Chinese hackers hurt business, Congressional committee told
As senior officials from China and the United States wrap up a series of talks in Washington about an array of economic issues, across town members of Congress probed the extent of Chinese efforts to steal intellectual property from tech companies and other U.S. businesses.
"From defense contractors to manufacturing, no American company has been immune from the scourge of Chinese intellectual property theft," says Rep. Tim Murphy (R-Pennsylvania), the chairman of the House Energy and Commerce Committee's oversight subcommittee.
Among the witnesses on hand was Slade Gorton, a former senator from Washington who serves on the Commission on the Theft of American Intellectual Property, a group that has been studying the economic impact of the problem, with a particular focus on China.
Gorton cited the commission's estimate that cyber espionage and other forms of IP theft from foreign countries account for annual losses of $300 billion for U.S. companies. The group attributes between 50 percent and 80 percent of those losses to China.
Battle on several fronts
The commission produced a series of short-, medium- and long-term solutions, ranging from the restructuring of U.S. government authorities that deal with intellectual property to encouraging reforms within China to strengthen laws against IP theft and their enforcement. That multifaceted approach comes from a recognition that the war against hackers will not be won simply by playing defense.
"It is clear that we need better defensive measures to deal with cyber theft and other forms of intellectual property theft, but I am convinced that that will never solve the problem on its own," Gorton says.
Last week's hearing comes amid ongoing, if halting, efforts in Congress to craft legislation to shore up the nation's defenses against cyber attacks, a policy debate that has focused on the appropriate mechanisms for businesses and government authorities to share information about threats and the extent to which the federal government should be involved in regulating the cybersecurity operations of the private sector.
"We cannot take these problems lightly," says Rep. Jan Schakowsky (D-Illinois). "They cost our economy billions of dollars and place our national security at risk, and as the number of Internet-connected devices and the use of cloud computing increases the number of entry points for malicious actors to exploit will also rise. With more information and more sensitive information now stored on the Web we must sharpen our focus on cybersecurity."
Issues of cybersecurity were expected to arise at this week's U.S.-China trade talks, though the matter is complicated by the string of revelations about U.S. surveillance programs by former government contractor Edward Snowden. Descriptions of the sweeping data collection involved in the National Security Agency's PRISM program could reinforce the contention of Chinese officials that they have been on the receiving end of cyber intrusions.
Witnesses at the recent hearing contended that the Chinese perspective often does not draw a distinction between the espionage that countries—even allies—routinely conduct on one another and hacking into businesses to steal trade secrets.
James Lewis, a senior fellow at the Center for Strategic and International Studies, where he directs the Technology and Public Policy Program, recalled a meeting with Chinese officials when a senior colonel in the People's Liberation Army told him: "'Look, in the U.S. military espionage is heroic, and economic espionage is a crime, but in China the line is not so clear.' So one of the things we can do is make the line a little clearer to them."
Much of the problem can be traced to a weak legal structure in China, Russia, and other countries that are identified with intellectual property theft, Lewis explains.
"They have no tradition of protecting intellectual property," he says. "One of the differences between the U.S. and countries like China and Russia is that we have laws and we enforce them. They either don't have laws and they certainly don't enforce them."
Apart from the legal factors, Lewis' diagnosis of China's stance on intellectual property notes a fear among party leaders that rapid economic growth is crucial to their ability to hold onto power, and the concern that businesses in the state-controlled economy are unable to innovate to achieve that growth.
Lewis says that the defenses of U.S. companies vary widely by sector—he gives high marks to the banking industry while he says many utilities are soft targets—but sums up the security posture of the private sector as "feeble," and has advocated for strong legislation to prod businesses to "harden their networks."