While US-China bilateral relations are currently strained across multiple issues –North Korea’s increased nuclear testing; emissions curbing of “super GHGs”, human rights; and China’s increasingly assertive territorial claims in the South China Sea and East China Sea – it is the cyber war debate that has been claiming recent news headlines, and much more so within the US than in China. Until late May, the US-China dynamic surrounding cyber attacks was mainly one-sided, with senior American officials accusing their Chinese counterparts of high-scale governmental espionage, which the Chinese have vehemently denied. In actuality, the US National Security Agency has been hacking into the Chinese governmental system for over 15 years, something China is well aware of and has threatened to exploit. In this game of finger-pointing and hypocrisy, a legitimate conversation on a common set of rules within cyberspace will require the leaders of the two superpowers to develop a mutual trust – something that has been lacking since June 4, 1989.
On his first visit to the US since his presidency in March, Chinese President Xi Jinping met with US President Obama on June 7-8 at the Sunnylands estate in Rancho Mirage, California, which has historically been used for more casual, intimate summit meetings.
When the agenda for this meeting was agreed upon several months ago, the issue of cybersecurity was not one of the key topics to be discussed. As a subject that has long frustrated Washington, cybersecurity is now breaking across US headlines due to recent revelations about the NSA’s PRISM program and Verizon’s metadata collection from a former CIA operative named Edward J. Snowden, now living in Hong Kong.
The US media has focused at length on China's widespread use of computer hacking to steal US government, military, and commercial secrets – with the Pentagon specifically accusing Beijing in May after Chinese hackers stole US government designs for several major US weapon systems critical to U.S. missile defenses, combat aircraft, and ships . The Chinese, on the other hand, have only recently reciprocated in cyber accusations, with President Xi announcing at the June summit that China has also been a victim of cyber-espionage, hinting at US origins.
China’s top Internet official, Hung Chengqing, has publicly accused the US government of hypocrisy, citing Beijing’s “mountains of data” showing that the US has engaged in widespread hacking designed to steal Chinese government secrets. Indeed, according to Chinese authorities in June, of the 6,747 computers controlling nearly 2 million botnets in China, 2,194 were based in the US, making the US the largest point of origin for cyber attacks against China.
On the other hand, the US National Intelligence Estimate identified China as the most aggressive country by far in terms of stealing intellectual property from US companies in an assessment released in February. A week later on February 18, US security firm Mandiant reported cyber attacks based in the Chinese military over a six-year period, breaching more than 115 large US-based organizations in 20 separate industries.
Though Obama and Xi pledged a constructive and productive “new model” of relations during the summit, the two countries will never reach mutual cooperation on cyberespionage when each side is so deeply entrenched in hacking into the other. In his opening remarks, Obama described a world order where all countries played by a set of common rules on cybersecurity, recognizing that “the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important”. However, given attacks like the 2010 US-based Stuxnet computer worm used on Iran, the US should be careful to practice what it preaches. As two of the most influential countries in the world, the US and China must lead the cybersecurity issue by example. With speculated and proven data on both sides showing heavy cyberespionage, valid accusations and criticisms are important in identifying both domestic and international criminals. However up to this point, the cybersecurity strategies have been to continually build up defensive and offensive cyber tactics. Moving forward, it will be especially important for the US and China to include listening to criticism from the other side and responding to valid accusations to develop the cyberespionage debate into a real conversation.
US Secretary of State John Kerry recently announced a joint US-China working group to tackle cyber issues. With tensions high and mutual trust low, the committee will provide a chance to shift the US-China dynamic to one with more consideration and arbitration.
Once a stronger and responsive trust is built, perhaps the US could steer the conversation into a greater, wider-reaching topic: open and global Internet freedom. China’s cyberspace is laced with strong national borders and firewalls for objectionable material. While the US must first rectify its own surveillance and malicious systems like Cyber Command and Stuxnet, it is fundamentally in a better position to begin the global talk on cyberespionage and freedom in cyberspace. With so many computers and so much of the Internet’s underlying infrastructure – approximately 500 million hosts, including those for some of the world’s most influential technological corporations, compared to China’s 20 million – a start within the US could be much more sustainable and rooted as well.
President Obama and Xi have made plans reconvene to discuss cyber issues in July. It will be important for the US to address the legitimate cyberespionage concerns cited by the Chinese, in which the new joint working group offers the perfect opportunity.