Chinese Cyber Espionage Against the U.S. Non-State

Allegations of Chinese cyber attacks on U.S. interests, both state and non-state are not new phenomena. Each red dot in the above map shows a successful alleged Chinese attempt between 2010 and 2014 to steal U.S. corporate and military data. Some of the U.S. victims of these attacks have been Google, Lockheed Matin, the U.S. government and the U.S. miitary. Over 600 dots are peppered across the U.S. industrial centers in the northeast and the west coast as well as other places in the country. Nearly 50 cyber attacks have occurred in California alone. Some examples of the kind of data the U.S. has lost to cyber espionage have been specificiations of hybrid cars, formulas for pharmaceutical products, data on critical U.S. infrastructure such as electrical power, telecommunications and internet backbone, and details including U.S. military and civilian air traffic controls systems.

As cyber espionage has been a persistent threat to U.S. enterprises, perhaps, looking at the problem in monetary terms could provide an easily understandable perspective on the magnitude of the matter. Studies show that cyber crime will be a $2.1 trillion dollar problem by 2019. Also, the U.S. dependence on global supply chain and business outsourcing leaves it highly vulnerable to cyber attacks. In 2014, cyber attacks, alone, have cost on average the following to U.S. companies:

• $8.6 million per company in U.S. retail;
• $20.8 million per company in U.S. financial services;
• $ 14.5 million per company in U.S. technology sector
• $12.7 million per company in U.S. communications industry

While this may already look bad enough for U.S. businesses, what could make it worse is the new Chinese cyber security law, which will be effective in June 2017. In the midst of some degrees of ambiguity in the law, the following surface as critical concerns for the U.S. enterprises operatiing in China:

• The law requires that the Chinese government investigators be given full access to companies’ data if wrong-doing is suspected;
• The law requires that business information and data on Chinese citizens be kept in domestic servers and cannot be transferred overseas without prior permission;

Some analysts judge that foreign companies being required to store data in domestic servers leave potentials for the Chinese local industries to gain competitive advantage over their foreign rivals. Although the U.S. and China have struck up a cyber security agreement that forbids theft of intellectual property and economic espionage, analysts cannot entirely dismiss the possibility that the U.S. military will continue to be an attractive target of Chinese cyber espionage.