Experts question whether the penalties on Chinese will have a significant effect Credit: Thinkstock The U.S. government is working on a sanctions package against Chinese firms and individuals for cyber-espionage activities against U.S. companies, the Washington Post reported. This move comes after months of cyber attacks on companies and government agencies that have been linked to China.The sanctions will impose costs for economic cyber spying and not government-to-government intelligence activities. As a result, the incidents the package will cover do not include the Office of Personnel Management breach from earlier this year, because that attack was deemed to be part of traditional intelligence.Instead, the sanctions are primarily in response to Chinese companies that have been accused over the past few months of breaking into American companies and stealing intellectual property, client lists, trade secrets, and other sensitive information in order to gain an economic advantage in the marketplace. “It sends a signal to Beijing that the administration is going to start fighting back on economic espionage, and it sends a signal to the private sector that we’re on your team,” an administration official told the Washington Post. “It tells China, enough is enough.” The sanctions follow the president’s Executive Order from April, which gave the U.S. Department of Treasury the authority to freeze assets and bar other financial transactions of entities engaged in destructive cyber attacks. The order targeted individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security, or economic stability. This doesn’t mean, however, that the government will abandon diplomatic channels, trade policy tools, and law enforcement actions to go after individuals and entities engaged in malicious activity.“Sanctions will be more symbolic in nature as it won’t actually deter them [Chinese] from doing what they are really good at,” said George Kurtz, president and CEO of Crowdstrike. China has consistently denied taking part in economic cyber espionage, despite mounting evidence to the contrary. The latest figures from the Federal Bureau of Investigation showed that economic espionage cases jumped 53 percent in the past year, and China accounted for a bulk of those cases. Even if the sanctions don’t stop the attacks, they represent a step in the right direction because they “force everyone to the table and have a conversation behind closed doors about cyber espionage,” Kurtz said.In the past, the U.S. government has been reluctant to be vocal about cyber espionage activities originating from China to avoid disrupting political and economic ties with the country. That has been gradually changing. In May 2014, U.S. prosecutors unsealed indictments on economic spying charges against five Chinese military personnel. The indictment alleged the five individuals breached computer systems of major American steel and other companies to profit Chinese firms.“China’s electronic espionage efforts have been ongoing for so long, I fear that any diplomatic or trade response is too little, too late,” said Bobby Kuzma, a systems engineer with Core Security. Sanctions would need to be “sufficiently painful” to be an effective deterrent. To have actual impact, the sanctions would need to block individual companies from being allowed to work with American companies or compete in the market, Kurtz said, noting that may be too harsh as the first step. It’s more likely the government would start gradually and increase the penalties over time.The Washington Post did not provide any details about the actual package under discussion, but cited an official who said the targeted Chinese firms would be “large and multinational.”Whether or not the sanctions will be issued is still unknown, but a final decision is expected soon, the Washington Post reported, and cited unnamed administration officials who hinted it could happen “even within the next two weeks.” The timing is sensitive as it could overlap with the first state visit by President Xi Jinping of China. Even if the sanctions don’t have any teeth, they will continue to shine a spotlight on China’s activities, which is essential, Kurtz said. “There’s too much IP at stake,” he said. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe