The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?

from Lawfare

The Biden administration formally accused the Chinese government this week of carrying out the hacks of the Microsoft Exchange email server software, the details of which came to light in early March. In a joint statement with the European Union, NATO and several other U.S. allies, the White House placed blame for the hacks squarely on the shoulders of the contractors of China’s civilian intelligence agency, the Ministry of State Security (MSS), and accused the Chinese government of supporting “irresponsible and destabilizing behavior in cyberspace.” In conjunction with the White House’s statement, the Justice Department on July 19 unsealed criminal charges against four hackers working with the MSS, albeit for unrelated cyber intrusions. 

In the still-nascent history of the United States’ responses to major cyber incidents, attributing the Exchange hacks to the People’s Republic of China (PRC) is another step in the right direction. However, the White House should take the additional step of imposing material costs on the parties charged with these reckless actions, both to deter further malicious activity and to bolster the progress the administration has made in delineating clear strategic norms to guide the U.S.’s responses to cyber incidents.

More here.

Posted in Technology and tagged , , , , .


  1. I do think that the white house responding to the Chinese hacks is indeed a good thing, but a bit overdue. These attacks have been coming in from the Chinese and the Russians (and some less powerful adversaries as well) and it is time that we take a stronger stand. What is becoming more and more concerning though is that our allies becoming more and more dependent on the Chinese rather than us economically. China is also practically entirely dependent on Americas consumer economy, economically, which would make American action stronger right now. With these concerns, I think it is crucial that we start to economically sanction China so that they understand that American cyber security of American companies, institutions, and citizens is a top priority before we lose the power to do so. I do believe that at the rate of change that the global power balance is moving at, Its only a matter of decades before china is the only global superpower. Chinese banks have bought a ton of stocks in many different US companies, and I personally believe that the Chinese in 20 years will control all aspects of American life. Now one might possibly argue that the United States might have tried to take on a similar role from the the fall of Nazi Germany, all the way until today. But one significant difference I would point out to anyone trying to explain how China’s effort’s to amass dominance to America’s years ago, is that China and the USA have a significantly different moral compass. When you take into account China’s complete disdain for their OWN citizens personal freedoms, and the genocide they are committing to Uyghur Muslims, which is WILDLY UNDERREPORTED by our media I might add (probably because a large part of our media is economically tied to, if not bought out by China, which further proves my point); the idea of China being the global dominant nation becomes very frightening very fast. I hope that our government and this administration makes moves very fast to start defending its cyber security, which in new era of a technological revolution that were living in, is probably the most crucial aspect to our infrastructure.

  2. The Biden administration came out and accused China of a cyberattack against the United States. This was a step in the right direction in calling out China for the hacks against the email software of Microsoft Exchange. Also, this is something that is completely overdue. China and other countries have been taking advantage of the United States for too long using Cyber attacks against this country. With evidence against the People’s Republic of China, I believe they should be penalized of some sort whether its imposing sanctions or opposing their material costs which was mentioned in the article.

  3. The article calls for the Biden administration to impose consequences on the MSS (Ministry of State Security), China’s civilian intelligence agency, that fall in line with other consequences and sanctions they push on other geopolitical adversaries such as Russia, Iran, and North Korea. The article says the U.S. should impose economic sanctions on both the MSS contractors and the private and state-owned companies that have benefited financially over the years from the MSS’s malicious activities such as the theft of intellectual property because it would send a strong signal that the U.S. will not tolerate these reckless intrusions. It would also allow President Biden to overcome the strategic shortcomings of past administrations which repeatedly declined to impose any meaningful costs on Chinese cyber threat actors. For example, the White House took swift action against Russia for their SolarWinds attack, which was less damaging and reckless than the Exchange hacks by the MSS, so the United States should apply a level of energy and consequences to that situation relative to its impact compared to the SolarWinds attacks.

    The article mainly focuses on how historically, the U.S. hasn’t imposed the same sanctions and consequences on China as they have with other countries. The foreign policy the United States employs when dealing with other nations and their cyber-attacks should be somewhat equal and certain countries like China shouldn’t repeatedly get away with what they do. There is a need to create lasting and effective international norms in cyberspace and this can only be done if you enforce consequences when lines are crossed. The U.S. would look strategically inconsistent if they continue to not impose penalties on China and the PRC (People’s Republic of China). One good thing the Biden administration had done is that the U.S. has built up somewhat of a coalition to publicly condemn China’s cyber activity. Even though most of the U.S.’s allies have more extensive trade relationships with China than they do with the U.S., so most of these allies are hesitant to truly take public action against China that may trigger a reaction. Smaller nations may face dangers when trying to confront a way larger country such as China. The U.S. should take the step to impose material costs on the parties who were charged with these reckless actions to deter future malicious activity and to set strategic norms for dealing with situations like these.

    As a country, we cannot allow China and other countries to get away with cyber-attacks because if important information were to get into the wrong hands, certain societal structures could crumble and a country like China could capitalize and bring other countries to their knees. We already saw earlier this year what happened with the gas pipeline and how many Americans were impacted by that getting hacked. Gas prices skyrocketed and people even started putting gas in plastic bags (possibly as a joke?). If a major part of everyday life as we know it can be affected like that by cyber hacking, there need to be consequences for every nation that get caught, because there needs to be a deterrent. This starts with America treating China with the same consequences and sanctions they do to other countries.

Leave a Reply

Your email address will not be published.