On Jan. 26, 2014 German public broadcast station, ARD Mediathek, aired a 30 minute interview with Edward Snowden. In this interview, Snowden accuses the United States’ National Security Agency of economic espionage. Snowden directly addresses a question posed by interviewer Hubert Siepel, and hints that more substantive revelations supporting his claim that the NSA is engaged in economic spying will follow.
In July 2013, during the 5th U.S. – China Strategic and Economic Dialogue, I sat for an interview with CCTV America’s Mike Walter about S&ED. Specifically, 2013 marked the first year that a cybersecurity working group held meetings at S&ED. Economic espionage, long viewed by the U.S. as a state sponsored action of Chinese intelligence agencies, was the topic du jour. The U.S. has previously admitted to surveillance of Chinese assets – Snowden claimed that the U.S. routinely monitored China’s Tsinghua University immediately before S&ED began. American officials, however, have always made a distinction between U.S. security focused intelligence gathering and China’s spying for economic gain. American claims of Chinese misconduct have included Intellectual Property theft, cyber attacks on U.S. businesses, and the manufacture and sale of counterfeit tech parts without punishment from Beijing.
To substantiate U.S. claims, the Government Accountable Office – a non-partisan and independent “congressional watchdog” agency that monitors how the federal government spends taxpayer dollars – worked with the U.S. Senate Armed Services Committee to release a report on counterfeit parts in the Department of Defense supply chain.
The Committee released its own report with recommendations shortly after GAO. Members of the Committee have voted to include legislation addressing economic espionage and cyber-enabled attacks in the past two instances of the National Defense Authorization Act that sets policy for DOD. Notably, the Fiscal Year 2013 bill included a provision requiring defense contractors to report to DOD when their networks containing DOD information are successfully penetrated. The Fiscal Year 2014 bill included a provision directing DOD to review current and expected manufacturing requirements for which there are no or limited domestic commercial sources; aimed at limiting the ability to counterfeit parts to make it into the supply chain.
The Department of Defense it the 2013 version of its annual report to Congress on China explicitly names China as the prime mover in a number of attacks on American government and businesses. The claims of Chinese borne cyber-attacks have not been limited to the defense sector. In 2013, security company Mandiant released a report entitled “APT1” short for Advanced Persistent Threat #1. The term advanced persistent threat is the strongest language cyber-practitioners use to describe threats in cyberspace. The Mandiant report identifies APT1 – responsible for attacks on some 140 businesses since 2006 including Microsoft – as Chinese People’s Liberation Army Unit 61398.
It is interesting that, in the wake of the Snowden revelations, Microsoft has now used the term advanced persistent threat to describe the NSA.
The U.S. has admitted to monitoring some activities in China; this topic was discussed at S&ED. However, to date, a link had not been made between U.S. Government and IP abuse of, cyber-attacks on, or the sale of counterfeit parts to Chinese businesses. In 2013, Snowden revealed that the U.S. Embassy in Beijing and consulates in Shanghai were involved in intelligence gathering. This information drove Chinese diplomats to demand an explanation from American government. Secretary of State John Kerry admitted to some overreach in U.S. spying.
Does the new claim from Snowden mean that the U.S. is a state sponsor of economic espionage, and that official government resources are used for the economic benefit of private companies? Snowden notes that the NSA may monitor anything deemed in the “national interest” of the United States. The NSA has used the PRISM, Muscular and other programs to monitor and gain info from American companies. Terrorists and other bad actors are often international players, so it follows that some foreign based businesses may be monitored. However, to date, there is no information supporting the idea that the NSA passed along any information gathered on foreign businesses to U.S. industry, or that it was acted on otherwise.
The foreshadowing – not wanting to preempt editorial decisions – in the Snowden interview means that more substantive information on this matter is soon to come. If proven true, this information would further complicate President Obama’s desire to reconnect with allies in Europe and elsewhere. It may also strengthen China’s position in advance of the next U.S. – China Strategic and Economic Dialogue.