U.S.-China: First Step on Cybertheft
Washington — China’s pledge to help crack down on hackers who steal commercial secrets from the United States, even coming as it did amid a bit of arm-twisting by President Obama, is a big breakthrough that could reduce U.S.-China tensions and end huge losses for American companies.
Analysts say the agreement between the world’s two biggest economies is just a start but could lead to real progress on the cybertheft issue — depending on how well it’s put in place.
Still, it’s not easy to track down hackers and prove responsibility, experts say, even as they found hope in Friday’s announcement by Obama at a joint news conference with Chinese President Xi Jinping.
“I think it’s a big deal,” said Dmitri Alperovich, who published a seminal paper in 2011 identifying Chinese cyber economic espionage and now runs the cybersecurity firm Crowdstrike. “For the first time ever, the Chinese have made a distinction between national security espionage and economic espionage.”
Also significant, Alperovich said, is the fact that the Chinese have agreed to provide responses to U.S. government requests for investigations. “They can’t just shrug and say, ‘We don’t do hacking; hacking is illegal,’ ” he said.
Mark MacCarthy, vice president for public policy at the Software and Information Industry Association, said the tech industry trade group agrees with Obama that the cybertheft of intellectual property must stop. “We are hopeful the understanding reached by the president and Chinese President Xi Jinping results in real progress on the ground,” he said.
The U.S. has accused Beijing of backing Chinese hackers who steal trade secrets from American companies. Before the Xi summit, Obama called cybertheft by China “an act of aggression.”
James Lewis, director of the Center for Strategic and International Studies’ Strategic Technologies Program, said the thefts probably cost American companies tens of billions of dollars annually.
Last year the U.S. charged five officers in China’s People Liberation Army for computer hacking and economic espionage against six U.S. companies, including Westinghouse, U.S. Steel and Alcoa.
Malcolm Lee, nonresident senior fellow at the Brookings Institution and a former White House economic official, said that the Friday agreement will “begin to address one of the most destabilizing and corrosive issues in the relationship.”
Senior U.S. officials said the Obama administration had been preparing a package of sanctions in recent weeks aimed at China and other nations over cyberthefts of intellectual property.
When news of those plans appeared in the U.S. media, China dispatched a high-level delegation, led by Meng Jianzhu, the secretary of the Central Political and Legal Affairs Commission of the Chinese Communist Party, to work out a deal.
The result was Friday’s announcement.
“The thing that got the Chinese to the table is the threat of sanctions,” Alperovich said.
Last year’s indictments helped, too, Lewis said. “The Chinese thought about how unhappy that experience was, and they didn’t want to go through it again,” he said. “They knew the Americans were really worked up.”
The U.S. also has been getting better at tracking the source of cyberattacks. North Korea, for instance, was quickly identified as the source of a hack last year that damaged computers at Sony and exposed internal emails at the filmmaker.
“That made them think, ‘We’re not going to be able to get away with this,’ ” Lewis said.
Trevor Nagel, a partner with the law firm White & Case who specializes in cybersecurity and other global technology issues, noted that China now has intellectual property of its own to protect, as it has become a world leader in manufacturing.
Jeremie Waterman, executive director for China at the U.S. Chamber of Commerce, called the agreement “a clear statement” on an issue of critical importance to the future of relations between the two countries. “Hopefully, it marks a new chapter,” Waterman said, adding that, as with other areas of negotiation between the U.S. and China, the key will be implementation.
The agreement may not be easy to enforce, particularly since it’s often difficult to trace the source of cyberattacks and the Chinese government has never acknowledged a role in past attacks, said Betsy Page Sigman, a cybersecurity expert at Georgetown University’s McDonough School of Business.
“The Chinese government can use intermediaries” in such attacks, “and it can be very difficult for them to be found out,” she said.
The agreement raises questions, Robert Cattanach, a former Justice Department attorney who specializes in cybersecurity, said in an email.
Will spying by private Chinese companies “simply replace state-sponsored economic espionage?” he asked. “How effective will the high-level consultations really be? Will this affect China’s well-known efforts to explore the vulnerability of the United States’ power grid, financial sector, and health industry?”