U.S. to China: Please stop hacking our companies, if you don't mind

National Security Advisor calls out China to stop cyber attacks on U.S. businesses -- but in less than confrontational terms

The U.S. government has at long last called out the Chinese government for tolerating, if not outright supporting, cyber attacks against American businesses. In a speech yesterday, President Barack Obama's National Security Advisor Tom Donilon called on China to acknowledge that cyber crime poses a threat to international trade; to investigate and put a stop to cyber crime emanating from China; and to work with the United States to "establish acceptable norms of behavior in cyberspace."

"Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale," Donilon said in a speech presented to the Asia Society in New York. "The international community cannot afford to tolerate such activity from any country."

Donilon's speech comes on the heels of a report released by security company Mandiant that laid out evidence of a cyber espionage outfit dubbed APT1, which has allegedly targeted hundreds of companies with sophisticated APTs (advanced persistent threats), is actually a branch of the Chinese military called PLA (People's Liberation Army) Unit 61398. Mandiant's report wasn't the first instance of observers accusing the Chinese government of supporting cyber espionage efforts to steal sensitive and valuable information; it was, however, one of the most damning.

Donilon told attendees that "the United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private sector property." He then laid out three steps the feds want for China to take to curb "cyber-enabled theft":

First, we need a recognition of the urgency and scope of this problem and the risk it poses -- to international trade, to the reputation of Chinese industry, and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.

Organizations fearful of falling victim to a cyber attack out of China may be heartened by the fact that the Obama administration has publically called out this mammoth elephant in the room. However, those organizations would likely be well served to continue (or to start) protecting their networks and their data against APTs and other forms of cyber attacks, rather than waiting for the American government to magically devise a way to make the Internet safe or to even devise meaningful, enforceable laws and regulations to prevent cyber theft across international lines.

Those feats are challenging enough from a purely technological level, given the insecure design of the Internet. That's one reason that InfoWorld security guru Roger A. Grimes has proposed time and again a plan for how the international community could fix the Internet. Compounding the challenge here is the fact that the United States has become increasingly dependent on China as an economic partner, in part as a provider of inexpensive labor and goods. The United States wants to remain in China's good graces, and that appears to entail employing the relatively nonconfrontational language we heard from Donilon.

This story, "U.S. to China: Please stop hacking our companies, if you don't mind," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2013 IDG Communications, Inc.