Hey there, time traveller!
This article was published 30/7/2014 (730 days ago), so information in it may no longer be current.
Foreign Affairs Minister John Baird, visiting Beijing this week, tried once again to discuss cyber-espionage with the Chinese authorities. There was no sign he made much progress.
In Ottawa, the federal government announced its electronic espionage agency, the Communications Security Establishment Canada (CSEC), had detected an attack on the computers of the National Research Council. The government did not say when that attack was detected. The announcement during Mr. Baird's visit seemed to be timed to focus the Chinese government's attention on the problem.
At China's embassy in Ottawa, a spokesman denied the "groundless allegation" the Chinese government was involved in any cyber-attack. China suffers such attacks, too, and firmly opposes cyber-espionage, according to the embassy.
Meanwhile in Vancouver, expatriate Chinese aviation executive Su Bin waits in prison pending an extradition hearing. The U.S. Federal Bureau of Investigation has charged him in California with directing the work of two hackers in China who were breaking into the computers of Boeing and other U.S. defence companies and then offering stolen data for sale to Chinese defence companies.
China may be maintaining plausible deniability by doing some of its cyber-espionage through agents operating in the grey zone on the edge of the public sector. The Chinese Embassy throws up its hands in horror at the suggestion China's government is hacking into Canadian computers. The FBI says, however, a company executive did some of the dirty work and then peddled the stolen information in a shadowy world somewhere on the fringes of the Chinese state-run sector.
The U.S. government, likewise, has been trying to open a conversation with China about cyber-espionage and getting nowhere. In May, the U.S. Justice Department laid espionage charges against five named officers of the New People's Army's cyber-espionage unit. The Chinese Foreign Affairs Department feigned wounded innocence and threatened retaliation against the U.S. move.
Even if Canada and the U.S. could induce China to sign an agreement in which both sides swear on stacks of Bibles they will not hack into each other's computers, cyber-spying is likely to continue unabated. The hackers of the world are constantly keeping a jump or two ahead of the computer-security departments who try to block them. The Chinese government could shut down its in-house cyber-spy agencies tomorrow and still have access to the information gleaned by freelance operators.
Prosecuting individual cyber-spies will help, on the rare occasions when they can be identified and arrested on Canadian or U.S. soil. Complaining to the Chinese authorities may eventually make some difference, even when their immediate response is unhelpful. But Canadian companies and departments with secrets to protect should not count either on law enforcement or on diplomatic action as their first line of defence.
Any data kept in a computer that is occasionally linked to a communication network is potentially available to the hackers. Organizations such as Canada's National Research Council need to weigh the convenience of keeping their data available within the organization against the damage that may be done when the hackers -- Chinese or others -- get hold of it.
China is trying to take a shortcut to industrial equality with the West by stealing industrial secrets. This has been going on for years. The incentive to keep stealing information is enormous because it takes many years for a company such as Boeing to invent and develop a new weapons system. China, impatient for progress, is unlikely to refuse the short-cut and insist on doing its own slow, patient research and development.
Canada, therefore, is within its rights to ask the Chinese authorities why their hackers keep breaking into Canadian companies and departments' computer systems. Canadians, however, are also within their rights to ask the companies and departments why they leave data lying around where the hackers can grab it.