Yesterday we detailed how the U.S. doesn't have any good options in the face of persistent economic espionage by Chinese military hackers, and several readers asked: Why not just hack them back?
We asked several cyber security experts and received two questions back: Why would we want to? and Who says we aren't?
The U.S. wouldn't really benefit from stealing corporate secrets from China because Chinese companies don't have that much to offer American innovation.
"The U.S. isn't interested in China's intellectual property," Skylar Rampersaud, cyber expert at Immunity, told BI. "So us going into Chinese companies and stealing their data does not give us a big boost like it does for them to come to our companies and steal data."
Furthermore, there is a big difference between military espionage (which all major players engage in) and economic espionage, which is frowned upon in the financially-intertwined international community.
"[China is] trying to confuse economic espionage with normal espionage, and the U.S. is drawing a clear red line there," Immunity CEO Dave Aitel told BI. "Not only do we not do economic espionage, but even if we did, it wouldn't help us."
It would be counterproductive to cross that line since the strength of America's primary recourse — diplomacy— depends on it.
"We have the moral position that [economic espionage] is something that shouldn't happen,"Rampersaud, who worked for the National Security Agency, said. "It's a lot easier to have our diplomats say 'This should never happen' if we're not doing it."
But that doesn't mean the U.S. isn't hacking China — it's just that it isn't known.
"We are hacking back,"Jeff Bardin, chief intelligence strategist for cyber intelligence service Treadstone 71, told BI. "The United States has some of the most effective and efficient cyber warfare capabilities, if not the best, on the globe. The Chinese will never admit such activity for a few reasons."
Those reasons include the Chinese cultural concept of "face" i.e. "social status, dignity, honor, pride, authority, and even trustworthiness," according to Bardin. "Any disclosure of weakness or inequities in Chinese cyber defenses would lead to a significant loss of face" and disclose that their hackers are learning from cyberattacks to subsequently use it to their advantage.
Samuel Bucholtz, co-founder of the security firm Casaba, echoed the points about moral high ground and lack of Chinese intellectual capital, adding that the U.S. government (as opposed to China) "is unlikely to hack on behalf of a corporation looking for business secrets."
Casaba co-founder Jason Glassberg adding that their would be little use of making U.S. hacking of China public because once hacking methods are revealed, "it is easier to build defenses.
At the end of the day, the Mandiant report provides diplomatic leverage for America's leaders and a blueprint of Chinese hacks for its companies.
"[Mandiant has] given us so much data that we can look for this data and tell our clients not only that they are penetrated, but maybe they have been penetrated for many years and didn't know it," Aitel said. "So that allows us a very large advantage on the defending team."
That's why if there is a cyber move to be made after the revelations about economic espionage by the Chinese, it's that U.S. companies simply need to get better at protecting their intellectual capital.
"There's no other way," Aitel said. "Sometimes the best defense is a good defense."
SEE ALSO: America Is Basically Helpless Against The Chinese Hackers
Please follow Military & Defense on Twitter and Facebook.