"How do I screen when hiring Chinese employees?"
I was asked that question the other day by a senior executive at one of America's most prominent tech companies who is worried about Chinese employees stealing the company's trade secrets. The epidemic of cyber-burglary and trade secret theft coming out of China is leading many technology and industrial multinationals to not only ask this question but to discuss avoiding hiring Chinese scientists, engineers and executives for key positions -- or at least determine ways to isolate them from core company systems. Some companies are already doing both of those things.
I was immediately and sadly reminded of the late-1990s Chinese spy mania in the U.S. ignited by then House Speaker Newt Gingrich's attempt to connect a scandal involving Clinton campaign contributions with accusations that American companies with ties to Clinton were sharing sensitive U.S. space technology with China. In the end, as is usual with Newt's political nonsense, the smoke led to barely a flicker of fire.
But Chinese American scientist Wen Ho Lee at the Department of Energy's highly classified nuclear laboratory at Los Alamos, Mexico, ended up badly burned. And, for a while, so were the career prospects of Chinese immigrants with technology and science expertise studying and working in the U.S. After being charged with 59 criminal counts, shackled in leg irons, incarcerated in solitary confinement, and pilloried by press leaks, Lee pled guilty to one count that amounted to bringing classified materials home to work on. The judge who accepted Lee's plea said that his prosecution had "embarrassed our entire nation." During this time, I ran into more than a few Chinese scientists and technologists in China who had returned home because they saw their future in America limited.
A couple hours after the screening question, I received the CNN email alert about the death of Lu Lingzi, the 23-year-old Boston University student from Shenyang, China killed in the Boston marathon bombing. She was the same age as my daughter Sally, who was also born and raised in China and speaks Chinese. It is impossible for parents to fathom how a child's life and dreams can be destroyed by senseless criminal violence. As her classmate Zheng Minhui said at Lingzi's Boston University memorial service: "Her dream was very simple. She wanted a not necessarily rich life, but a peaceful life, with a stable job, a happy family, and a lovely dog."
Lingzi was one of the 200,000 mainland Chinese currently studying in the U.S. -- and nearly 1 million who came before her -- whose big dreams and bright futures depend on mutual understanding, clear communications and real trust between the U.S. and China as nations and as people. I chair the advisory board of a student group called Global China Connection with branches on some 60 U.S. campuses and a membership that mixes students from China with American and international students interested in China. The group's mission statement is clear: Global China Connection is a student-run organization dedicated to fostering deep and trusting personal relationships among Chinese and non-Chinese university students. I believe the future of the U.S.-China relationship depends on these young people to help us overcome the inevitable friction between a rising global power and a reigning global power. When I travel on business in the U.S., I stop by campuses and talk with these students. I have met many, many like Lu Lingzi over the years. Sincere, decent and diligent Chinese who love their homeland but have great curiosity about and affection for America -- and dreams and ambitions that involve both countries.
The fantastic Internet cyber world that has brought the globe together in so many ways is now endangering those dreams. The fallout for Chinese in the U.S., and those working for American multinationals in China, during the Wen Ho Lee fiasco was serious but short lived. The accusations were aimed at an individual who had resided in the U.S. for some 35 years at the time of his arrest. But today's accusations and a large body of detailed and credible evidence point at Chinese state-sponsored cyber hacking and trade secret theft involving a Who's Who of American multinationals.
Most Chinese officials and business people I meet are completely unaware of the scope of the problem.
Whenever American business talks about China with the U.S. government these days, this is topic number one. Most Chinese officials and business people I meet are completely unaware of the scope of the problem. The news and evidence is blocked by Internet censors. The Chinese government's response so far has been to deny and dissemble, calling the accusations of state-sponsored Chinese cyber-theft "groundless accusations" with "ulterior motives." After Secretary of State John Kerry and Treasury Secretary Jack Lew visited China in April and raised the cyber-hacking issue repeatedly, Qian Xiaoqing, deputy director of the state Internet Information Office told Reuters: "Lately people have been cooking up a theory of a Chinese internet threat, which is just an extension of the old 'China threat' and just as groundless."
Here is a quick overview of what has become public.
Google closed down its self-censored mainland China search engine in March 2010 due to cyber-hacking of Google source code and attempts to steal the passwords of hundreds of Gmail accounts, including U.S. officials, journalists and Chinese activists. At the time,Google was one of some three dozen multinationals hacked from China . Except for Google, the other companies clammed up, lest they anger China and damage their China business. The problem continued to get worse, but few would talk about it publicly. The U.S. government didn't want to reveal what it knew and how it knew it. Companies built stronger defenses and kept quiet.
China cyber-hacking news hit the headlines this January when The New York Times and The Wall Street Journal revealed that they had been hacked from China. Bloomberg BusinessWeek, in mid-February cover story entitled "Yes, the Chinese Army is Spying on You," exposed a network of hackers, digging all the way down to a vacation photo of a People's Liberation Army professor from Zhengzhou who had exposed his real identity by launching a small telecom side business that allowed investigators to connect his real name with his cyber-identity. The magazine followed the trail of Joe Stewart, director of malware research at Dell SecureWorks, who said he tracks 24,000 Internet domains "that Chinese spies have rented or hacked for the purpose of espionage."
Days later, Mandiant, an American private cyber security company, issued an explosive report on Chinese hacking. The company said it had traced "one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen" to the neighborhood of a PLA building in Shanghai that houses an intelligence organization known as Unit 61398. The individual hackers tracked by Mandiant at 61398 included those such online monikers as "UglyGorilla" and "SuperHard."
If Congress continues down this road Americans may soon revert to manual typewriters and talking into tin cans with strings stretched between them.
Mandiant said the group was one of more than 20 Advanced Persistent Threat (APT) groups it had been tracking in China. Mandiant said that in a seven year period, the Shanghai group - which it dubbed APT1 -- had "systematically stolen hundreds of terabytes of data from at least 141 organizations" by periodically revisiting "the victim's network over several months or years" to "steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations' leadership." Mandiant added that the companies targeted by APT1 "match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan."