Much of China’s cyber-espionage is thought to be directed at commercial targets linked to military technology. In 2011, when Chinese hackers attacked network security company RSA Security, the technology stolen was used to penetrate military-industrial targets. Shortly after, the networks of defense contracting giant Lockheed Martin, which used RSA security tokens, were penetrated by Chinese hackers. The company said no data were taken.
Companies in other sectors also have been targeted, though the reasons for the espionage are not always related to economic interests. The New York Times, the Wall Street Journal and The Washington Post recently disclosed that they believe their networks were compromised in intrusions that originated in China.
Despite those disclosures and the growing prevalence of cyber-espionage, companies remain reluctant to report incidents.
“It’s harder for companies to suggest that they haven’t been attacked,” the administration official said. “The question is, how do they respond when they are asked about it? Is it in their interest to work with other companies and with the government to alleviate some of the problem?”
A watershed moment came in January 2010, when the tech titan Google announced that its networks had been hacked and that the intrusions originated in China. The intruders made off with valuable source code and targeted the Gmail accounts of Chinese human rights activists and dissidents, the company announced.
In a new book, Google chief executive Eric Schmidt says China is the world’s “most sophisticated and prolific” hacker, adding: “It’s fair to say we’re already living in an age of state-led cyberwar, even if most of us aren’t aware of it.”
In recognition of the growing problem, the State Department has elevated the issue to be part of its strategic security dialogue with China. Within the past year, the Justice Department has set up a program to train 100 prosecutors to bring cases related to cyber-intrusions sponsored by foreign governments.
In many ways, the moves are a response to what experts have described as the government’s earlier passivity in tackling the problem.
“The problem with foreign cyber-espionage is not that it is an existential threat, but that it is invisible, and invisibility promotes inaction,” a former government official said. The National Intelligence Estimate, he said, “would help remedy that” by detailing the scope of the threat.
Some experts have said that cyber-espionage’s cost to the U.S. economy might range from 0.1 percent to 0.5 percent of gross domestic product, or $25 billion to $100 billion. Other economists, while viewing the problem as significant, have pegged the losses lower.
The White House is set to soon release a trade-secrets report, compiled by U.S. Intellectual Property Enforcement Coordinator Victoria Espinel, that highlights the need for companies to work with the government to stop the pilfering, said officials familiar with the report.
The government cannot mount a case on its own. A company needs to think it was wronged, have enough evidence that can be made public and be willing to burn bridges with the country accused of the hacking, officials said.
The White House is also expected this week to issue an executive order on cybersecurity that calls for voluntary standards for critical private-sector computer systems and for enhanced sharing of threat information by the government with companies to help secure private-sector systems against cyber-intrusions.