“The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on a way forward.” — US President Barack Obama.
Every U.S. administration since President George H. W. Bush has wrestled with the persistent threat of Chinese trade secret theft. By the early 2010s, the issue escalated to a boiling point as U.S. businesses reported losing a staggering $300 billion annually to Chinese cyber-enabled intellectual property (IP) theft, with entire product lines vanishing, being replicated by Chinese competitors. Gone were US-produced solar panels, fighter jets, passenger planes, turbines, electric vehicles, Dupont’s genetically-modified seeds, Coca-Cola’s vitaminwater, and more as American companies hemorrhaged IP.
U.S. President Barack Obama’s "Triple Tap" strategy of diplomatic pressure, cyber agreement, and sanctions threats demonstrated that combining diplomatic finesse with credible threats could yield results—even against a formidable adversary like China. Indeed, the September 25, 2015 cyber detente remains a critical case study in US-China relations, demonstrating the intricate balance between confrontation and cooperation involving cyberspace.
Check out the fifth episode of To Catch a Thief: A Cyber Detente and find out about the ins and outs and backroom dealings of the cyber detente nobody saw coming.
Two Decades of Cyber Strife
For years, most companies tolerated Chinese IP theft with a wink and a nod towards profit.
The US government took a gamble, hoping that as the internet and China's economy grew, the country would adopt international norms, improve their track record on human rights, and stop hoovering up US IP. However, hack after hack proved this hope misguided.
That is until Obama’s announcement in the White House Rose Garden meeting with Xi. “We have jointly affirmed the principle that governments don’t engage in cyber espionage for commercial gain against companies,” the US president said, revealing that Xi agreed to stop hacking for commercial gain.
There had been previous efforts to rein in Chinese IP theft. In 1991, U.S. President George H. W. Bush brought Section 301 investigation against China for IP theft and copyright violations, forcing China to the negotiating table to get them to abide by rules respecting surrounding IP and copyrights.
However, there were always people in the room who argued that American businesses were making too much money in China to disrupt the status quo, so it was better to kick the can down the road.
By Spring 2013, Obama’s Intellectual Property Commission reported that China was stealing $300 billion of IP per year—roughly equal to the U.S. trade deficit with China. Just as the Obama administration was set to do something about China’s cyber espionage, the narrative took an unexpected turn. In 2013, Edward Snowden’s leak of NSA documents exposed the extent of U.S. surveillance programs. This flipped the script, putting the U.S. on the defensive for its own cyber activities.
Eventually, detente prevailed. The agreement between Obama and Xi against cyber-enabled IP theft resulted in hacks decreasing significantly, going from up to 80 per month to four or five per month. While the frequency of attacks dropped, those on health insurers, hospitality, and airlines such as Anthem and Marriott jumped, being slated as standard counter-intelligence.
The most polite hackers were gone. Gone were the clumsy calling cards. Once the deal was off, the Chinese Communist Party put hackers to use with a vengeance.
To Catch A Thief
Over the next month, Nicole Perlroth, bestselling author of This Is How They Tell Me the World Ends and former lead cybersecurity and digital espionage reporter for The New York Times, will take us on a tour of China’s sprawling hacking operations. This first of its kind, deeply reported audio documentary will unfold weekly through dozens of chilling conversations with industry and government cyber espionage experts.
To Catch a Thief charts the rise of China’s state-sponsored hackers, from their beginnings as “the most polite, mediocre hackers in cyberspace” to the “apex predator” that now haunts America’s most critical infrastructure.
The series features the experience and expertise of some of cybersecurity’s heaviest hitters: Jim Lewis, Mandiant’s Kevin Mandia, Crowdstrike founder Dmitri Alperovitch, Google’s Heather Adkins, and many more.
Check out this nine-episode series (produced by Rubrik) on your favorite podcast platform.