The China-U.S. Cyber Spying Deal: Where Are We Now?

Blog | December 08, 2016

The September 2015 agreement helped depoliticize cyber issues between the two nations.

It has been over a year since Chinese President Xi Jinping and U.S. President Barack Obama agreed to refrain from “conducting or knowingly supporting commercial cyber-espionage” for “commercial advantage” in September 2015. According to open source information, the agreement helped reduce cyberattacks coming from China on U.S. intellectual property. However, it is important for two other reasons. 

First, the agreement helped to depoliticize and depolarize discussions on cyber issues between the two countries. On the one hand, by concluding the agreement the U.S. administration has assuaged concerns of the private sector and wider public that it is not doing enough to counter Chinese cyberattacks. On the other hand, the Chinese government (i.e. Xi Jinping) reportedly has been utilizing the agreement to push for reforms and weed out corruption within the People’s Liberation Army and the intelligence services. (Some analysts believed that rogue actors within the PLA and intelligence services are responsible for a large share of sophisticated cyberattacks against U.S. targets originating from China.)

Second, the agreement led to a number of promising new diplomatic initiatives. In September 2015, in addition to the cyber spying agreement, China and United States also agreed to promote appropriate norms of state behavior in cyberspace, and to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues. In May, the first Sino-U.S. Senior Experts Group convened to discuss international norms in cyberspace. In June 2016, China and the United States held their second round of bilateral talks on cybercrime in Beijing. Both sides agreed to the so-called “U.S.-China Cybercrime and Related Issues Hotline Mechanism Work Plan.” According to the Cyberspace Administration of China, a new Sino-U.S. cyber hotline is now functional. Both countries also conducted a tabletop exercise in April and are slated to hold a second exercise by the end of the year.

It is important to recall where the U.S.-China cyberspace relationship stood prior to the deal.

The two countries experienced a sharp deterioration of mutual understanding after the U.S. Justice Department indicted five members of the People’s Liberation Army for malicious activities in cyberspace in May 2014 in an effort to stem the tide of Chinese state-sponsored cyberattacks on U.S. critical information infrastructure.

This in turn led Beijing to freeze official discussion of bilateral cyber issues and included suspending participation in the U.S.-China Cyber Working Group (although quiet diplomatic dialogues between both countries continued throughout the period).

Concurrently, Beijing accused Washington of duplicity based on the 2013 revelations of Edward Snowden on U.S. cyberespionage activities worldwide. The United States in turn, insisted that it had the right to conduct cyberespionage for national security purposes, whereas it insisted that China was violating international norms with its massive commercial cyberespionage effort.

While contacts at the technical level (e.g., between Computer Emergency Response Teams) persisted throughout the period, the diplomatic impasse made any substantial progress on cyber policy questions all but impossible. 

The September 2015 Sino-U.S. agreement ostensibly reversed this downward trajectory.

However, as I noted elsewhere (See: “What Does 2016 Hold for China-US Relations in Cyberspace?”), the recent progress cannot deduct from the fact that cyber tension persists between China and the United States. One sign is the continuing militarization of cyberspace by both sides: 

In 2015, the United States and China also stepped up the cyber arms race. In May of last year, China issued its first ever “Military Strategy” emphasizing the importance of cyberspace for future military operations. In 2015, the Pentagon issued a new “Cyber Strategy,” and Cyber Command issued a new planning document, titled “Beyond the Build.” In addition, the Pentagon issued a new Law of War Manual, in which the pre-emplacement of “logic bombs” in an adversary country’s networks and information systems is advocated.

Having said that, the agreement, as outlined above, is without a doubt an important step towards depoliticizing bilateral discussions on cyber issues between China and the United States. It has helped stabilize their shaky relationship on an issue that is a critical competitive point and may open the door for further engagement on additional key aspects of cybersecurity. 

 

Franz-Stefan Gady is a senior fellow at the EastWest Institute. His research interests include civil-military relations, military affairs, cyber-diplomacy, and the politics of South Asia.

The views expressed in this post reflect those of the author and not that of the EastWest Institute.