And a bill pending in Congress, with bipartisan support, would improve the legal leverage companies have regarding their trade secrets. It would allow a company to bring a civil action against a perpetrator in federal court, and also provide for “ex parte” seizure of trade secrets before they can be disseminated.
“It lets you preserve the evidence before they know they’ve been sued,” Halligan said. “Otherwise, they can just press a key on their computer and send it to another part of the world.”
But Halligan said American companies cannot rely on government for protection, and need to do a much better job themselves of securing their assets.
One problem with relying on government is political – China is perceived as such a major market for U.S. corporations that neither government nor private-sector officials want to jeopardize that relationship. While U.S. officials issued "stern admonitions" to China about economic espionage in advance of the U.S.-China Strategic and Economic Dialogue in June (annual Cabinet-level talks on strategic and economic issues), the Heritage Foundation’s Cheng said that reporting on the talks indicated that, “more time was spent discussing global warming than cyber security concerns.”
Elizabeth Bancroft, executive director of AFIO, said in a discussion with a number of her colleagues at the organization that the consensus was the U.S. should not be fearful of getting tough with China on economic espionage.
“China's espionage is impacting, or could impact, its role in this partnership, and they may well lose more than they gain,” she said. “All of this is a bit of a poker game, and that's what statecraft is about.”
But she added that her colleagues agree that, “right now we do little, and it has left China convinced, in that case, that brazen thefts are a low risk, high payoff gambit for gaining economic advantage.”
Another major problem is that the reach of U.S. law enforcement does not extend into China. Security vendor Mandiant (now a part of FireEye) issued a report in 2013 on a military hacking unit in China that it called APT1, also known as Unit 61398 of the People’s Liberation Army.
That unit allegedly hacked into the networks of American companies including U.S. Steel, Alcoa, Allegheny Technologies (ATI) and Westinghouse, plus United Steelworkers, the biggest industrial labor union in North America. Five of its members are now on the FBI’s Most Wanted list, but there is essentially no chance that any of them will ever be arrested, since China and the U.S. do not have extradition agreements.
But the security mindset of American companies also leaves them vulnerable. John Quinn, a former Far East specialist with the CIA, notes that Chinese culture and thinking goes back thousands of years, while the U.S. is less than 300 years old. “It is worthwhile to remember that the Chinese have centuries of espionage experience dating back to Sun Tzu and ‘The Art of War’, he said.
Sign up for CIO Asia eNewsletters.