The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?

from Lawfare

The Biden administration formally accused the Chinese government this week of carrying out the hacks of the Microsoft Exchange email server software, the details of which came to light in early March. In a joint statement with the European Union, NATO and several other U.S. allies, the White House placed blame for the hacks squarely on the shoulders of the contractors of China’s civilian intelligence agency, the Ministry of State Security (MSS), and accused the Chinese government of supporting “irresponsible and destabilizing behavior in cyberspace.” In conjunction with the White House’s statement, the Justice Department on July 19 unsealed criminal charges against four hackers working with the MSS, albeit for unrelated cyber intrusions. 

In the still-nascent history of the United States’ responses to major cyber incidents, attributing the Exchange hacks to the People’s Republic of China (PRC) is another step in the right direction. However, the White House should take the additional step of imposing material costs on the parties charged with these reckless actions, both to deter further malicious activity and to bolster the progress the administration has made in delineating clear strategic norms to guide the U.S.’s responses to cyber incidents.

More here.

Posted in Technology and tagged , , , , .


  1. I do think that the white house responding to the Chinese hacks is indeed a good thing, but a bit overdue. These attacks have been coming in from the Chinese and the Russians (and some less powerful adversaries as well) and it is time that we take a stronger stand. What is becoming more and more concerning though is that our allies becoming more and more dependent on the Chinese rather than us economically. China is also practically entirely dependent on Americas consumer economy, economically, which would make American action stronger right now. With these concerns, I think it is crucial that we start to economically sanction China so that they understand that American cyber security of American companies, institutions, and citizens is a top priority before we lose the power to do so. I do believe that at the rate of change that the global power balance is moving at, Its only a matter of decades before china is the only global superpower. Chinese banks have bought a ton of stocks in many different US companies, and I personally believe that the Chinese in 20 years will control all aspects of American life. Now one might possibly argue that the United States might have tried to take on a similar role from the the fall of Nazi Germany, all the way until today. But one significant difference I would point out to anyone trying to explain how China’s effort’s to amass dominance to America’s years ago, is that China and the USA have a significantly different moral compass. When you take into account China’s complete disdain for their OWN citizens personal freedoms, and the genocide they are committing to Uyghur Muslims, which is WILDLY UNDERREPORTED by our media I might add (probably because a large part of our media is economically tied to, if not bought out by China, which further proves my point); the idea of China being the global dominant nation becomes very frightening very fast. I hope that our government and this administration makes moves very fast to start defending its cyber security, which in new era of a technological revolution that were living in, is probably the most crucial aspect to our infrastructure.

  2. The Biden administration came out and accused China of a cyberattack against the United States. This was a step in the right direction in calling out China for the hacks against the email software of Microsoft Exchange. Also, this is something that is completely overdue. China and other countries have been taking advantage of the United States for too long using Cyber attacks against this country. With evidence against the People’s Republic of China, I believe they should be penalized of some sort whether its imposing sanctions or opposing their material costs which was mentioned in the article.

  3. The article calls for the Biden administration to impose consequences on the MSS (Ministry of State Security), China’s civilian intelligence agency, that fall in line with other consequences and sanctions they push on other geopolitical adversaries such as Russia, Iran, and North Korea. The article says the U.S. should impose economic sanctions on both the MSS contractors and the private and state-owned companies that have benefited financially over the years from the MSS’s malicious activities such as the theft of intellectual property because it would send a strong signal that the U.S. will not tolerate these reckless intrusions. It would also allow President Biden to overcome the strategic shortcomings of past administrations which repeatedly declined to impose any meaningful costs on Chinese cyber threat actors. For example, the White House took swift action against Russia for their SolarWinds attack, which was less damaging and reckless than the Exchange hacks by the MSS, so the United States should apply a level of energy and consequences to that situation relative to its impact compared to the SolarWinds attacks.

    The article mainly focuses on how historically, the U.S. hasn’t imposed the same sanctions and consequences on China as they have with other countries. The foreign policy the United States employs when dealing with other nations and their cyber-attacks should be somewhat equal and certain countries like China shouldn’t repeatedly get away with what they do. There is a need to create lasting and effective international norms in cyberspace and this can only be done if you enforce consequences when lines are crossed. The U.S. would look strategically inconsistent if they continue to not impose penalties on China and the PRC (People’s Republic of China). One good thing the Biden administration had done is that the U.S. has built up somewhat of a coalition to publicly condemn China’s cyber activity. Even though most of the U.S.’s allies have more extensive trade relationships with China than they do with the U.S., so most of these allies are hesitant to truly take public action against China that may trigger a reaction. Smaller nations may face dangers when trying to confront a way larger country such as China. The U.S. should take the step to impose material costs on the parties who were charged with these reckless actions to deter future malicious activity and to set strategic norms for dealing with situations like these.

    As a country, we cannot allow China and other countries to get away with cyber-attacks because if important information were to get into the wrong hands, certain societal structures could crumble and a country like China could capitalize and bring other countries to their knees. We already saw earlier this year what happened with the gas pipeline and how many Americans were impacted by that getting hacked. Gas prices skyrocketed and people even started putting gas in plastic bags (possibly as a joke?). If a major part of everyday life as we know it can be affected like that by cyber hacking, there need to be consequences for every nation that get caught, because there needs to be a deterrent. This starts with America treating China with the same consequences and sanctions they do to other countries.

  4. Tensions between the United States and China have long been a major topic of global diplomatic discussion. Since the beginning of the pandemic tensions between the two superpowers have escalated significantly. In essence the tensions between the two nations boils down to a war of intelligence, always being a step ahead of the other, a battle of supremacy between Socialism and Capitalism. The article I read for one of this weeks blog responses is entitled “The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is it Enough?” which gives insight into an instance of Chinese attacks on United States intelligence. Dating back to March of 2021, The Biden administration accused the Chinese of various attacks on Microsoft Exchange email servers. In conjunction with the European Union, NATO, and several other United States allies several accusations have been placed on contractors of the Chinese civilian intelligence agency with the support of the Chinese Government in the case of this attack.
    The formal accusation was of “irresponsible and destabilizing behavior in cyberspace” (Alperovitch, Ward), it is clear that the Chinese government had the intentions of gathering info on prestigious U.S. citizens as well as keeping tabs on U.S. federal government data. The article rather than discussing the impacts the attacks had on U.S. intelligence it digs deep into how the Biden administration handled the incident and what should be done to prevent further attacks and get justice for said attacks. The main point of the article is to drive the idea that the White House / Biden administration must take further steps to impose consequences against the party that committed said attacks. A prominent quote I found within the article gives an example “However, the White House should take the additional step of imposing material costs on the parties charged with these reckless actions, both to deter further malicious activity and to bolster the progress the administration has made in delineating clear strategic norms to guide the U.S.’s responses to cyber incidents.” (Alperovitch, Ward). The Biden administration claims that imposing costs, consequences, and further sanctions on China is a big risk that would overall have more detrimental effects than do good.
    The article claims “That said, publicly “naming and shaming” threat actors in response to state-sponsored or state-tolerated cyber intrusions is one thing; imposing costs and consequences on those actors is very much another. Notwithstanding the real merits of the announcement, the failure to impose sanctions, a continuation of the U.S.’s ineffective past policy toward China, is a major strategic oversight that the Biden administration has an opportunity to correct—and it cannot do so soon enough.” (Alperovitch, Ward). Overall determining weather, the White House made the right decision in not furthering consequences is up to the individuals personal beliefs. I believe that the White House had rational reasoning in not furthering consequence, however I believe something must be done in order to establish a sense of diplomacy.

Leave a Reply

Your email address will not be published. Required fields are marked *