Cyber peace deal still possible despite China's US cyber-spying denials
Cyber Xi Jinping cyber claims he's cyber ready to cyber play cyber ball
The US and China are still expected to announce a cyberwar peace deal, despite signs to the contrary during a state visit to the US by the Chinese paramount leader this week.
Chinese President Xi Jinping kicked off his visit by telling the Wall Street Journal that the "Chinese government does not engage in theft of commercial secrets in any form."
Security analysts have reacted with incredulity to this denial, which, although in line with previous claims that China is a victim rather than perpetrator of cyber-espionage, comes from the very top of the Chinese government. "Xi is either a bold-faced liar, or he considers the PLA, MSS, and other state hackers to not be part of CN gov," said Richard Bejtlich, a strategist at FireEye/Mandiant, in a Twitter update.
Foreign policy experts also reckon Xi's emphatic denial – which few believe because evidence of Chinese spying on Western tech firms and government is so voluminous and longstanding – is unhelpful.
"Xi Jinping denies involvement in cyber espionage, extremely difficult to agree to rules of the road [for] deals not rooted in reality," said Jason Healey of Columbia University's School of International and Public Affairs.
What irks the American side is that Chinese military units, using hacking techniques, are systematically stealing commercial data from US businesses to benefit Chinese business. The recent attack of the US government Office of Personnel Management, which is also blamed on China, is considered fair game.
Accusations over cyber-spying have been a thorn in the side of diplomatic relations between the US and China for years, with blame being thrown in both directions.
China formally arrested an American businesswoman accused of stealing Chinese state secrets on the eve of Xi's visit, the New York Times reports. Chinese state security officers first detained Phan Phan-Gillis six months ago, and since then she's been held in China away from her family in Houston, Time adds.
So is China trying to sabotage agreement on cyber-policy? Perhaps not. Relations might actually be thawing, contrary to indications otherwise.
The US indicted five officers of the People’s Liberation Army last year, while the US government was reportedly mulling further "unprecedented" sanctions against China in response to hacking less than a month ago. But over recent weeks there has been increasing evidence that the two sides might be edging closer to some sort of agreement.
The New York Times reports that each country is prepared to promise not be the first to use cyberweapons capable of crippling the other's critical infrastructure. Agreement on a more general "code of conduct" may also be possible, the NYT adds.
During a Q+A with the WSJ (transcript here) featuring the China cyber-espionage denial, Xi goes on to suggest that a Sino-US deal on fighting cyber-theft of commercial secrets is nonetheless possible.
"Cybertheft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offences and should be punished according to law and relevant international conventions," Xi said. "China and the United States share common concerns on cybersecurity. We are ready to strengthen cooperation with the US side on this issue."
The cyber side of the agenda for a summit between Xi and President Obama, and what success might look like, is detailed in a blog post by the Center for Strategic and International Studies (CSIS) here.
Others warn that a cyber treaty with China could entail encryption backdoors, censorship, and IP transfers. That may be, but one thing for sure is that any agreement between the leaders of the world's two biggest economies will have ramifications for trade, privacy, and security around the world. ®
- Black Hat
- China Mobile
- China telecom
- China Unicom
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Cyberspace Administration of China
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Great Firewall
- Hong Kong
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Semiconductor Manufacturing International Corporation
- Trusted Platform Module
- Uyghur Muslims
- Zero trust