U.S. readies sanctions against China for cyber-spying

Experts question whether the penalties on Chinese companies for economic cyber-espionage will have a significant effect

The U.S. government is working on a sanctions package against Chinese firms and individuals for cyber-espionage activities against U.S. companies, the Washington Post reported. This move comes after months of cyber-attacks on companies and government agencies which have been linked to China.

The sanctions will impose costs for economic cyber-spying and not government-to-government intelligence activities. As a result, the incidents the package will cover do not include the Office of Personnel Management breach from earlier this year, because that attack was deemed to be part of traditional intelligence.

Instead, the sanctions are primarily in response to Chinese companies that have been accused over the past few months of breaking into American companies and stealing intellectual property, client lists, trade secrets, and other sensitive information in order to gain an economic advantage in the marketplace.

"It sends a signal to Beijing that the administration is going to start fighting back on economic espionage, and it sends a signal to the private sector that we're on your team," an administration official told the Washington Post. "It tells China, enough is enough."

The sanctions follow the president's Executive Order from April, which gave the U.S. Department of Treasury the authority to freeze assets and bar other financial transactions of entities engaged in destructive cyber-attacks. The order targeted individuals and groups outside the United States that use cyber-attacks to threaten U.S. foreign policy, national security or economic stability. This doesn't mean, however, that the government will abandon diplomatic channels, trade policy tools, and law enforcement actions to go after individuals and entities engaged in malicious activity.

"Sanctions will be more symbolic in nature as it won't actually deter them [Chinese] from doing what they are really good at," said George Kurtz, president and CEO of Crowdstrike.

China has consistently denied taking part in economic cyber-espionage, despite mounting evidence to the contrary. The latest figures from the Federal Bureau of Investigation showed that economic espionage cases jumped 53 percent in the past year, and that China accounted for a bulk of those cases. Even if the sanctions don't stop the attacks, they represent a step in the right direction because they "force everyone to the table and have a conversation behind closed doors about cyber-espionage," Kurtz said.

In the past, the U.S. government has been reluctant to be vocal about cyber-espionage activities originating from China to avoid disrupting political and economic ties with the country. That has been gradually changing. In May 2014, U.S. prosecutors unsealed indictments on economic spying charges against five Chinese military personnel. The indictment alleged the five individuals breached computer systems of major American steel and other companies to profit Chinese firms.

"China's electronic espionage efforts have been ongoing for so long, I fear that any diplomatic or trade response is too little, too late," said Bobby Kuzma, a systems engineer with Core Security. Sanctions would need to be "sufficiently painful" to be an effective deterrent.

To have actual impact, the sanctions would need to block individual companies from being allowed to work with American companies or compete in the market, Kurtz said, noting that may be too harsh as the first step. It's more likely the government would be starting gradually and increasing the penalties over time.

The Washington Post did not provide any details about the actual package under discussion, but cited an official who said the targeted Chinese firms would be "large and multinational."

Whether or not the sanctions will be issued is still unknown, but a final decision is expected soon, the Washington Post reported, and cited unnamed administration officials who hinted it could happen "even within the next two weeks." The timing is sensitive as it could overlap with the first state visit by President Xi Jinping of China.

Even if the sanctions don't have any teeth, they will continue to shine a spotlight on China's activities, which is essential, Kurtz said. "There's too much IP at stake," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attack

More about Department of TreasuryFederal Bureau of Investigation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Fahmida Y. Rashid

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts