Washington needs to do a better job helping American companies protect against state-sponsored cyberattacks as they find themselves increasingly caught in the crossfire of US-China tech competition, several experts said on June 29.
The US government should strengthen safeguards, improve public-private cooperation and bolster regulations and cybersecurity strategy, panellists said at an event at the Centre for the National Interest, a Washington-based think tank.
A state-sponsored attack “really is the responsibility of the federal government. And that’s where we have to have an honest conversation in terms of cyberdefences, of who’s responsible for what, how are we going to divide up the responsibilities,” said Frances Townsend, a counterterrorism assistant to former US president George W Bush and now chief compliance officer with gaming company Activision Blizzard. “There hasn’t been that conversation.”
Cyberattacks have been a point of tension between the US and its allies and Beijing, as the former has accused China of carrying out a global cyberespionage campaign to steal intellectual property.
China denies such behaviour.
Last July, the US, Britain, the EU and Nato accused China of sponsoring a cyberattack that allowed outsiders to access Microsoft Exchange’s email and calendar service, a hack that affected at least 30,000 customers.
According to a list of cyberattacks compiled by the Centre for Strategic and International Studies, a think tank in Washington, the most recent Chinese state-sponsored hack was discovered in May, when it was determined that intellectual property assets from US and European companies were being stolen – largely undetected – since 2019.
“The government has got to come to grips with [it],” Townsend said. “If you want to incentivise innovation and investment like that, you must do more about the theft of intellectual property.”
“I think there also should be a national insurance fund that backstops the private sector a state-sponsored attack,” she added.
Lawmakers are in the process of reconciling the America Competes Act in the House of Representatives and the US Innovation and Competition Act in the Senate – both of which would include measures to defend against cyberattacks – into one version before it can be sent to President Joe Biden for his signature.
Panellists also said they were worried that growing domestic calls to regulate or break up Facebook, Google, YouTube and other platforms – over concerns involving freedom of speech, disinformation and data privacy – could undercut their competitiveness as the tech rivalry with Beijing intensifies.
“This will create a dynamic where these companies can’t be the national champions,” said Samm Sacks, a fellow at Yale Law School’s Paul Tsai China Centre. “We need them to compete with China.”
While Sacks and Townsend both noted that China has increased its oversight of tech companies by tightening regulations, they worry about the lack of discussion on US national security implications when Congress looks at potential antitrust bills aimed at dominant tech platforms.
“What we have to be careful of is unintended self-inflicted wounds in terms of innovation,” Townsend said.
Speaking of possible future antitrust bills, she added: “In the areas where these bills have an anticompetitive effect geopolitically, such as in things like (artificial intelligence), quantum computing, the 5G to 6G, micro electronics – all of these areas will be impacted in terms of the competitiveness of US tech companies.”
“I do think there needs to be some regulation. I’m not saying there needs to be none. But they’ve not held a single hearing on the national security implications of any of these (potential) bills, not one.” – South China Morning Post