China’s top spy and Politburo member, Meng Jianzhu, made a highly unusual four-day visit to the US in early September where he forged an agreement between China and the US to cooperate more deeply on cyber security issues. The Meng visit was intended to smooth the way for the visit of President Xi and to allow him to announce with President Obama on 25 September new progress by senior officials in this area.
The two countries agreed to investigate complaints by each other about malicious cyber activity, to cooperate more on resolving criminal investigations, and not to undertake commercial espionage. On this last issue, they agreed not to ‘conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors’.
There’s clear distinction, as the two countries agree, between economic espionage for national purposes and commercial espionage intended only to benefit a firm in the civil economy. It’s a declared US policy to conduct economic espionage in order to maintain its technological edge over other countries; and China does it to catch up.
New disputes about the September 2015 cyber agreement will inevitably arise, and sooner rather than later. The saving grace, and the most solid diplomatic achievement on this front, was the agreement to set up at Cabinet level a Working Group to resolve disputes. On the US side, the Secretary of Homeland Security and the Attorney General announced on 25 September that they would be the leads and that their counterparts on the Chinese side would also participate.
This new Working Group follows a failed attempt beginning in April 2013 to set up a working level mechanism between the foreign ministries of the two countries on cyber security. This was suspended by China in May 2014 when the US brought indictments against five personnel from China’s armed services for industrial espionage.
The agreements will provide a brief respite in diplomatic angst around China and cyber space. But some of this concern is misplaced, as leading scholars and I have argued at length elsewhere in respect of the economic impacts of Chinese cyber espionage.
Yet, regardless of the estimates of impact on the US economy, there is little likelihood that China’s PLA will change tack on cyber-enabled economic espionage. Its internal security agencies may be watching more closely any illegal relationships between PLA cyber units and the Chinese ‘commercial sector’.
The US and China are locked in a fierce struggle in cyber space. It’s intensifying, even as the two sides manage to agree occasional elements of détente to defuse the tension. The stakes are high; at the extreme end of the list of concerns, the command and control of nuclear weapons (especially intelligence, surveillance and targeting aspects) depend in part on a securable cyber space.
For its part, China sees the cyber struggle with the US in three dimensions: internal security to support the continued rule of the Communist Party, China’s relative military backwardness in cyber space; and its overall technological backwardness in cyber space aspects of the civil economy. As outlined in my book, Cyber Policy in China, Beijing sees this struggle as asymmetrical, a situation that imposes on it an obligation to ‘push the envelope’ in all areas of policy while trying to maintain functional cooperation with the US in important areas of economic policy.
While pushing the envelope, there are several reasons why economic considerations force China to maintain a cap on its cyber confrontations with the US. The biggest reason is that China badly needs US investment and advanced know-how in the information technology sector. China has only a weakly developed cyber security industry.
This imperative is captured in a gem of understatement by the Chinese foreign ministry when it said in a summary of the Xi visit that future cyber strategies by both sides ‘should be consistent with WTO agreements, …take into account international norms, be nondiscriminatory, and not impose nationality-based conditions or restrictions’ on bilateral ICT trade and technology transfer—at least not ‘unnecessarily’.
The final sentence above is important for Australia. The US and China have agreed to limit the use of national security as a criterion for evaluating bilateral cyber trade and investments. Australia now needs to abandon its blind belief in US propaganda about the exaggerated economic impact of China’s cyber espionage. It needs to pursue more aggressively the opportunities for investment in China’s ICT sector, including in cyber security.
Most importantly, it needs to emulate the recent US move and set up a high level working group with China led by our Attorney General to address deeper cyber cooperation, as well as malicious activity.