Cybersecurity

U.S., China Advance InfoSec Cooperation

Two Sides Differ on Tone of Bilateral Cybersecurity Talks
U.S., China Advance InfoSec Cooperation
Attorney General Loretta Lynch and DHS Secretary Jeh Johnson flank China State Councilor Guo Shengkun. (Photo: Xinhua)

Top American and Chinese government officials, meeting this week in Washington, agreed to create a common understanding on cyberthreats and how to respond to them, but the two sides offered different characterizations of the tone of the dialogue.

See Also: Fencing an Imaginary Yard; How to Secure your IP with an Unidentifiable Network Perimeter

The delegations agreed to create guidelines that would establish common expectations regarding the information to be included in requests for assistance on cybercrimes and other malicious cyber activities and the timeliness of responses, according to a statement issued by the departments of Justice and Homeland Security.

While the U.S. offered a subdued assessment of the dialogue, the Chinese painted a rosier picture.

"The U.S. and Chinese delegations agreed on the importance of expanding practical bilateral cooperation while also dealing directly with our differences in order to continue developing the U.S.-China relationship," National Security Council spokesman Ned Price says.

The official Chinese news agency Xinhua reported that the head of the Chinese delegation, State Councilor Guo Shengkun, said China and the U.S. have shared interests in protecting cyberspace and they can absolutely turn the differences into "bright spots" for bilateral cooperation.

Lack of Trust

The more sober American response is attributed, in part, to a lack of trust the U.S. has in the Chinese to meet their commitments. "This will take some time to duly assess what really happened at those talks," says IT security consultant Patrick Gray, a retired FBI special agent and former principal security strategist at Cisco.

While both nations conduct cyber-espionage against each other's governments, the U.S. admits to it, but the Chinese deny it.

The Xinhua report noted that the two sides discussed the breach of U.S. Office of Personnel Management computers that exposed the personal information of 21.5 million individuals, with the Chinese blaming the hack on Chinese criminals (see China: Chinese Criminals Hacked OPM ). The U.S. communique did not mention the OPM breach.

"In trying to get past this particular issue, [China is] trying to frame it in a way to take the onus off the Chinese government in engaging in cyber-espionage," says David Fidler, an adjunct senior fellow for cybersecurity at the Council on Foreign Relations. "The Chinese just hope it goes away, either by framing it in this criminal way or hoping the United States eventually kind of shrugs its shoulders and moves on."

Areas of Agreement

The representatives from both governments agreed to conduct a tabletop exercise next year on cybercrime, malicious cyber activity and network protection scenarios to increase mutual understanding regarding their respective authorities, processes and procedures. During the tabletop exercise, according to the Americans, both sides will assess China's proposal for a seminar to combat terrorist misuse of technology and communications as well as an American plan to invite experts to conduct network protection exchanges.

Another outcome of the talks was an agreement to develop the scope, goal and procedures for use of a hotline before the next high-level dialogue to be held in Beijing in June. The idea of the hotline came out of meetings in September between presidents Barack Obama and Xi Jinping (see U.S.-China Cybersecurity Agreement: What Next?). The hotline would be used during a response to cybercrime or other malicious cyber activities that rises to the level that warrants the attention of the two nations' top leaders.

The delegations agreed to further develop cooperation on combating cyber-enabled crimes, including child exploitation, theft of trade secrets, fraud and misuse of technology and communications for terrorist activities as well as to enhance exchanges on network protection. Both sides decided to improve cooperation among the relevant agencies, within the framework of the high-level dialogue, on network protection. U.S. and Chinese cyber incident and network protection experts were to meet this week and will continue to meet regularly during future dialogues.

Guo, according to Xinhua, said the China-U.S. law enforcement cooperation on cybersecurity has entered a new phase of progress because the two sides have solved some specific problems through practical cooperation and candid communication, which helped boost mutual understanding and trust.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network