Why the U.S. Can't Stop China's Cyberspies

Locals walk in front of 'Unit 61398,' a secretive Chinese military unit, in the outskirts of Shanghai on February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was, in fact, the victim of U.S. hacking. Carlos Barria/Reuters

When President Barack Obama met with Chinese President Xi Jinping nearly a year ago, his visit ended with a stinging lecture. Standing in Beijing's ornate Great Hall of the People, Xi warned the U.S. not to get involved in Hong Kong's pro-democracy movement and scoffed at Washington's concerns over the spike in anti-American diatribes in China's state-run media. He also defended his government's refusal to renew the visas of several U.S. foreign correspondents; they had been critical of Communist Party leaders, which is against the law in authoritarian China. "Let he who tied the bell on the tiger take it off," Xi said. Translation: "You created the problem; you fix it."

Xi's reprimand last November underscored the enduring paradox of U.S.-Chinese politics. The two countries have mutual interests and cooperate on a variety of issues—from climate change to counterterrorism. But they're also fierce rivals with little patience for each other's historical claims or ideological conceits. And as the two leaders prepare for their meeting in Washington in late September, that mixture of pragmatism and pugnacity still defines their relationship. At the end of Xi's visit, which will include a gala state dinner at the White House with alternating toasts, the two leaders are likely to cite a long list of issues they agree upon, including the Iran nuclear accord and the need for Beijing's continued reforms toward a consumer-driven economy. But on the major issues that deeply divide them, little progress is likely. And even though Xi may have fumbled the handling of China's recent stock market crash, experts in the U.S. don't believe he's lost any leverage with Obama. "People should be modest in their expectations" for the summit, says Jeff Bader, the top China expert on the National Security Council during Obama's first term.

Case in point: cyberspying. For years, Beijing's hackers have been breaching the computer networks of U.S. companies, stealing their intellectual property and giving their commercial secrets to Chinese firms, according to U.S. officials. Former National Security Agency Director Keith Alexander says this cybercrime has led to "the greatest transfer of wealth in history," costing the U.S. economy an estimated $250 billion a year.

Though the Obama administration hasn't publicly named China as the culprit, Director of National Intelligence James Clapper has fingered Beijing as "the leading suspect" in the June breach of the Office of Personnel Management, in which someone stole the personal information of 22 million current and former federal employees. Clapper and other intelligence officials say that kind of government-to-government cyberspying is fair game and something the United States does as well. But they draw the line at Beijing stealing commercial trade secrets, saying that sort of behavior violates an unwritten code of conduct in the world of espionage.

China, of course, denies that its cyberspies turn over the secrets they uncover to Chinese companies, claiming that private hackers are to blame. And these officials point to recent Chinese legislation that targets such criminals. Yet Chinese officials say commercial intelligence is a valid target for their spies. "I saw this argument floated two years ago in discussions with the Chinese," recalls James Lewis, a former senior State Department official who has dealt with China on espionage-related issues. "The Chinese said, 'No way. We get it—you want to define the rules of the game so you win. We don't find that very appealing.'"

Fed up with China's hacking, some U.S. law enforcement and intelligence officials favor imposing sanctions in advance of Xi's visit against Chinese individuals and companies responsible for cyberattacks on U.S. corporations. "This would be a demonstration that the U.S. government is willing to introduce some friction into the relationship right before the summit," says Robert Knake, who recently stepped down as the White House's director for cybersecurity policy. "The Chinese government just might say, 'This is just not worth it anymore. Look what it's doing to the U.S. relationship, and look what it's doing to our companies, which will have a harder time competing abroad, getting international financing, closing deals abroad.' At least, that's the hope."

U.S. President Barack Obama and his Chinese counterpart Xi Jinping will meet in late September in Washington. Last year's summit in Beijing didn't end well for Obama, who got an earful from Jinping over alleged interference in Hong Kong's democracy protests. The state visit this month will also likely have only modest results, with cyber-spying a continuing sore point between the powers. Jason Lee/Reuters

But others say the administration will likely wait until after Xi's visit to determine if punitive measures are needed. Some China experts warn that whatever the timing, sanctions will provoke an angry Chinese response. In the wake of the U.S. indictment last year of five Chinese army officers for hacking into the networks of several major American corporations, Beijing pulled out of a working group to address cybersecurity issues. It's unclear how China would respond to sanctions, but it could trigger a cycle of retaliation at a time when global markets are increasingly concerned about the future of the Chinese—and global—marketplace. In fact, some experts fear any new tensions could undermine what they hope will be one of the summit's most important outcomes—a statement by both leaders indicating that the world's two largest economies are not descending into a bruising economic slugfest. "People may care about disputed rocks in the South China Sea, but they care a lot more about their 401(k)s," says Bader, now a China scholar at the Brookings Institution.

In a move to counter the prospect of sanctions, China is co-hosting a September 23 forum in Seattle during the first leg of Xi's visit. He, along with top Chinese technology officials and executives, has invited the leaders of the major American tech companies, including Apple, Facebook, Google and IBM, to discuss doing business in China, the world's largest Internet market. Though Beijing prevents Facebook and Google from operating on Chinese soil, the prospect of that changing will make the invitation hard to refuse. And U.S. officials worry the gathering will undermine Obama's ability to pressure China on commercial cyberspying.

U.S. experts say the only way to resolve the espionage dispute is some sort of give-and-take between the two countries. But the U.S. would have to identify not only what it needs from the Chinese but also what Washington would be willing to give up in exchange. One possible carrot: stopping U.S. electronic spy flights along China's coast. Yet short of a complete halt to China's cyberespionage against U.S. companies, it's not clear what Washington would be willing to accept in return. "We need a real strategic dialogue that talks about how we come to a stable arrangement between opponents," says Lewis, who now directs the technology and public policy program at the Center for Strategic and International Studies, a Washington think tank. "That's what we have to recognize. We're not friends anymore."

In the meantime, the Pentagon's cyberwarriors are preparing for battle against their counterparts in China. In a September 8 statement, Admiral Michael S. Rogers, commander of the new U.S. Cyber Command, said "intellectual property and personal information" are vital American assets his soldiers will protect from foreign cyberspies. "When the Pentagon steps up and says we're going to protect intellectual property and personal information, that's throwing down the gauntlet against" Chinese hackers, says Justin Harvey, chief security officer for Fidelis Cybersecurity, a computer security company whose clients include the U.S. Army and Commerce Department.

Perhaps, but when Obama and Xi meet in Washington, don't expect the same sort of tough talk from the White House. The Chinese leader won't have much patience for American lectures or reprimands. Even with its economic problems, China remains America's largest importer, the third largest market for American exports and an increasingly central player in the global economy. And that means Obama is likely to tread carefully around his visitor from Beijing once again.