US tells China to halt cyberattacks, and in a first, lays out demands

Obama's national security adviser, Thomas Donilon, spelled out a more aggressive US stance on the cyberattacks, saying China must recognize the problem, investigate it, and join in a dialogue.

US and Chinese national flags are hung outside a hotel in Beijing, Nov. 2012. In his comments Monday, President Obama's national security adviser, Thomas Donilon, left no doubt the White House is shifting to a more aggressive stance – including demands for the investigation of cyberespionage cases conducted against US business.

Andy Wong/AP

March 11, 2013

The Obama administration fired a warning shot Monday across the bow of the Chinese cyberespionage juggernaut, laying out specific expectations from China and reiterating its vow to take unspecified “action” if the theft of proprietary data from US corporations continues unabated.

In a speech at the Asia Society of New York, President Obama’s national security adviser, Thomas Donilon, appeared to move the administration’s marker on cyberespionage beyond Mr. Obama’s own notable attack on the practice in his State of the Union address, in which he refrained from mentioning China by name.

In his comments Monday, Mr. Donilon left no doubt the White House is shifting to a more aggressive stance – including demands for the investigation of cyberespionage cases conducted against US business.

American businesses are “speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Donilon said. “The international community cannot afford to tolerate such activity from any country. As the president said in the State of the Union, we will take action to protect our economy against cyberthreats.”

More significantly, though, Donilon for the first time laid out specific expectations that, if not met, could result in the unspecified US action – which in the past has been interpreted as leaving open the options not only for an offensive cyberattack, but for sanctions or even a military response – depending on the severity of the cyberintrusions.

“We seek three things from the Chinese side,” Donilon said. “First, we need a recognition of the urgency and scope of this problem and the risk it poses – to international trade, to the reputation of Chinese industry, and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities.  Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.”

Cyberpolicy experts said the administration’s move is significant, following the high profile cyberespionage attacks on The New York Times, Washington Post, and other news media. It also follows on the heels of a major report last month by the cybersecurity company Mandiant pinning the lion’s share of the cyberespionage carried out against US companies on a unit of the People’s Liberation Army that operates out of a 12-story building in Shanghai.

“This is really the first time a senior US official has come out and given Chinese officials three specific steps on what we need to do to work on this cyberspying problem,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a national security think tank in Washington. “No one has ever publicly come out and said this directly to the Chinese before – that we want recognition by them of the scope of the problem, we want direct investigation of these cases – and direct dialogue on international norms.”

Can Syria heal? For many, Step 1 is learning the difficult truth.

China’s routine position has been to note that Chinese law prohibits cyberespionage – and that none is being conducted or condoned by the Chinese government. But that plausible deniability had its fig leaf largely shredded by the Mandiant report and a raft of other investigations into cyberintrusions into US technology firms like Google and into critical infrastructure like US natural gas pipeline companies.

“It’s hard to negotiate with people who don’t admit to reality,” Dr. Lewis says. “It’s hard to admit to spying, but they need to just admit that they are developing a strong military and intelligence capability. They can’t say they have nothing, which is what they usually do.”

Cooperating on the investigation of cybercrimes would be “difficult for them, but a good requirement,” Lewis says. So would direct engagement on international norms.

China has in the past urged the US to sign its “code of conduct” for cyberspace – a document the US has refused to sign because of the limits it places on human rights. Still, the Obama administration has for about three years been in formal negotiations with Russia and informal talks with China.

If Chinese infractions continue, the US response would likely be, at least initially, relatively small but symbolic measures, including restricting visas for Chinese individuals involved in cyberactions against the US. The Mandiant report specifically identified three hackers that were part of the military unit – two of whom attended graduate school in the US. They could be refused a visa to visit the US in the future. Beyond that, Lewis says, US officials visiting China should raise cybersecurity every time – as should officials from other countries.

Donilon’s statement appeared also to urge China not to squander US goodwill.

“We have worked hard to build a constructive bilateral relationship that allows us to engage forthrightly on priority issues of concern,” Donilon said. “And the United States and China, the world’s two largest economies, both dependent on the Internet, must lead the way in addressing this problem.”