On China, US told to hack right back

The United States remains ill-prepared to combat state-backed cyber intrusions from China and lawmakers should look at whether U.S.-based companies be allowed to 'hack back' to recover or wipe stolen data, a congressional advisory body said Tuesday.

That's the primary recommendation of this year's report by the U.S.-China Economic and Security Review Commission that examines the national security implications of the relationship between the two world powers.

The report says China's increasing use of cyber espionage has already cost U.S. companies tens of billions of dollars in lost sales and expenses in repairing the damage from hacking. It says in many cases, stolen trade secrets have been turned over to Chinese government-owned companies.

The commission, typically very critical of Beijing, is appointed by both parties in Congress but makes no bones about the "inadequate" U.S. response, saying China has also infiltrated a wide swath of U.S. government computer networks.

"The United States is ill-prepared to defend itself from cyber espionage when its adversary is determined, centrally coordinated, and technically sophisticated, as is the CCP and China's government," the report says, referring to the ruling Chinese Communist Party.

Cybersecurity has become an increasingly sore point in U.S.-China relations. It remains to be seen whether a September agreement between President Barack Obama and China's President Xi Jinping that neither government will support commercial cyber theft will lead to an easing in the tensions. Among the most serious breaches in the past year in which China is suspected was against the Office of Personnel Management, revealed in April. Hackers gained access to the personal information of more than 22 million U.S. federal employees, retirees, contractors and others, and millions of sensitive and classified documents.

China describes itself as a victim of hacking and says that is combating cybercrimes. It denied involvement in the OPM hack.