ASCF REPORT, 11.2.20

An important and likely lasting side-effect of the COVID19 crisis is how it has awakened the American people to the true nature of the People’s Republic of China. America and the world now know that PRC officials lied about human-to-human transmission; allowed thousands of people to leave the epicenter in Wuhan during the pandemic for destinations around the world; ordered scientists not to share findings about coronavirus-genome sequencing; and carried out a premeditated plan to hoard 2.5 billion pieces of medical protective equipment as the virus swept the globe. Not surprisingly, 73 percent of Americans blame Beijing for COVID19 deaths; 71 percent distrust Chinese strongman Xi Jinping. If Xi’s regime can be so callous and calculating when it comes to life and death, the American people seem to have concluded, it will have no qualms exploiting other vulnerabilities. Indeed, Xi and his henchmen are doing exactly that in the realm of intellectual property (IP).

Hack and Harvest
“Although piracy and counterfeiting remain issues in China,” Stanford University’s Paul Goldstein explains, “newer forms of siphoning off foreign IP value are theft—often cybertheft—of extraordinarily valuable trade secrets and know-how.”

How valuable? The PRC’s harvesting of U.S. IP costs U.S. firms as much as $600 billion annually, according to the Office of the U.S. Trade Representative. That explains why Gen. Keith Alexander, former head of CYBERCOM, calls China’s cyber-siege of the United States “the largest transfer of wealth in history.” 

Sometimes, Chinese firms acquire or steal IP through joint ventures with American firms that are either woefully naïve or willfully oblivious about the consequences of their PRC partnerships. The hard but undeniable truth is that any deal with Chinese firms ultimately involves the Chinese government—and any deal with the Chinese government ultimately involves the Chinese military. “Engaging in projects where intellectual property is shared with the Chinese,” as Gen. James Dunford explained during his years as chairman of the Joint Chiefs of Staff, “is synonymous with sharing it with the Chinese military.”

Sometimes, as national-security analyst Terry Thompson details, Chinese hackers, researchers and even students steal information from target institutions in the U.S. and, in effect, launder the information through China’s university system. “The universities then apply for Chinese patents on the illicitly acquired material. Once the patents are obtained, they are then distributed to several Chinese companies.” China’s military and state-backed firms then use that “patented” material and pilfered information—advanced medical technologies, proprietary data on energy development, schematics for warplanes and munitions, cutting-edge pharmaceuticals and vaccines—as a shortcut to developing and producing their own variants of these inventions cheaply and quickly.

What Goldstein said about Beijing’s exploitation of cyberspace to steal the fruits of American ingenuity bears repeating and illustrating:

The FBI reports that the PRC has attempted hack-and-steal operations targeting proprietary COVID19 vaccine research of U.S. biopharmaceutical firms.

According to a study conducted for the U.S.-China Economic and Security Review Commission, China’s use of “computer network exploitation activities to support espionage has opened rich veins of previously inaccessible information that can be mined both in support of national-security concerns and, more significantly, for national economic development.” Beijing, for instance, used cyberoperations to infiltrate subcontracting firms and systems related to the F-35 and C-17 programs; exploited cyberspace to gain “full functional control over networks at the Jet Propulsion Laboratory”; launched “spearphishing” attacks against Westinghouse, Alcoa, Allegheny Technologies, U.S. Steel, the United Steelworkers Union and SolarWorld; and penetrated the Office of Personnel Management’s network, compromising the personal and financial data of 21.5 million Americans.

In addition, information-security firm Mandiant has detailed how a division of the PLA has attacked U.S. government networks; penetrated computer systems at U.S. defense firms, the Pentagon and NASA; and stolen “hundreds of terabytes of data from 141 companies.” An arm of the PLA has been “chartered to compromise…and steal our intellectual property.”

According to a 2019 CNBC analysis, one-fifth of the largest companies in North America say Chinese entities “have stolen their intellectual property within the last year.”

Goldstein reports that “American IP owners have in recent years enjoyed increased success in enforcing their rights in Chinese courts.”

But trusting a lawless regime to enforce the rule of law and to punish state-backed businesses for doing exactly what the regime wants them to do is very much like trusting the fox to guard the henhouse.

A better solution is to defend our home turf and close off access points for PRC IP theft via hacking.

Regarding the former, the Justice Department recently swept up Chinese nationals for IP theft at dozens of U.S. companies and colleges.

As to the latter, consider the emerging 5G alliance. Given that the Chinese telecommunications firm Huawei is a leader in 5G technology (and also happens to have ties to the Chinese government), concerns about Beijing using Huawei as a doorway for more IP theft are real. Indeed, this is why Washington has pushed so hard for allies in Britain, Europe and Asia to block Huawei from building their 5G networks.

As an alternative, the U.S. has launched the 5G Clean Path initiative—what the State Department describes as “an end-to-end communication path that does not use any 5G transmission control, computing or storage equipment from an untrusted vendor.”

A clean-tech partnership comprised of U.S. firms Dell, Microsoft and AT&T, European firms Nokia and Ericsson, and Japanese firms NEC and Fujitsu is taking shape. India is leaning toward blocking Huawei from involvement in the country’s 5G network. The Economist reports concerns among German lawmakers over Huawei. President Emmanuel Macron of France calls the 5G buildout “a sovereign matter.” After eliminating Huawei from Britain’s 5G buildout, Prime Minister Boris Johnson is now rallying the D10—an informal partnership of 10 democracies enfolding the Group of Seven industrialized democracies plus Australia, South Korea and India—to pool their technological resources and build an uncompromised 5G network. NATO Secretary General Jens Stoltenberg says the alliance is committed to “ensuring the security of our 5G infrastructure.” He adds, “We need to make sure that these systems are reliable…that we do everything we can to prevent espionage” and “that they are available and functioning in times of crisis.”

More can be done. President Trump warned in his 2017 National Security Strategy that “will no longer turn a blind eye to violations, cheating or economic aggression” by “competitors such as China” that “steal U.S. intellectual property,” and he vowed to “defend our national security innovation base against competitors.”

Toward that end, perhaps it’s time for America’s cyber-soldiers to be unfettered: They could implant bugs or backdoors in the IP China is stealing from U.S. defense contractors, and then activate those digital timebombs to yield defective military hardware for the PLA; create doorways in the Great Firewall of China, thus allowing Xi’s subjects to share information and ideas; use cyberweapons to cut off the illegal islands in the South China Sea from command-and-control in Beijing; or disable network pathways used by Chinese nationals in the U.S. to deliver what they have harvested in their hack-and-steal operations.

On a level playing field, the people and businesses that comprise America’s free enterprise system can out-compete, out-innovate, out-design, out-create, out-build and out-engineer Xi’s subjects and state-owned enterprises. But if the Beijing behemoth is allowed to continue to tilt the playing field by harvesting America’s IP, America’s free enterprise system will be left in a no-win situation.