Written byGreg Otto
As U.S. and Chinese officials meet in Washington Tuesday for the first round of ministerial-level bilateral cybersecurity talks in more than a year, it’s unclear if the Obama administration is satisfied Beijing will keep its promise to stop online theft of intellectual property from American companies.
The talks, in which Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson represent the U.S., come after President Barack Obama and his Chinese counterpart Xi Jinping reached a deal in September to stop online corporate espionage and work toward peacetime norms for national behavior in the cybersecurity space. The deal was inked during a visit by Xi to Washington, after anger against Beijing’s brazen plunder of U.S. intellectual property peaked among U.S. legislators and other policymakers.
In the leadup to this week’s talks, DHS declined to comment and a spokesperson referred FedScoop to a White House fact sheet released after the September deal. But U.S. officials have in the past publicly noted that, since issuing a new executive order earlier this year, the president has the authority to sanction Chinese officials or companies involved in or benefiting from commercial cyber espionage.
The near silence is even tougher to read given the events that have transpired since the September agreement. In October, the Washington Post reported that China had arrested a number of hackers for stealing commercial secrets. Yet on the flipside, an October blog entry from cybersecurity firm CrowdStrike found that intrusions from China-based hackers continued after the agreement had been signed.
A number of experts say that while there won’t be any earth-shattering news from these talks, it’s important to start a process now to have a chance of corralling Chinese behavior later.
“Now’s the time to ensure whether or not they translate the nouns into verbs and actually change their behavior.” Frank Cilluffo, the director of George Washington University’s Center for Cyber and Homeland Security, told FedScoop. “We’ve had this discussion for a long time, but if in fact they are living up to their obligations, that’s a positive development.”
Officials have said that the meeting will not serve as any sort of deadline for measuring China’s compliance with the agreement, but will serve to further outline acceptable behaviors. Cilluffo said articulating the boundaries of what’s acceptable is critical.
“If we don’t signal and transparently respond once they’ve been crossed, we set ourselves back even further from a credibility standpoint,” he said.
Some observers believe China has continued to effectively ignore those boundaries. Catherine Lotrionte, director of the Cyber Project at Georgetown University, said there is a “clear disagreement” between experts as to whether there has been any reduction in corporate hacking.
She said these talks should be used to help determine what would be the red lines that would push the U.S. toward economic sanctions against China if it is determined the hacks haven’t stopped.
“How many months are you going to wait to see proof that they scaled down?,” she told FedScoop. “I don’t know what ‘scaled down’ means. Instead of 90 intrusions, is it 30? Is this a temporary thing? If [China] said they were going to stop it, word would’ve gone out [in the Chinese government] and you would have seen a dramatic decrease. That’s not what I’m hearing from anyone in the private sector.”
Experts also believe you could see some common ground reached on how law enforcement agencies will handle cyber crimes like identity fraud or software piracy.
“Chinese companies are just as interested in being secure as U.S. companies,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation. “There’s a role for government to play in helping the security of those companies.”
Ultimately, experts agreed that any dialogue is important, even if the relationship deteriorates and sanctions become more likely.
“The bottom line here is if they continue to transgress, there’s more than enough policy discussion and actions that can be taken to penalize their behavior,” Cilluffo said.