The Obama administration has stirred plenty of controversy with its unprecedented indictments of five Chinese People’s Liberation Army hackers, attached to the infamous Unit 61398, on charges of spying on major American companies. Beijing–and plenty of other capitals–is screaming hypocrisy because of the large-scale American surveillance activities revealed by Edward Snowden.
There is, however, a crucial difference: While the U.S. intelligence community does target economic data from various countries, to help trade negotiators and for other ends, it does not, as far as is known, give any of the resulting information to American companies. Not so in China, Russia, France, or other countries where the relationship between industry and government is much tighter. By contrast, the U.S. intelligence community really does focus on national-security objectives, hard as that may be for cynical foreigners (or even some Americans) to believe.
The administration should be commended for its actions, given the inevitable pushback from Beijing. The indictments shine a spotlight on Chinese hacking, alert American companies to the danger, and may possibly lead the Chinese government to dial back its outrageous and routine theft of American industrial secrets. This action also highlights the fact that–contrary to the arch-traitor Snowden–the U.S. is hardly alone or the worst offender when it comes to electronic espionage.
What the indictment does not do is actually lead to any meaningful sanctions against the named individuals who remain in China far beyond the reach of American law. The administration must show that this is not a symbolic one-off but part of a long-term campaign against Chinese cyber-theft and cyber war (the two are closely connected) that will result in more meaningful consequences for China beyond public embarrassment. One way to proceed would be for the U.S. intelligence community to show that it has the capability to steal Chinese industrial secrets too and will do so unless China shows more respect for American intellectual property. Mutually Assured Destruction worked in the nuclear arena. Why not in cyber war?