The U.S. government dialed up its war of words with China over cyber-espionage this week, with a Pentagon report clearly placing blame on the Chinese government for sanctioning information theft and legislators proposing a bill that would block imports of products using stolen technology.
The legislation, introduced May 7 by a bipartisan group of U.S. senators, aims to build a registry of stolen technology and punish foreign firms that attempt to sell products based on the technology. Called the "Deter Cyber Theft Act," the bill would require the Director of National Intelligence to report annually on the theft of government and industry secrets and build lists of countries that engage in cyber-espionage and trade secrets.
"The historical precedent [for this action] would be financial sanctions to prevent proliferation," Adam Segal, the Maurice R. Greenberg Senior Fellow for China Studies at the Council on Foreign Relations, told eWEEK. "We have punished specific Chinese firms when it comes to sales of weapons technology to Iran and other places. People are looking at that and saying we could do the same."
The legislation follows the release, earlier in the week, of a Pentagon report that recognized the links between the Chinese government and military and intrusions into government and corporate networks that exfiltrated mass quantities of data. The attacks "appear to be attributable directly to the Chinese government and military," stated the annual report to Congress on China's military strategy. The stolen information "could potentially be used to benefit China’s defense industry, high-technology industries, [and] policymaker[s]."
While China has denied its involvement in the attacks, a report released in February by incident response firm Mandiant laid out the forensic evidence linking a group within the People's Liberation Army, known as Unit 61398, and more than 140 attacks investigated by the firm since 2006. Mandiant is "strongly certain" of the links between the group and attacks on U.S. interests, Richard Bejtlich, Mandiant's chief security officer, said at the time.
While the United States has protested to the Chinese government at a number of diplomatic levels, the Asian giant has not indicated any desire to cease the attacks, and hacker operations continue unabated. Even the group identified by Mandiant has continued its efforts.
The lack of success gave impetus to the legislative efforts in Congress. On May 7, a group of four senators introduced the Deter Cyber Theft Act, to put pressure on other nations. The bill, sponsored by Sens. Carl Levin (D-Mich.), John McCain (R-Ariz.), Jay Rockefeller (D-W.Va.), and Tom Coburn (R-Okla.), would require regular reports from the Director of National Intelligence and direct the U.S. president to ban the import of products containing stolen U.S. technology.
"Some foreign governments, businesses and state-owned enterprises are today using cyber-espionage to steal American intellectual property and rob U.S. ingenuity and innovation in order to gain competitive advantage,” McCain said in a statement. “This kills American jobs, undermines the competitiveness of our businesses and compromises U.S. economic and national security interests, and it must stop now."