U.S.-China Cyber Agreement: Flawed, but a step in the right direction

January 24, 2017
In The News

Treaties and official agreements between nations designed to solve a particular problem are notoriously tricky to create and then police, but measuring their success is normally pretty simple. Either they work well, or not at all.

What has come to be called the U.S.-China Cyber Agreement, however, has not fallen neatly into either category. The general consensus in government and private circles is that the number of cyberattacks emanating from China appears to have declined, though in fact thosere attacks are still taking place.

“Clearly it has been a success. The Chinese hacking of U.S. entities has gone down,” said Rep. Ted Lieu (D-Calif.) with the caveat that “there are still cases of cyberespionage and hacking every day with some coming from China.”

Lieu's overall assessment of the deal was agreed upon by others who cited recent testimony from federal law enforcement officials that despite the agreement Chinese hacking is still alive and well.

“As Director of National Intelligence James Clapper mentioned in his testimony on January 5, China has not stopped conducting cyber espionage against the U.S. and our businesses,” Rep. Will Hurd (R-Texas) told SC Media.

Shelley Westman, senior VP, alliances and field operations for the enterprise and cloud data security software Protegrity also pointed to Clapper's comments as an indicator that the agreement is not working out in America's favor.

“As we learned from the recent U.S. Senate hearing, top intelligence officials say that China continues to run cyber-spying operations against American businesses, despite China's promises to halt those efforts,” she said.

The fact that a yes or no answer cannot be given to the question of whether or not the agreement has solved the hacking problem, or even helped limit it, is telling.

Historically, this is has not been so and has not required Congressional testimony to point out whether a treaty or agreement has worked well. The Treaty of Versailles that officially ended World War One did not have a positive outcome helping create the underlying causes of the Second World War. However, the Strategic Arms Limitation Talks (SALT) Agreement signed on May 26, 1972 had a direct impact on the number of nuclear weapons kept by the former Soviet Union and the United States and was also the first step in a series of strategic arms treaties signed by the two super powers.

SALT, yes. Versailles no. U.S.-China agreement, sort of.

According to the document that Obama and Jinping shook hands over, Hurd, Lieu and Westman should not be noticing any Chinese cyberincursions.

The September 2015 agreement, which is just one small part of a much larger document covering a range of subjects, contains several provisions including:

·       Agreeing that timely responses should be provided to requests for information and assistance concerning malicious cyber activities.

·       Both sides are committed to making common effort to further identify and promote appropriate norms of state behavior in cyberspace within the international community.

·       The United States and China agree to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues. 

Perhaps most importantly the agreement states “the United States and China agree that timely responses should be provided to requests for information and assistance concerning malicious cyber activities.  Further, both sides agree to cooperate, in a manner consistent with their respective national laws and relevant international obligations, with requests to investigate cybercrimes, collect electronic evidence, and mitigate malicious cyber activity emanating from their territory.  Both sides also agree to provide updates on the status and results of those investigation to the other side, as appropriate.”

There are signs that at least some lip services is being paid by forces within China itself to limit the number of attacks that country has launched against the U.S. and other nations. A report by FireEye in June 2016 said the number of attacks fell by about half between late-2015 and mid-2016, from 25 down to 13. FireEye credited Jinping for implementing sweeping reforms that helped muzzle Chinese military hacking, along with finally being publicly confronted by the U.S. for its cyber activities for this move.