PARIS -- The U.S. Justice Department filed charges this week against five Chinese military officers, accusing them of hacking American companies to steal secrets, including the nuclear energy company Westinghouse. In March, reports surfaced that the National Security Agency had hacked and spied on the Chinese telecom company Huawei.
Hard power hitting soft targets: This is a new characteristic of the rebooted Cold War. Except that even NATO has yet to recognize that economic warfare is just as critical as traditional military conflict.
Last year, NATO published the Tallinn Manual on the International Law Applicable to Cyber Warfare, which attempted to fit acts of cyber warfare into various provisions of international law. The authors tried to imagine every possible hacking scenario that would meet the threshold of warfare and legitimize a military response -- from lone hackers taking down critical civilian infrastructure to state actors hitting military assets.
Ironically, a threat that the 300-page manual explicitly dismissed -- spying on private companies -- is precisely the cyber threat that now poses the greatest risk to U.S.-China relations. Quoth the Tallinn Manual: "Cyber information gathering that is performed from outside territory controlled by the adverse party to the conflict is not cyber espionage but, in certain circumstances, may be punishable under the domestic criminal law of the State affected or of the neutral State from which the activity is undertaken. However, since no cyber espionage is involved, belligerent immunity would attach when appropriate."
So there you have it. NATO doesn't really consider corporate spying to be cyber espionage, let alone cyber warfare. It's viewed as nothing more than "cyber information gathering" if it's performed outside of the target nation. That's quite the loophole, one that's increasingly ripe for exploitation, given the trend of downloading of traditional military responsibilities onto private entities.
The net benefit of military privatization is greater opacity. However, the downside of such strategic invisibility is that you're invisible. If you're a mercenary in a war zone, it means that you can disappear without being considered a pair of boots on the ground for which the state is responsible. If you're a corporation being hit by the hacking forces of a foreign nation -- even if you're doing defense-related work -- then you're not actually a military asset but instead a private company that has to take a number at the local FBI office rather than enjoy the recourse under international law to which you'd be privy if you were the Pentagon.