We’ve seen compelling evidence of Chinese state-sponsored hacking here in the United States for a number of years, now. We’ve seen allegations without teeth and finger-waving from any number of politicians, but we’ve yet to see any real action against China.
Early this week, the Obama administration took the most visible and tangible action to date against this activity by indicting five Chinese PLA members. While this is still generally regarded as a pretty weak tactic, given that US courts have zero recourse against these men (provided they don’t set foot on US soil), this new move has given the United States a much clearer sense of direction on the issue of Chinese hacking simply by prompting a response from the Chinese government.
Today, the Chinese government announced that it would “vet” US tech firms doing business in China — nominally to protect Chinese clients from disruption. In effect, they’re threatening to make it much more difficult for US firms to do business in China in direct retaliation for the hacking charges. The message is pretty clear: China considers state-sponsored industrial espionage to be a natural perk offered by China to its industries, and if US companies want to do business in China, that’s the price of admission.
I’ve yet to hear any US companies actually come right out and admit that they’d be willing to put up with a little bit of spying in return for access to a $7.5 trillion market (not to mention its supply chain), but I wouldn’t be a bit surprised if lobbyists all over Washington were asking for some restraint on the part of the administration. And thus, the paradox: these same companies really want to see the government provide protection (in the interest of fairness), but perhaps not at the cost of losing that market.
Ignoring for the moment the debate about whether mega-corporations should have the ability to sway national policy at all, I think the administration (as others before) is really in a tough spot if the US is acting unilaterally. There’s encouraging evidence to suggest that all the world’s trading nations, acting together, can influence market fairness, but to-date, these hacking allegations have been far too ethereal to be formally actionable, leaving the US government and corporations to their own devices.
So, what’s a modern global mega-corp to do, assuming it’s got an interest in the Chinese market? Lobbying Washington for hard-line action against China seems clearly to be a dangerous game, but it seems pretty clear that this paradox favors efforts to improve security. Although there are few corporations that would seem to have the means to withstand dedicated hacking efforts by a global economic power like China, I think there’s an extent to which many of these firms merely have to improve to the point where other companies become much more attractive targets.
Considering the number of large-scale password breaches we’ve also seen in recent years, I can’t say that I really see a downside to this approach.