A PwC study urges the EU to strike a deal with China to limit cyber espionage, which it says is rampant.
The EU is gearing up to confront China on alarming levels of Beijing-linked cyber espionage on European industry.
The European Commission’s department for industry is drafting a document that would sum up Europe’s worries on the issue, two sources briefed on the plan told POLITICO, and could still come up with new measures to defend European trade secrets during this mandate, which ends in May next year.
The European Commission Thursday met a group of national government experts, foreign affairs officials and industry lobbyists to go over a study by PricewaterhouseCoopers and the Commission department that is likely to lead to EU action in coming months.
The study, an executive summary of which was obtained by POLITICO, offers a peek into “public and private sector concerns about the increasing risks associated with cyber-theft of trade secrets in Europe.”
In the manufacturing sector, it said, industrial espionage and cybertheft of trade secrets constitute up to 94 percent of all cyberattacks. The summary cites estimates that cyber espionage is costing Europe up to €60 billion in economic growth — a figure that would rise as European companies digitize their services.
PwC will finalize the report later this month, it said at Thursday’s meeting, after which the Commission would release it and work on its own follow-up.
The Commission’s initiative comes as Bloomberg Businessweek on Thursday published a extensive investigation into how manufacturing subcontractors in China implanted chips as tiny as a grain of rice in parts of servers that make their way onto the global market and into the server centers of cloud services giant Amazon Web Services, Apple and other tech firms. The microchips would give foreign actors access to data touching the servers.
Several of the tech firms denied the claims made in Bloomberg’s story.
Previous reports have consistently pointed fingers at Beijing as the world’s most active government on cyber espionage. A 2013 study by Mandiant raised flags across the world and governments have sought to strike deals with China to stop the practice.
The U.S. struck a deal with China in 2015. But intelligence officials have complained that Chinese counterparts have failed to abide by the terms of the agreement. On Wednesday, the Department of Homeland Security warnedindustry that the Beijing-linked “Cloudhopper” hacking group is again launching a widespread campaign on technology service providers to hack and steal industrial secrets.
The PwC study recommends that the European Union, as well as member countries, engage in talks similar to the U.S.-China dialogue. It also says that the EU could broaden its requirement to report cyber incidents to companies outside of critical infrastructure sectors. It adds that 60 percent of respondents that agree with the need for notifications said that such a notification system should be made mandatory across the EU.
Compared to national governments in and beyond Europe, the EU has in the past been cautious about wading into the debate. It lacks an intelligence agency, and is still struggling with the question of whether and how it can attribute cyberattacks to third countries — a naming-and-shaming power that is currently the purview of member countries and not Brussels.
European industry is getting increasingly anxious about the issue, however.
The PwC study says people working in industrial sectors in Italy, France, Germany and the Netherlands are most concerned about cyber espionage. Germany is most affected, the study says, as 17 percent of companies reported the theft of sensitive data between 2015 and 2017.
Europe’s largest business lobby BusinessEurope released a statement Thursday in which it asks the EU to come up with a “strategy to deter hostile actors” like China. “Diplomatic action or economic retaliation could be considered,” the group says, adding that “the EU could seek to cooperate with the United States, Japan and other OECD economies to apply political pressure.”