Charging of PLA officers part of broader US cyber-strategy to target China
How a policy change instigated by Washington two years ago led to five People's Liberation Army officers being charged with spying this week
Two years ago, a senior official from the US State Department and one from the Pentagon held an extraordinary four-hour meeting with their counterparts in Beijing.
For the first time, the US government confronted the Chinese government with proof that American companies were being hacked by the People's Liberation Army to benefit Chinese firms. The officials presented extensive case studies of three companies in defence and other industries whose computers had been penetrated by the PLA .
The reaction? "They were shell-shocked," said one former official briefed on the meeting. A second former official said: "They said something like, 'This is outrageous!' You're here and you accuse us of such a thing? We don't do this.'"
There was a similar response Monday after Attorney General Eric Holder Jnr announced the indictments of five PLA members on charges of hacking to benefit Chinese industry.
Indictments alone are not going to solve the problem
The Justice Department's decision to charge Chinese officers was approved at high levels of government and was undertaken, officials say, because talks had brought little progress.
Both diplomacy and criminal prosecution are part of a broader effort by the Obama administration to hold China accountable for what officials say is a growing campaign of commercial cyberspying. "We're talking about a major change in administration strategy and policy," said a third former official.
The approach dates back to early 2012. At a White House meeting, "the message was sent from the president himself", one senior US official said. "This was something that was very important, and he wanted options to push back on the theft of intellectual property by the Chinese."
The result was a series of measures taken not only by Justice and State, but also by the departments of Defence and Homeland Security. The Pentagon, for instance, began last year to conduct defensive cyber-operations outside its networks to deter Chinese hackers. A decision was made to confront the Chinese in public and private about their activities. Whether that strategy will succeed is unclear. China on Monday pulled out of cybertalks scheduled for July.
Commentators, who point out that Beijing will never hand over the accused hackers, are sceptical the indictments will bring change. Justice Department officials are unfazed. They say the charges are the first of what will be "a new normal".
On Wednesday, Assistant Attorney General John Carlin said criminal charges can justify economic sanctions. They can facilitate diplomacy as officials lay out evidence of cybertheft, and they can lead other governments to take action, he said.
"In the end, indictments alone are not going to solve the problem," said James Steinberg, a former deputy secretary of state. "The path forward," said Steinberg, should be a cooperative way to solve the problem "rather than tit for tat".
To understand why the charges were brought, it helps to go back to the aftermath of the meeting in Beijing two years ago.
China's blunt denial - seen by the US as a wilful refusal to face facts - led to an administration decision to raise the cybersecurity issue at every high-level meeting with the Chinese government, officials said. That set the stage for what was to be a frank meeting between Barack Obama and President Xi Jinping in California in June.
But two days before the meeting, the first of a series of disclosures about National Security Agency surveillance, based on leaks by former agency contractor Edward Snowden, appeared on website.
The revelations focused attention on NSA hacking of Chinese companies and other entities. The disclosures "made the foreign policy aspect of talking about cyber and cyber operations much more difficult", a senior US defence official said.
"Because when we complain about military organisations hacking into our private sector companies, they would say, 'Well, the US is actually the king of all hacking. So who are you to talk to us about illegal hacking?'"
