Leaders from the United States and China accused each other of a prolonged hacking spree, then agreed to limit cyberattacks, but cyber tensions between the two countries are ramping up again, according to exports and U.S. officials.
The Trump administration is accusing the Chinese government of masterminding a slew of state-sponsored cyberattacks against private sector and defense firms. American officials describe the hacks as an effort to gobble up sensitive defense information and valuable intellectual property.
“China’s strategy is the same: rob, replicate and replace,” John Demers, the U.S. Department of Justice’s assistant attorney general, told lawmakers Dec. 12. “Rob the American company of its intellectual property, replicate the technology, and replace the American company in the Chinese market and, one day, the global market.”
Those tensions could expand as the White House is planning another round of indictments on Chinese hackers, according to reports in the Wall Street Journal and the New York Times. The feud follows a recently surfaced hack on the hotel chain Marriott, which was allegedly carried out by Chinese intelligence officials. The campaign apparently began in 2014 and has affected some 500 million people.
Former U.S. intelligence and national security officials have highlighted that year — 2014 — as an inflection point for American and Chinese cyber relations.
The Chinese embassy in Washington, D.C., did not respond to a request for comment.
Two former intelligence officials told Fifth Domain that the relationship in 2014 between the National Security Agency and China was at the lowest point they could remember. Almost all communications between the two countries and related to cyberspace came to a halt, the two officials said. Although the exact reasons behind the tense relationship is unclear — the officials declined to provide more information because the details are classified, and the NSA declined to comment — a number of events around that time point to a strained relationship.
In 2013, the Virginia-based cybersecurity firm Mandiant exposed China’s cyber espionage units. A third former U.S. intelligence official, who was not specifically aware of the feud, said the Mandiant report angered the Chinese government. They added that officials from Beijing inaccurately believed Mandiant was collaborating with American intelligence figures.
But other events from 2014 may provide insight to the countries' cyber relationship today.
In 2014, the Chinese government allegedly hacked into the health provider Anthem. In 2014, the Obama administration ramped up actions to indict Chinese government officials in a hacking spree. In 2014, Chinese officials allegedly hacked Marriott. And in 2015 it was announced the Chinese government allegedly hacked into the Office of Personnel Management and stole sensitive information of some 22 million people.
This accumulation of hacks led to an agreement between former President Barack Obama and Chinese leader Xi Jinping to stop cyberattacks to steal trade secrets.
Experts debate the effectiveness of that agreement.
In November, Rob Joyce, a senior adviser to the NSA, said the agreement was no longer working.
“It’s clear that they are well beyond the bounds today of the agreement that was forged between our two countries,” Joyce said during the Aspen Cybersecurity Summit. “We have certainly seen their behavior erode over the past year and we are very concerned.”’
But cyber experts disagree with the assessment that the Obama-Xi agreement was effective in the first place.
It was naive to think the agreement would work without any accompanying efforts to deter Chinese hackers, said Israel Barak, the chief information security officer at cybersecurity and threat intelligence company Cybereason. Instead, Barak told Fifth Domian his firm has seen no noticeable shift in Chinese hacking patterns, who continue to target defense firms, industrial businesses and financial institutions.
“If the Chinese are behind the Marriott hack, it has no real impact on assessments of whether they broke the Obama-Xi 2015 agreement since it happened in 2014,” said Neil Jenkins, a former Department of Homeland Security official and chief analytic officer at the Cyber Threat Alliance, a cybersecurity threat-sharing organization. “This may have been activity related to their broad pursuit of gaining information on American people, linked to their activity in OPM and the health care industry. But it doesn’t seem to have been related to intellectual property theft.”
The relationship with China has frustrated lawmakers.
On Dec. 14, U.S. Sen. Mark Warner, D-Va., said that the United States has not digitally deterred China and other countries.
“It has been open season from our near-peer adversaries in terms of Russia and China attacking us because they know we do not want to go into cyber escalation,” Warner said during an event at the Atlantic Council, a Washington, D.C., think tank.
Mike Rogers, the former head of the NSA and U.S. Cyber Command, agreed with the sentiment during the event.
“Many of the nation-states across the world have come to the conclusion that the way to gain advantage against the Untied States is to not trip the thresholds that generate an armed response, but rather engage in behaviors that don’t trip a U.S. policy response that still enable you to gain a competitive advantage.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.