Security experts agree that the U.S. government should take stronger action against Chinese cyberattacks, but exactly what those measures should be varies widely.
The issue of cyberespionage on the part of China made headlines once again on Sunday, with The New York Times reporting that a cyberunit of China's People's Liberation Army resumed stealing data from U.S. companies and government agencies after a three-month hiatus.
Called Unit 61398, the group of hackers headquartered on the edges of Shanghai has stolen product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information, The Times reports.
The group ceased operation for three months following a previous expose, but has returned at a level between 60% and 70% of its previous operation.
President Barack Obama is scheduled to receive on Wednesday recommendations from a private task force on actions the administration and Congress can take to battle China's apparent unwillingness to curtail its cyberespionage campaign. Obama's former director of national intelligence, Dennis C. Blair, and his former ambassador to China, Jon M. Huntsman Jr., are leading the task force, The Times said.
On Monday, there was little consensus among experts on the options available to the administration and Congress. Richard Bejtlich, chief security officer for Mandiant, a security firm monitoring the return of Unit 61398, favored economic sanctions against China, saying the government had to do "something to let the Chinese know we're serious about this."
"The fact that we saw that one unit take a break and then come back shows that no amount of talk or naming and shaming appears to really make a difference at the strategic level," Bejtlich said.
[Bill Brenner in Salted Hash: Attacks from China -- A survival guide]
Mandiant tracks about two-dozen groups it has traced to either China or Eastern Europe. During Unit 61398's break, none of the other Chinese groups curtailed activity, Bejtlich said. Now that Unit 61398 is back, it is attacking the same industries, and in some cases, the same companies.
While sanctions would seem like a reasonable response, many experts say they would likely lead to retaliatory economic actions by China. Given how the two country's economies are so intertwined, such measures would weaken both sides.
"Outside of pursuing trade sanctions on a domestic and international front -- neither of which are unlikely to reduce espionage in the near term -- I think the White House has very little leverage with China," said Jacob Olcott, a cybersecurity principal at consulting firm Good Harbor Security Risk Management. "Public shaming likely won't work because theft is a generally accepted business practice there."
Olcott believes that because the U.S. government has very few policy options, it has chosen to focus on bolstering corporate cybersecurity through executive orders and pending legislation mandating information sharing between private industry and government agencies. Such action would help battle Chinese attacks, others say.
"If we come to the conclusion that we can have a two-way exchange of threat information that would definitely help," said Torsten George, vice president of marketing and products at risk management company Agiliance.
Another option favored by Bejtlich would be to name the people leading the attacks from China. Pressure against these individuals could be raised through visa restrictions, preventing them from traveling to the U.S.
He suggested legislation similar to the 2012 Magnitsky Act that gave the president the authority to bar individuals from the U.S. for human rights violations.
"That sort of action is a little bit more visible and has more tangible consequences," Bejtlich said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.