Last week, ODNI released a report on cyberwarfare that is raising eyebrows for the way it named China and Russia as the sponsors of cyberespionage explicitly.
Jack Goldsmith wonders what naming them will accomplish.
I am sure that naming the Chinese and Russians specifically and openly was a big deal inside the government. The Wall Street Journal reports that a “senior intelligence official said it was necessary to single out specific countries in order to confront the problem and attempt contain a threat that has gotten out of control.” Perhaps so, but naming names alone will not accomplish much. For one thing, the U.S. government has presented no public evidence on Chinese and Russian cyberespionage, and those countries generally deny it. (Chinese Embassy spokesman Wang Baodang said yesterday, in response to the DNI Report, that China opposes “any form of unlawful cyberspace activities.”) For another, Cyberespionage does not violate international law. For yet another, the United States itself, while it does not engage in broad-ranging industrial or economic espionage, does do so on a limited scale.
[snip]
In light of these factors, it is hard for me to understand what naming names is supposed to accomplish, especially since the Chinese and Russian hand in industrial espionage is widely known.
Whereas Shane Harris compares this moment to Churchill’s Iron Curtain speech.
The report marks the first time the United States government has unequivocally stated, in empathetic and highly publicized fashion, that China and Russia are responsible for a pervasive electronic campaign to steal American intellectual property, trade secrets, negotiating strategies, and sensitive military technology. This is not the first time sitting US officials have singled out Chinese and Russian cyber theft. But those complaints were largely off the record and carefully calibrated not to be read as a shot across the bow of America’s strategic adversaries. This report, however, is that shot.
[snip]
And one is tempted to draw parallels to pivotal moments of the last cold war, which were underappreciated at the time, or even ridiculed. The release of this report may turn out to be the Internet’s Iron Curtain moment. Though it landed with much less ceremony and eloquence than Sir Winston Churchill’s fateful 1946 address, it nevertheless does the same job: It makes clear the stakes as the United States intelligence community sees them, and it throws down a challenge against Russia and China, which are judged to be the two greatest strategic threats to American prosperity and influence.
But there’s something funny about this grand moment. Sure, the report names and shames China and Russia. But it also makes clear that our allies [cough, Israel] are also stealing our stuff. Here’s how the executive summary presents the culprits.
- Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.
- Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.
- Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.
If this theft is such a big deal, then it’s a big deal whether China does it or Israel. Hell, since Israel often steals our defense information than sells others the war toys we sell to them, in some ways it presents a more immediate threat.
And whatever the significance of naming China and Russia might be if they were the only culprits, shaming them while at the very same time admitting that our buddies do the same thing sort of makes us look like chumps or hypocrites.
Which is all the more hysterical given that the report cover features a thumb drive–the means by which we continue to make it child’s play to give us viruses that make stealing our stuff easier–wielded like a bright red gun to represent the danger.