U.S. officials skeptical China will honor cyber agreement

The jury is still out regarding the recent agreement the United States entered into with China on cybersecurity. While viewed as a positive step – one in the right direction in terms of thawing relations and moving toward some semblance of norms in an otherwise cacophonous domain – intelligence officials are skeptical, especially considering the agreement’s vagueness and the fact that it is not backed by law. 

“Are you optimistic?” Sen. John McCain (R-Ariz.), chairman of the Senate Armed Services Committee, asked Director of National Intelligence James Clapper at a committee hearing Tuesday. Clapper simply replied, “No.”

“Hope springs eternal,” Clapper told McCain. “I think we will have to watch what their behavior is and it will be incumbent on the Intelligence Community, I think, to depict, portray to our policy makers what behavioral changes if any result from this agreement.”

“I would characterize the agreement that we have as a confidence-building measure with the Chinese, where we are asking them to prove to us that they are serious about what they say, about what they will do to control these efforts,” Deputy Secretary of Defense Robert Work told lawmakers at the hearing.  “So this isn’t a treaty or anything like that – it’s a confidence-building measure for us to find out if China is going to act responsibly.”

The U.S. and China agreed to a four-point plan:

1. That both sides respond to requests for information and assistance concerning malicious cyber activities, as well as requests to investigate cybercrimes.

2. That neither country supports the cyber theft of intellectual property, including trade secrets or other confidential business information.

3. That the countries work together to help establish appropriate norms of behavior in cyberspace, and to establish a senior experts group to keep the conversation going.

4. That the countries establish a “high-level joint dialogue mechanism” concerning cybercrime, with a group chaired by the Homeland Security secretary and U.S. Attorney General, and including representatives o the FBI, U.S. Intelligence Community, other U.S. agencies and their Chinese counterparts.

China is widely believed to have engaged in a persistent campaign of cyber espionage both to benefit its own intelligence and gain an advantage for its own companies by gathering and stealing intellectual property. The highest-profile recent incident was the lifting of some 21.5 million personal records from the Office of Personnel Management. Although the records contained extensive personal information on current and former government employees and contractors, Clapper said at an event hosted by Georgetown University last week and at Tuesday’s hearing that the Intelligence Community doesn’t know exactly what was taken from the OPM databases (the government has yet to publicly blame China despite several indicators it was behind the hack.)

Of the new agreement, Clapper said, “It would be very helpful if, of course, the Chinese actually live up to what they agreed to.” He noted that the agreement pertains to the theft of data that would  benefit Chinese commercial concerns or defense industries, but that “I don’t believe that we’ve agreed with the Chinese to stop spying on each other.”

At the hearing, Adm. Michael Rogers, commander of Cyber Command and NSA Director, said that, while Russia is the most capable nation-state actor in cyberspace, China takes the cake in terms of volume of attempts and activity against the United States.

Clapper also suggested, when asked, that the threat of economic sanctions brought the Chinese to the table to enter into such an agreement.