On May 27, Republican Senators Tom Cotton of Arkansas and Marsha Blackburn of Tennessee unveiled the Secure Campus Act, a bill that would ban Chinese citizens from receiving visas to attend U.S. graduate programs in STEM fields. Contrary to the senators’ comments that the bill will safeguard national security and curb Chinese theft of U.S. technology, it will not have the desired effect. Instead, it will likely hurt U.S. universities and further exacerbate U.S.-China tensions.
While there are high-profile examples of Chinese graduate students stealing U.S. research, cyberespionage is the main avenue through which China has stolen U.S. research and technology for over a decade. According to the U.S. Department of Defense, Chinese state-affiliated hackers have stolen massive amounts of data about U.S. military technology, including designs for fighter jets, missile systems, drones, supersonic torpedoes, the THAAD missile defense system, and Navy ships.
Efforts taken by the United States to improve domestic cybersecurity, including the creation of the Cybersecurity and Infrastructure Security Agency (CISA), the Cyberspace Solarium Commission, and “defend forward” strategy, highlight the profound threat that Chinese cyberespionage poses to the United States. However, despite these measures, China continues to launch massive cyber operations targeting U.S. universities and the U.S. defense industry. Chinese hackers face minimal risk in carrying out these operations because they are able to do so from within China’s borders. While attacks have eventually been linked to specific Chinese threat groups, attribution in cyberspace is slow and often relies on many forms of intelligence. Even if Chinese hackers are identified and indicted, there is almost no chance that they will stand trial in the United States. With such protections in place and the continued success of cyberespionage operations, China has little incentive to change its strategy.
Not only will the ban proposed by Cotton and Blackburn fail to address the main avenue of Chinese espionage, it will also hurt U.S. universities. American universities collect $14 billion annually from Chinese students, who often pay full tuition. A ban against students enrolling in graduate STEM programs would amount to nearly a quarter of all Chinese students studying in the United States and the loss of around $3.5 billion for U.S. universities. Many U.S. universities are already on the precipice of closure due to financial distress and rely heavily on Chinese students to stay afloat. Revenue from Chinese students also allows universities to provide need-based financial aid to students from the United States, where tuition and student debt are astronomically high.
Compounded with the Trump administration’s use of the term “China virus,” which has been widely criticized as promoting xenophobia, a broad ban targeting a large subset of Chinese students could alienate potential allies, especially in Asia, at a time when Washington has been trying to build an international coalition to confront China in multiple areas, including internet governance, 5G telecommunications infrastructure, and human rights. It would also unnecessarily exacerbate tensions in U.S.-China relations, which are already considered to be at their lowest point in decades. While it is understandable that the United States would want to retaliate against Chinese espionage, digging the relationship into a deeper hole serves no practical purpose. Instead of a blanket ban, improving visa-vetting processes and increasing counterespionage efforts between the U.S. intelligence community and U.S. universities would help identify would-be spies before they arrive on U.S. soil.
Although the United States has tried to pressure China on cyberespionage in the past, culminating in a 2015 bilateral agreement between Presidents Barack Obama and Xi Jinping in which both sides promised to refrain from cyberespionage for commercial benefit, these efforts ultimately failed. However, there are other options available to the United States.
The U.S. Department of Justice should continue its policy of publicly indicting Chinese hackers. Even though this does not deter Chinese cyberespionage, it allows the United States to shame malicious Chinese behavior on a global stage and helps define a norm against cyberespionage of research and technology that the United States can build international action around. There is precedent for this already, as the Group of Seven (G-7) and Group of Twenty (G-20) [PDF] – the latter including China as a member — have embraced norms against industrial cyberespionage. In the cyber realm, the United States should employ defend forward strategy to disrupt Chinese hacking infrastructure and organizations that support cyberespionage targeting U.S. technology. This would raise the cost of carrying out these kinds of operations in the future. U.S. Cyber Command should also practice malware inoculation, another tenet of defend forward, which publicizes malware obtained from foreign networks. Doing so would make it harder for Chinese threat groups to operate undetected.
To be sure, Chinese theft of U.S. research and technology is a critical issue that the United States needs to address. However, banning Chinese graduate students from enrolling in STEM programs at U.S. universities will not solve the problem. Instead, the United States should take a smarter approach that plays to its strengths and raises the costs of cyberespionage for China.
Connor Fairman is a research associate in the Digital and Cyberspace Policy program at the Council on Foreign Relations.