 61398, and more than 140 attacks investigated by the firm since 2006. Mandiant is "strongly certain" of the links between the group and attacks on U.S. interests, Richard Bejtlich, Mandiant's chief security officer, said at the time.