Indicting Chinese Hackers: Why Bother?

In 2015, China’s President, Xi Jinping, entered into an agreement with U.S. President Barack Obama whereby China agreed to refrain from hacking the United States and American based corporations. The agreement sparked a new wave in what seemed to be an increase in Chinese cyber intrusions. However, despite the short-term effects of that deal, Chinese hackers have continued to hack American based corporations. As such, many Americans have begun to wonder what steps our government is taking in order to prevent these attacks from occurring in the future.

The National Public Radio (NPR) recently reported that the U.S. Government is responding to these attacks by simply issuing more indictments. The organization reported that over the past few years, “the Justice Department has unveiled one China-related hacking indictment after another, including cases against at least a dozen individuals and companies last year alone”. In the eyes of many, this strategy is woefully insufficient, whereas in the eyes of some, this strategy is brilliant.

…[the] policy is ineffective because these defendants will likely never see the inside of a courtroom.

Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, argued that merely issuing indictments to Chinese suspects still living in China is an utter waste of time. Segal argues that such a policy is ineffective because these defendants will likely never see the inside of a courtroom. Another opponent argues that not only do the indictments fail to deter Chinese hackers, but they send a signal of weakness.

Conversely, proponents of these indictments argue that they serve a brilliant purpose. Proponents first argue that the Chinese government really hates the indictments, and as such, the Chinese government will do whatever is necessary to end these intrusions. Proponents also argue that these indictment help reveal crucial information to the public. These proponents argue that by indicting Chinese hackers, the government essentially puts American based corporations on notice of these intrusions and their frequency. Proponents argue that this information is useful since a number of these American based corporations conduct business in or with China. The idea is that once corporate executives realize they are being targeted by Chinese hackers, they will withdraw their business from Chinese markets. Thus, Proponents argue that issuing indictments that otherwise have no real impact, can indirectly hurt the Chinese economy and thereby deter Chinese cyber intrusion overall.

Although these proponents have made convincing arguments, some opponents remain unconvinced. John Carlin, who led the Justice Department’s National Security Division, acknowledge the utility in informing executives of these attacks but remarked that mere dissemination of information is no solution. Carlin states, “If we’re going to change this behavior, it has to be part of a larger strategy of raising the cost and includes all of the instruments of U.S. power, including the power to sanction under the Treasury Department.” As of date, the treasury department has refused to use that power over its industrial cyber-espionage.

Given the support behind the indictments, we should expect to see more of them issued with the hope that it pays off in the future. The question remains, however, will it actually pay off in the future.

Savian Gray-Sommerville, 8 February 2019