The race to develop a vaccine is particularly high stakes. While many countries claim they're willing to collaborate internationally throughout the process, it's unsurprising that some nations would turn to espionage to fill the gaps and suss out what researchers might be holding back. But if these operations disrupt or damage vaccine development, they could violate the norms surrounding espionage. A joint statement by the Federal Bureau of Investigation and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency accuses China of doing exactly that.
"These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with Covid-19-related research," the joint announcement says. "The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options."
The warning gives scant details about how exactly China-linked operations could hinder the delivery of treatments, but it could relate to the potentially distracting and cumbersome precautions organizations must take to shore up their digital defenses."If the espionage is throwing off efforts to get to a vaccine, then I’m glad that CISA is calling this out," says Jason Healey, a senior research scholar at Columbia University's School for International and Public Affairs focused on cyberconflict. "But they’re not specifically saying here that China is trying to steal this to gain a national security or competitive advantage. If the US is wanting to argue for norms, I look forward to us doing it directly and saying here’s where we think the playing field lies, because certainly we’re being active in many of these areas as well. I'd expect CIA and NSA are not just sitting on their hands."
International norms of spycraft and espionage are more a collective project than a set of individual rules. Every nation has a security interest in spying and will do so if it can. But there's still generally an unspoken consensus that limits exist on acceptable acts versus those that constitute aggression. Over the past few decades, the rise of digital espionage has given nations much broader potential reach, though, and blurred these already fine lines.The US has for years struggled to deter Chinese cyber-espionage in particular. A landmark agreement between the two countries in 2015 seemed to slow the pace of assaults on the private sector, but it has since become clear that the accord wasn't a panacea . At this point, the US expects Beijing to perpetrate a certain amount of intelligence-gathering and intellectual property theft but has increasingly condemned those acts publicly, indicted Chinese hackers, and levied sanctions as those efforts escalated. All those tools are meant deter espionage, although so far with little apparent success.
Despite these obstacles, Frayer has worked to create a moving record of life in Beijing as people deal with the virus, from residents just trying to get through the crisis to the brave volunteers with the humanitarian organization Blue Sky Rescue, who are donning protective suits and disinfection equipment to tackle it head on.
Desperation caused by the Covid-19 pandemic is a powerful incentive for countries to ignore those implicit checks on hacking."The prospects for deterrence are dim, because the stakes are very high," says John Hultquist, the director of intelligence analysis at security firm FireEye. "We’re seeing intrusions from several different actors against organizations that are developing treatments: China, Russia, Iran. And we suspect that there are a lot more actors in play. This crisis is just too important to ignore. I don’t think it’s very likely that anyone is conducting business as usual. I think they are all refocusing their efforts on this problem."