U.S., China Reach Cyber Agreement
Countries Agree Not to Conduct, Support Cyber Theft of Intellectual PropertyThe U.S. and China have agreed not to "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information with the intent of providing competitive advantages to companies or commercial sectors," according to the White House.
See Also: 2024 In Review: A Tactical Guide For Top External Cyber Risks and Vulnerability Management
The announcement came on Sept. 25 during a state visit by Chinese President Xi Jinping to the White House hosted by U.S. President Barack Obama. "I raised once again our growing concern about cyberthreats," Obama said during a joint news conference with Xi in the White House Rose Garden. "I indicated it has to stop. The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on a way forward."
Obama added, "We'll work together and with other nations to promote other rules of the road."
Besides discussions about cybersecurity issues, the two heads of state exchanged views on a range of global, regional and bilateral subjects. In a fact sheet, the White House says Obama and Xi "agreed to work together to constructively manage our differences and decided to expand and deepen cooperation." The fact sheet notes:
- Both countries agreed that neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.
- The U.S. and China said they are both committed to work to further identify and promote appropriate norms of state behavior in cyberspace within the international community. The two sides also agree to create a senior experts group for further discussions on this topic.
- The U.S. and China agreed that timely responses should be provided to requests for information and assistance concerning malicious cyber activities. "Both sides agree to cooperate, in a manner consistent with their respective national laws and relevant international obligations, with requests to investigate cybercrimes, collect electronic evidence, and mitigate malicious cyber activity emanating from their territory. Both sides also agree to provide updates on the status and results of those investigation to the other side, as appropriate."
Additionally, the U.S. and China agree "to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues."
The White House notes: "This mechanism will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side. As part of this mechanism, both sides agree to establish a hotline for the escalation of issues that may arise in the course of responding to such requests. Finally, both sides agree that the first meeting of this dialogue will be held by the end of 2015, and will occur twice per year thereafter.
The White House says China will designate an official at the ministerial level to take a lead role in the effort, and China's Ministry of Public Security, Ministry of State Security, Ministry of Justice, and the State Internet and Information Office will participate in the dialogue. The U.S. Secretary of Homeland Security and the U.S. Attorney General will co-chair the dialogue, with participation from representatives from the FBI, the U.S. Intelligence Community and other agencies.
The agreement between the two nations comes in the wake of several high-profile cyberattacks in recent months on U.S. government agencies, including the Office of Personnel Management as well as U.S. health insurers, including Anthem Inc.. Some security experts have speculated that China has been involved in these attacks.
Important First Step
The agreement between the U.S. and China "is only a first step, but extremely important, tremendous progress," says Larry Clinton, president of the Internet Security Alliance, a trade group. In the past, China gave permission to organizations in that nation "to hack into entities and use intellectual property for their own betterment," he says. So its pledge to not allow that to happen is significant. "Still, we will need to work continuously with China to successfully implement this," he says. "Trust but verify."
Attorney Robert Cattanach, a partner at the international law firm Dorsey & Whitney, notes: "Economic espionage has traditionally been a one way street; hundreds of billions of dollars in U.S. business secrets have been flowing to China, with virtually nothing in the other direction. If effective, the agreement would stop - or at least slow - one of the key components driving China's economic development over the last decade - cost-free R&D via cyber theft, but it does not address more traditional state vs. state cyber espionage."
Another important element of the agreement is China and the U.S. working together to protect critical infrastructure, Clinton says. "The only people who could take down the electric power grid in the U.S. are the Chinese and the Russians," he says. But because the economies of China and the U.S. are so interconnected, the threat of the U.S. electric power grid being brought down by a hacker in China is relatively small, he argues.
Pointing to the potential threat that terrorist organizations, such as ISIS, pose, Clinton says the U.S. and China "have a common interest to fight together to protect our critical infrastructures. ISIS is not up to the task yet, but could be soon."