(Bloomberg) -- Disputes over what’s acceptable behavior in cyberspace threaten to overshadow the agenda when Chinese President Xi Jinping and U.S. President Barack Obama meet in Washington this week.
A simmering conflict over hacking comes at a time when the U.S. is seeking cooperation with China on issues from North Korea to anti-terrorism and climate change. Xi arrives in Washington Sept. 24 for a two-day visit.
The two sides hope to announce an agreement to limit certain types of hacking, though people familiar with the negotiations say they have been contentious and any deal unveiled this week will probably be modest.
“Cybersecurity is shaping up to be one of those things whose impact is so enormous that it could affect the trajectory of the relationship,” said Wang Fan, director of the Institute of International Relations at the China Foreign Affairs University. Xi and Obama are likely to only reach an agreement in principle or risk “derailing the entire bilateral relation.”
U.S. government agencies and companies are reeling from a string of sophisticated attacks alleged to have been carried out by the Chinese government or its proxies, including the theft of corporate information and millions of health care and federal personnel records. China denies being involved, saying it’s a victim of cyber-espionage itself and opposes hacking.
“We are preparing a number of measures that will indicate to the Chinese that this is not just a matter of us being mildly upset,” Obama said Sept. 16. It was his most forceful comment to date and indicates a mounting frustration within the U.S. over what it says is Chinese theft of trade secrets and intellectual property.
Obama said his “hope” is that the U.S., China and other countries can agree to “some basic international framework” governing cybersecurity activities.
One goal is a bilateral agreement embracing a code of conduct put forward by a United Nation’s working group in June saying that no country should intentionally damage critical infrastructure providing public services, according to current and former government officials with knowledge of the talks who spoke on the condition of anonymity.
Areas where the two governments hope to announce agreement include language restricting attacks on power grids and other vital services and legal cooperation on prosecuting criminal hackers, the officials said.
While such a deal would allow the U.S. “to have a deliverable on cyber,” it would largely be symbolic, said Bonnie Glaser, a senior adviser on China at the Center for Strategic and International Studies in Washington.
Reaching agreement on the problem most vexing the U.S. -- Chinese-sponsored hacking of trade secrets and intellectual property from U.S. companies -- is seen as much more difficult.
Obama said he wants to put an end to a "government or its proxies engaging directly in industrial espionage and stealing trade secrets, stealing proprietary information from companies." The Obama administration differentiates hacking for intelligence gathering and traditional espionage purposes.
“Cyber-enabled espionage that targets personal and corporate information for the economic gain of businesses undermines our long-term economic cooperation and it needs to stop,” U.S. National Security Advisor Susan Rice said during a speech in Washington Monday. “We’ll continue to urge China to join us in promoting responsible norms of state behavior in cyberspace.”
Obama also warned that the U.S. could unleash powerful offensive cyber-attacks. While the U.S. has more capabilities to carry out cyber-attacks, the Chinese likely enjoy an advantage when it comes to disrupting the unclassified networks operating critical infrastructure, according to an analysis Sept. 14 by the research organization RAND Corp.
"Attacks against a limited set of civilian targets could have
significant operational effects, especially if an attack (or its effects) could be sustained," the report said.
"The United States brings a much better foundation to the battle than China does," according to the report. "This is likely true in the offensive domain,
and it is almost certainly true defensively. The bad news, not surprisingly, is that China’s cyberwarfare capabilities are improving faster, and U.S. efforts cannot slacken."
Xi reiterated denials that his government engaged in cyber-espionage in a Sept. 22 interview with the Wall Street Journal. China was “ready to strengthen cooperation with the U.S. side on this issue,” he said, without elaborating.
“Cybertheft of commercial secrets and hacking attacks against government networks are both illegal,” Xi said. “Such acts are criminal offenses and should be punished according to law and relevant international conventions.”
The U.S. belief that China has developed an organizational infrastructure for accumulating data and distributing it to Chinese companies was highlighted by its accusation last year against five Chinese military officials for stealing trade secrets from companies including Westinghouse Electric Co. and United States Steel Corp.
“The evidence seems to indicate that this is a pretty well established part of their government machinery,” said Eric Heginbotham, a senior political scientist at Rand Corp.
China may demand the U.S revoke its indictment of the officers, said Shen Dingli, vice dean of the Institute of International Affairs, Fudan University in Shanghai. For the U.S., that is a “non-starter” and may make a cyberdeal impossible to conclude at the summit, he said.
The Obama administration indicated last month it was considering economic sanctions on Chinese individuals and companies. The Chinese responded by sending Meng Jianzhu, China’s top legal and domestic security official, to Washington for talks with security and intelligence officials including Rice.
Chinese media cited Meng afterward saying that both sides had reached “an important consensus on combating cyber crimes” and that China would crack down on illegal hacking within its borders. White House press secretary Josh Earnest described the talks as “pretty blunt.”
“The two sides are still pretty far apart,” said Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York. “We would have to really see a significant downturn in state-sponsored or state-directed hacking for there to be some sign that the U.S. has gotten what it was hoping for from the summit.”
The dispute has caught U.S. and Chinese companies in the crosshairs, with some cautioning against ill-advised economic sanctions or other retaliatory actions that could further inflame tensions between the world’s two largest economies.
“Doing it in a vacuum is very, very dangerous,” said Patrick Reidy, vice president of global cybersecurity for Computer Sciences Corp. “Anytime any type of sanction comes into play it needs to be done in a way that’s sensitive to the international business community.” Reidy previously served as the Federal Bureau of Investigation’s chief information security officer.
Tensions could also threaten progress at the summit on a bilateral investment treaty that U.S. companies hope will improve access to China’s fast growing domestic market. China accelerated efforts to purge foreign technology from banks, the military, state-owned enterprises and key government agencies in the wake of revelations by former U.S. contractor Edward Snowden in 2013 of widespread spying by the U.S. NationalSecurity Agency.
‘Rules of the Road’
“If there is someway to reach an understanding on the rules of the road that would prevent commercial espionage, that is what we’d most like to see,” said Kenneth Jarrett, president of the American Chamber of Commerce in Shanghai. Companies are concerned China could ramp up its use of cybersecurity policies as protectionist measures, he said.
Some in Congress believe the U.S. should be more aggressive and impose sanctions, even if it means retaliation.
“We ought to take steps to underscore that there will be an increasing cost for China to pay for the theft of American intellectual property,” said Representative Adam Schiff of California, the top Democrat on the House intelligence committee.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access