Is the cyber-threat from China overstated?
During the Cuban Missile Crisis in 1962, President Kennedy stated that the Soviet Union was the greatest threat to the free world. The Soviet’s had the weapons needed to destroy the United States and the remainder of the planet but due to the principle of Mutually Assured Destruction, launching any nuclear missiles would have also been the end of the USSR.
Just because a country is a potential threat and has the means to take action doesn’t mean that there is any self-interest or usefulness for that action. The cyber threat from China is an example of Mutually Assured Destruction in the world of online global networks. China has means to carry out major cyber-attacks but lacks any positive gains by doing so.
China is the biggest holder of US debt (8%) and our second biggest trading partners ($562 billion annually) resulting in the Chinese government being invested in strong US economy. China’s ownership of $1.2 trillion in US debt equals more than all treasury bonds owned by private US citizens meaning the Chinese may be more interested in the success of our treasury than our own citizens. Conducting a military lead cyber-attack intended to damage critical systems in the United States would not be in the best interest of the Chinese government.
Cyber-attacks that are orchestrated by Chinese government are completely different from private companies or hacker groups stealing/selling information on the open market. The Chinese government may turn a blind eye to these business practices but the Snowden documents show the US has little regard for cyber-privacy too. It is also unclear what the true cost of the cyber-theft of proprietary information and intellectual property even costs US companies. Based on the Rand Report — What Does China’s Economically-Motivated Cyber-Espionage Cost the United States?, there are a few possible scenarios where cyber-crimes actually benefit the US:
- A Chinese car company steals information from a US car company. They don’t use it to make a copy of the car but instead use little pieces of the information to improve their own car design. The improved cars have a better price-performance ratio and compete better with other foreign brands. The cost to US car companies is minimal and import taxes may result in a net-gain to the US.
- US company researches/designs a product but it is too expensive to make. Chinese company steals the info and is able to make the product with cheaper labor costs. US company has no actual loses because product never existed. US consumers win by having better selection of products. US collects taxes on sales.
- Chinese company steals the design of a US product and makes their own. In response, US company makes design change to improve product and maintain sales. Chinese company steals new design and cycle continues. While the company incurs additional design costs, the US consumer benefits because of product design improvements that wouldn’t occur without external pressure.
The RAND Report offers an estimated value of $12 billion in stolen intellectual property shifted from the US to Chinese companies from the cyber-thefts. With nearly a half-trillion dollars in annual imports/exports between the US and China, $12 billion is not a significant amount of money (page 15). The Chinese could exert financial pressure to increase the interest rate of US debt by .1% which would result in approximately $12 billion in new interest on our $12 trillion national debt.
In summary, the Chinese government doesn’t have anything to gain from mounting a major cyber-attack against the United States and while Chinese companies are benefiting from stealing proprietary information, it does not cause a crippling impact on US industry and the costs of pressuring the Chinese government could be even more damaging to the US economy.
