The United States and China will no longer support cyberespionage that results in the theft of trade secrets or confidential business information, leaders from both countries announced Friday. It’s the first meaningful cooperation between the two countries on cybersecurity but falls well short of the Obama administration’s previously stated goals.
“The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors,” Obama said at a news conference Friday. “This is progress, but I have to insist that our work is not yet done.”
U.S. officials previously suggested that the two countries would agree to not use cyberweapons against each other’s critical infrastructure, but that was not part of this deal.
Washington and Beijing will open a new cyber “hotline,” where senior officials can “escalate” concerning technical issues. They have also agreed to create a senior experts group to continue discussing cyberwarfare and the protection of intellectual property.
“The question now is, are words followed by actions," Obama said, in a news conference Friday. "We will be watching carefully to make an assessment on whether progress has been made in this area.”
A meaningful cybersecurity arrangement was on top of the agenda between the two world leaders after experts blamed China for the hacks on the U.S. Office of Personnel Management, Anthem health insurance and a number of other breaches. American government officials previously suggested the two countries would at least agree to avoid crippling each other’s most essential services – including electrical grids, banking systems, hospitals and cellphone networks -- during peacetime.
Disagreements over what actually constitutes “cyberwarfare” vs “cyberespionage,” along with China’s ongoing refusal to acknowledge responsibility for the breaches, seemed to doom negotiations on the protection of critical infrastructure from the outset.
“In order to come to an agreement on critical infrastructure then you have to admit you have those capabilities,” said Ken Westin, senior security analyst at the cybersecurity company Tripwire.
“China is taking the stance that they’re completely inexperienced and almost naïve in this area," he said. "They play more the victim when it comes to cybersecurity, they haven’t talked about things like the OPM hack, they can’t even communicate on the risks of cyberwar and cyberespionage.”
U.S. Admiral Michael Rogers, director of the National Security Agency, told the Senate Intelligence Committee Thursday that the U.S. and China “can’t sustain a log-term relationship” with “the current approach, where we are so fundamentally apart” on foreign data collection. Earlier this week, the U.S. Office of Personnel Management announced that 5.6 million government employees’ fingerprints were stolen in the breach there, not just 1.1 million, as initially reported.
“We are fighting a cyber war, there’s no doubt about it,” said Darren Guccione, CEO and co-founder of Keeper Security. “It’s quiet, it’s silent, it’s intellectual and it’s cutting edge but there’s unfortunately a feeling through societies that if I’m smarter than you, I will breach your electronic walls. If I’m smarter than you I will hack you, and I have the right to do it.”