A large-scale cyberespionage operation recently linked to China's military is unlikely to change the longstanding game of spy vs. spy with the U.S., experts say.
Security company Mandiant said in a report released Tuesday that a group of cyberspies it had watched for sometime was similar in mission, capabilities and resources to a secretive group called PLA Unit 61398, which is run by China's People's Liberation Army. The evidence collected by Mandiant indicates the two groups are the same.
The discovery does not mark an escalation in Chinese cyberspying, which has been on the rise for sometime. Nor does it bring the U.S. and China any closer to cyberwar, as some have reported, experts say. That's because Chinese activities remain focused on stealing government secrets and intellectual property from private industry, including information technology, defense and aerospace, energy, transportation, communications and chemical.
The Mandiant report also showed that the group it watched, called APT1, was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, such as electrical power grids, gas lines and waterworks, The New York Times reported.
While certainly a major concern, activities involving the gathering of information remain spying and are not militarily a cyberattack, which depending on the damage could lead to cyberwar. An example of a true cyberattack would be the Stuxnet malware, reportedly designed by the U.S. and Israel. The malware destroyed centrifuges in Iran's nuclear facilities.
"It's cyberwar when you break something and it hurts bad enough that you think it's war," said Stewart Baker, a partner at Steptoe & Johnson and a former assistant secretary for policy at the Department of Homeland Security.
With cyberespionage, there is no diplomatic solution. That's because both sides spy on each other and neither would admit it. Key to any successful spy operation is to deny involvement, in the absence of direct evidence to prove otherwise.
"I'm not aware of anybody who thinks that we can, or maybe not even should, try to reach an agreement on espionage with China or anybody else," Baker said.
While there is no diplomatic solution, the U.S. can take other steps against China to create a tacit agreement on the limits of cyberspying, experts say. For example, the U.S. could use its own spy networks to feed information to Chinese dissidents to bring more political grief to the Chinese government.
"What we really have to do is punish them for theft," said Paul Rosenzweig, a former deputy assistant secretary for policy at DHS and the founder of Red Branch Law & Consulting.
The area where punishment would be most effective is in the theft of intellectual property from private industry. U.S. laws prevent the government from hacking private companies in China, but law enforcement could use those laws to prosecute Chinese companies that use stolen IP.
Sign up for Computerworld eNewsletters.