President Barack Obama and his Chinese counterpart Xi Jinping on Friday reached agreement in several areas related to cyber security, including prohibiting both countries’ governments from cyber-enabled theft of intellectual property.
A White House fact sheet on a range of agreements between the two countries says “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
Rep. Jim Langevin (D-R.I.), who closely monitors cyber security issues, said that he’s skeptical that China will be committed to implementing the accord, but said the agreement shows “substantive progress in the relationship” between the two countries and lauded clarification that “so-called ‘economic espionage’ is not espionage but theft and has no place in 21st century dealings between states.”
On the theft of intellectual property part of the accord, Scott Kennedy, director of the Project on Chinese Business and Political Economy at the Center for Strategic & International Studies (CSIS), told Defense Daily that he believes China’s commitment will be “temporary” and that the issue will remain “troublesome for a while.”
“These agreements aren’t necessarily going to stop China from engaging in the use of cyber to steal commercial secrets,” Kennedy said. Like Langevin, Kennedy said the accord around cyber espionage recognizes it is an issue between the countries and is “distinct” from other cyber-related matters.
Before China is willing to curtail its theft of intellectual property they will need to pay a “high cost,” Kennedy said, adding that it comes down to whether “the Obama administration has the stomach for forcing the Chinese to pay a cost.”
Jim Lewis, a cyber security expert at CSIS, believes the United States got a “good deal” from the Chinese on the cyber accords. From talking to his sources, Lewis said the U.S. sanctions are still a lever it can apply to the Chinese going forward, although he’s doubtful that China’s malicious activity will drop to zero.
Lewis believes that China agreed to the cyber deals because the United States increasingly is getting better at attribution of cyber attacks. In the wake of the disclosure of the cyber breach of the U.S. Office of Personnel Management, which has been attributed to China, and the identification of North Korea behind the hack of Sony Pictures Entertainment last year, that provided incentive for China to come to these agreements, he told Defense Daily.
China is considered the “world’s largest source of IP theft,” according to a 2013 report by the bipartisan Commission on the Theft of American Intellectual Property, which said that U.S. losses to the economy from IP theft in general equate to over $300 billion annually. The report, citing various major studies, says China represents between 50 percent and 80 percent of the IP theft problem.
“National industrial policy goals in China encourage IP theft, and an extraordinary number of Chinese in business and government entities are engaged in this practice,” the report said.
Kennedy said the United States is getting a “quarter-loaf” overall from the various cyber accords, namely from an agreement where Obama and Xi agreed that both countries should respond “timely” to requests for information about “malicious cyber activities” and mitigate such activity from within their respective countries, and cooperate on investigating cyber crimes.
The agreements also call for the United States and China to work toward identifying proper “norms of state behavior in cyberspace within the international community” with both governments creating a group of senior experts to work on this matter. Another area of cooperation will be a senior level mechanism, including a “hotline,” to allow for dialogue on fighting cyber crime.
For the United States, the effort to work with China on fighting cyber crime will be co-chaired by the Secretary of Homeland Security and the Attorney General with participation from the FBI, intelligence community and other agencies. The first meeting between the two sides will be held later this year and occur twice yearly beginning in 2016.
“This mechanism will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side,” the White House fact sheet says.