The EU is gearing up to confront China on alarming levels of Beijing-linked cyber espionage on European industry.
The European Commissions department for industry is drafting a document that would sum up Europes worries on the issue, two sources briefed on the plan told POLITICO, and could still come up with new measures to defend European trade secrets during this mandate, which ends in May next year.
The European Commission Thursday met a group of national government experts, foreign affairs officials and industry lobbyists to go over a study by PricewaterhouseCoopers and the Commission department that is likely to lead to EU action in coming months.
The study, an executive summary of which was obtained by POLITICO, offers a peek into “public and private sector concerns about the increasing risks associated with cyber-theft of trade secrets in Europe.”
In the manufacturing sector, it said, industrial espionage and cybertheft of trade secrets constitute up to 94 percent of all cyberattacks. The summary cites estimates that cyber espionage is costing Europe up to €60 billion in economic growth — a figure that would rise as European companies digitize their services.
Previous reports have consistently pointed fingers at Beijing as the worlds most active government on cyber espionage.
PwC will finalize the report later this month, it said at Thursdays meeting, after which the Commission would release it and work on its own follow-up.
The Commissions initiative comes as Bloomberg Businessweek on Thursday published a extensive investigation into how manufacturing subcontractors in China implanted chips as tiny as a grain of rice in parts of servers that make their way onto the global market and into the server centers of cloud services giant Amazon Web Services, Apple and other tech firms. The microchips would give foreign actors access to data touching the servers.
Several of the tech firms denied the claims made in Bloombergs story.
Previous reports have consistently pointed fingers at Beijing as the worlds most active government on cyber espionage. A 2013 study by Mandiant raised flags across the world and governments have sought to strike deals with China to stop the practice.
People working in industrial sectors in Italy, France, Germany and the Netherlands are most concerned about cyber espionage, according to the PwC study | Jack Taylor/Getty Images
The U.S. struck a deal with China in 2015. But intelligence officials have complained that Chinese counterparts have failed to abide by the terms of the agreement. On Wednesday, the Department of Homeland Security warned industry that the Beijing-linked “Cloudhopper” hacking group is again launching a widespread campaign on technology service providers to hack and steal industrial secrets.
The PwC study recommends that the European Union, as well as member countries, engage in talks similar to the U.S.-China dialogue. It also says that the EU could broaden its requirement to report cyber incidents to companies outside of critical infrastructure sectors. It adds that 60 percent of respondents that agree with the need for notifications said that such a notification system should be made mandatory across the EU.
Compared to national governments in and beyond Europe, the EU has in the past been cautious about wading into the debate. It lacks an intelligence agency, and is still struggling with the question of whether and how it can attribute cyberattacks to third countries — a naming-and-shaming power that is currently the purview of member countries and not Brussels.
European industry is getting increasingly anxious about the issue, however.
The PwC study says people working in industrial sectors in Italy, France, Germany and the Netherlands are most concerned about cyber espionage. Germany is most affected, the study says, as 17 percent of companies reported the theft of sensitive data between 2015 and 2017.
Europes largest business lobby BusinessEurope released a statement Thursday in which it asks the EU to come up with a “strategy to deter hostile actors” like China. “Diplomatic action or economic retaliation could be considered,” the group says, adding that “the EU could seek to cooperate with the United States, Japan and other OECD economies to apply political pressure.”