Chinese President Dismisses Hacking Allegations
President Xi, Commencing First U.S. State Visit, Calls Hack Attacks IllegalResponding to U.S. government criticism of China over its persistent online economic espionage campaigns, Chinese President Xi Jinping says that the Chinese government does not hack other nations, or support Chinese companies that do so, and calls for those responsible for cyberattacks to be prosecuted.
See Also: Risk-Based Authentication eBook: How Duo Can Reduce Risks for Hybrid Work
"Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offenses and should be punished according to law and relevant international conventions," President Xi told The Wall Street Journal in an interview published Sept. 22.
"China and the United States share common concerns on cybersecurity. We are ready to strengthen cooperation with the U.S. side on this issue," Xi added.
The president's interview was conducted in advance of his first-ever state visit to the United States, which is set to begin Sept. 22 with his arrival in Seattle. During the week, Xi is scheduled to attend the U.S.-China Internet Industry Forum - hosted by Microsoft and the Internet Society of China; meet with President Barack Obama, Vice President Joe Biden, as well as Secretary of State John Kerry and Susan E. Rice, the president's national security adviser; and deliver his first speech to the United Nations, before departing Sept. 28 from New York.
During his visit, Xi is expected to try to defuse the U.S. government's navigation-related concerns over China's construction of military facilities in the South China Sea; detail how the country will respond following the Chinese stock market's August meltdown - and disappointing economic projections; as well as address questions over the scope of China's new national security law (see China Wants Banking Backdoors).
White House Threatens Cyber-Attack Retaliation
But the White House has said that one of the chief items to be discussed during Xi's visit will be a range of cybersecurity-related concerns. President Obama warned last week that the U.S. is prepared to take stronger measures to repel - and retaliate against - Chinese cyber-attacks if they continue (see Obama Threatens Sanctions Against China If Hacks Continue).
U.S. National Security Adviser Susan E. Rice repeated those warnings in a speech at George Washington University on Sept. 21.
"In his meetings with President Xi, President Obama has repeatedly made plain that state-sponsored, cyber-enabled economic espionage must stop. This isn't a mild irritation. It is an economic and national security concern to the United States. It puts enormous strain on our bilateral relationship, and it is a critical factor in determining the future trajectory of U.S.-China ties," Rice said.
"Cyber-enabled espionage that targets personal and corporate information for the economic gain of businesses undermines our long-term economic cooperation, and it needs to stop," she added. "So, we'll continue to urge China to join us in promoting responsible norms of state behavior in cyberspace."
Rice's comments come in the wake of a leaked U.S. National Security Agency report from 2014, which linked to China 700 cyberattacks launched against U.S. targets over a five-year period (see Sea-to-Sea: China Hacks in U.S.).
More recently, U.S. government officials have suggested that Chinese espionage operators are responsible for a number of other U.S. mega-breaches, including attacks against health insurer Anthem, which exposed 79 million records, as well as the U.S. Office of Personnel Management breach, which resulted in the theft of more than 21.5 million current and former government employees and contractors' sensitive background records, plus 1.1 million fingerprints. Among the cleanup costs associated with the OPM breach, the U.S. government has budgeted $133 million to provide identity theft monitoring services for victims (see OPM ID Theft Monitoring: Waste of Money?).
Sanctions: Empty Threat?
Despite the threat of sanctions, however, there is no evidence that such efforts would force a change in Chinese behavior, says cyber espionage expert Justin Harvey, who's the chief security officer at breach-defense firm Fidelis CyberSecurity, in a blog post (see Cyber Lexicon: U.S., China Speak Different Languages).
Indeed, research that's been conducted into U.S. sanctions from 1990 to 2000 found that they were successful just 57 percent of the time, and most often when attempting to force modest changes, Harvey says. "If the proposed sanctions against China are only designed to affect 'modest policy changes,' we may have a shot. ... But if it's classified as 'disruption of military adventures,' we are in trouble. Sanctions of that type haven't been successful since the 1950s and 60s."