The United States, along with the European Union, the United Kingdom, and NATO, on Monday formally attributed a series of malicious cyberattacks to China. This includes the March cyberattack that targeted Microsoft’s Exchange Server software, carried out by a Chinese-based hacking group known as Hafnium.
This formal attribution is part of a broader condemnation of China’s nefarious cyberactivity by NATO, Japan, and member states of Five Eyes, an intelligence alliance that includes Australia, Canada, New Zealand, the U.K., and the U.S.
Recently, cybersecurity experts have primarily focused on ransomware attacks, such as recent attacks on private companies Kaseya and JBS S.A. by the cybercriminal group REvil, and on the Colonial Pipeline by the Russian hacking group DarkSide. However, China has been heavily engaged with a different cybercrime: espionage.
China has targeted government, private entities, public policy think tanks, and defense contractors for years. Some notable attacks include the breach of the U.S. Office of Personnel Management through a series of hacks between 2013 and 2015, the Equifax hack of 2017, and, recently, attempted cyberattacks of COVID-19 vaccine-maker Moderna.
As former director of the National Counterintelligence and Security Center, Bill Evanina, stated in a “60 Minutes” interview earlier this year, “Current estimates are that 80% of American adults have had all of their personally identifiable information stolen by the Communist Party of China.”
As the Biden administration has finally put in place the tenets of its cyber personnel, including recent confirmations of Jen Easterly as head of the Cybersecurity and Infrastructure Security Agency, and Chris Inglis as the nation’s first national cyber director, more needs to be done to confront China and its support of criminal networks to do its bidding.
The administration has been negotiating with Russian officials on cybersecurity with the goal of charting a pathway forward in the wake of several cyberattacks emanating from Russia on U.S. entities—including the massive SolarWinds hack that compromised the data of multiple U.S. federal departments and Fortune 500 companies last year, which resulted in the Biden administration retaliating with sanctions on Russia.
When it comes to China, though, this administration’s penalties have been found wanting. Dmitri Alperovitch of the Silverado Policy Accelerator rightly noted in The Wall Street Journal, “Failure to sanction any PRC-affiliated actors has been one of the most prolific and baffling failures of our China policy that has transcended administrations.”
Alperovitch goes on to note that the “public shaming” released this week “looks like a double standard compared with actions against Russian actors. We treat China with kid gloves.”
Monday’s release included separate grand jury indictments of four Chinese Ministry of State Security officials for a “global computer intrusion campaign targeting intellectual property and confidential business information, including infectious disease research.”
At this point, this is par for the course for Chinese bad actors, who will likely face little justice for their actions, as they remain in China. China should be receiving the same stern warnings that President Joe Biden has outlined against Russian President Vladimir Putin. Those warnings came with the threat of possible offensive cyber reprisals or more sanctions.
These are the types of threats that Biden should issue in response to the cyberattack on the Microsoft Exchange Server and the slew of economic espionage, intellectual property theft, and cyberattacks by China on the United States and our allies.
It is true that economic sanctions have had a limited impact on Russia’s decision-making when it comes to continuing malicious cyber activity. Nevertheless, such a response must be on the table when dealing with China. Together with our allies, the U.S. needs a coordinated and actionable response to increase the cost China must pay for launching a cyberattack.
There are no easy solutions to the current and future cyberthreats. Cyber warfare, espionage, and criminal activity have given our adversaries new ways to harm and exploit the U.S.—and their techniques are evolving daily. As we move further into the digital age, we need to take the kid gloves off when dealing with China.
This piece originally appeared in The Daily Signal.