Expert Commentary

Why Beijing is Curbing Industrial Spying on the West

Chris Porter
Manager, FireEye Horizons

In September 2015, Chinese President Xi Jinping and President Barack Obama reached an agreement that neither nation would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

Many astute observers of Chinese cyber operations viewed the pact as a shocking development for numerous reasons, not least of which was that Beijing had never before formally acknowledged conducting cyber operations, much less welcomed limitations on them. Many scoffed that a paper agreement between politicians would impede economic espionage, which Keith Alexander, the former director of the National Security Agency, described as “the greatest transfer of wealth in history.”

Yet when FireEye conducted an investigation of 182 compromises of U.S. targets by 72 Chinese groups going back to early 2013, we found a precipitous, though not complete, decline in Chinese operations targeting U.S. intellectual property coinciding with the Xi Agreement.

What happened? How did a diplomatic formality, included in a litany of unrelated areas of bilateral cooperation, handcuff a seemingly unrelenting cyber adversary?  Active Chinese economic espionage operations post-Xi Agreement declined from around two-dozen to a relative handful currently. Before the Xi Agreement, they had already declined, from more than 60 operations in 2013 to just over 30 by early 2015. Chinese cyber operations declined further in the months leading up to Xi’s state visit to Washington, DC when the agreement was concluded; they leveled off shortly thereafter.

In other words, rather than restraining Chinese operations, the Xi Agreement locked in a trend that was well underway years before the deal.

While the Xi Agreement appeared to be a significant diplomatic victory for the Obama administration, in reality China simply agreed to stop doing operations that it didn’t want to continue anyway. Since taking power in 2013, President Xi has vigorously pursued a crackdown on government corruption while consolidating power himself. Chinese cyber threat groups, including those operated by the government, are famous for moonlighting as for-hire hackers. Some of the same groups targeting U.S. companies were also targeting Chinese companies. These groups may have been building economic power centers separate from the commands of Beijing. While not directly harmful to China’s national interests, they may have threatened Xi’s desire to exert a unilateral grip on Chinese cyber power.

On December 31, 2015, the Chinese government formalized its tightening control over China’s hackers when the People’s Liberation Army elevated cyber operations under the Strategic Support Force. The effect of this move was to raise Beijing’s hackers to the same level as other branches of the military, all under Xi’s direct operational control.

Chinese leaders are heeding a lesson about the limitations of cyber-espionage that stems from the fall of the Soviet Union: you cannot steal your way to innovation.  

Even though the Soviet KGB dedicated an entire line of elite covert intelligence officers to the collection of foreign technology for military and economic purposes, over the long run, they were unable to maintain practical technology parity with the West. While their scientists earned Nobel prizes that undergird much of today’s Information Age, the Soviets were never able to fully capitalize on the stolen information. To this day, Russia still lacks the capability to manufacture many of the space and electronic components Soviet physicists dreamed up.

In recognition of that reality, China has made a very rational decision not only to pursue technology development, but to try to replicate – with Chinese characteristics, naturally – some of the same disruptive creativity that has made Silicon Valley a success for Wall Street and the Pentagon alike.

Encouraging theft of patented technology creates a disincentive for the domestic Chinese market to pursue its own innovation and retards the growth of those associated sectors that over time become dependent on foreign intellectual capital, either through theft, migration of scientists, or purchase of exports. Furthermore, a China that hopes to be a world leader in communications technology, genetics research and data science wants to live in a world where patents are respected and where its own claims are viewed as legitimate and untainted by accusations of theft of intellectual property.

At the same time, China desires to continue ascending as a world leader on the geopolitical stage. Hackers once dedicated to stealing secret recipes for American fast food have refocused on more geopolitically relevant data held by neighboring governments in southeast Asia and Japan; on stealing Russian nuclear technology; on monitoring Moscow’s troop movements; and on collecting counterintelligence information such as personally identifying data held by health care companies and other data aggregators in the U.S. and its allies.

While some U.S. companies continue to be victims of Chinese intellectual property theft, the Xi Agreement show that countries, united in common goals, can reach enforceable diplomatic arrangements that bring some measure of peace to cyberspace – a hope that other American cyber nemeses, notably Russia, no doubt share to varying extents and that Washington would be wise to pursue.

Yet it is important to remember that China did not fire its hackers after the Xi Agreement. To the contrary, it has likely continued to grow and mature its forces as it focuses their efforts on more traditional political intelligence goals.

Beijing could resume its previous level of activity with greater stealth at any time of its choosing. Already we have seen Chinese operators compromise foreign companies, not to steal their intellectual property, but to monitor corporate leadership communications with government trade officials – a choice target in the U.S. in an era of greater presidential involvement in domestic industry. If the U.S. nears a trade showdown with China or if slowing economic growth promotes domestic unrest in China, U.S. companies with politically well-connected executives will no doubt find themselves the target of Chinese cyber espionage for state purposes, which could make it difficult to differentiate from past commercial spying.

Chinese government efforts to control domestic religious and political dissent has already been turned against Chinese expatriates living in the U.S. and the commercial U.S. services they use.

So as 2017 rolls on, let us not grow weary of good behavior in cyberspace. But we can’t be naïve. The reality is, we will not always share the same definition of “good” as our Chinese counterparts.

The Author is Chris Porter

Christopher Porter is the Manager of FireEye's Horizons team, which conducts strategic forecasting to anticipate risks posed by emerging technologies and geopolitical developments. Prior to joining FireEye, Christopher served nearly nine years in operations and analysis at the Central Intelligence Agency, where he won the National Intelligence Analysis Award medal, coauthored a National Intelligence Estimate, and was the first analyst to win the Cyber Threats Group Director's Award... Read More

Learn more about The Cipher's Network here