Home » Cyber Security » US-China cyber agreement: Is it enough of a good thing?

US-China cyber agreement: Is it enough of a good thing?

Last week on this blog, I suggested that the Chinese government had likely out-maneuvered the U.S. government on the question of cybertheft in advance of President Xi’s State Visit.  Following meetings between Presidents Obama and Xi on Thursday and Friday of last week, the White House released a Fact Sheet affirming a common position on cybertheft as well as creating (another) high-level dialogue on cyber issues and the creation of a hotline for cyber-related incidents.

The good news?  There was more agreed to than had been hinted at in reporting before the event.  One commentator suggested that it was a “game changer.”

The bad news?  Agreement to state a principle of behavior is still favoring talk over action.  China’s acceptance of the norm is not inconsistent with Chinese protestations of innocence on cybertheft.  Looked at in that light, the Administration may have paid a real price by agreeing not to sanction Chinese individuals and entities under the President’s April 2015 Executive Order (EO) in exchange for a commitment to a norm China insists it follows anyway.

The bottom line on whether to perceive this agreed language as progress or not depends on whether cybertheft is degrading American economic competitiveness by the second or cybertheft is one among a collection of cyber-related problems that can be resolved through deliberative international processes.  The Obama Administration has consistently maintained that Chinese cybertheft represents an urgent national security problem as it degrades U.S. economic competitiveness and, undermines future U.S. growth.  Accepting this premise, the U.S. government should have acted by announcing sanctions rather than settling for a statement that did not break new ground.  If the White House had decided merely to delay sanctions until after the Xi visit, it would have been elevating diplomatic niceties over tough messaging; sanctions in October, however, would have gotten the job done.  Chinese support of a norm against cybertheft without careful definition of the terms, a verification mechanism, or any penalties for violating those words does not.

A long-term goal of achieving agreement on norms of behavior in cyberspace presumes that the problem is not urgent and can be addressed best through an international process that will lead to some eventual multilateral agreement.  (The President, in his remarks to The Business Roundtable earlier this month suggested both that the situation is urgent and that a drawn-out multilateral process provided the most effective way of achieving results, a logically inconsistent position.)  If the long-term trumps the short-term, the results of getting Chinese buy-in on a norm of behavior proscribing cybertheft is a success on which the U.S. can build.  The rhetoric from the Administration, however, does not support that conclusion.

Allow me to add one caveat:  One commentator has suggested that sanctions will still happen and that the Administration only agreed to change the potential targets:  “Expect them to come but to target companies not Chinese officials.”  This information is not part of what the White House released following the visit so it is not possible to verify the extent to which the Administration agreed to defer santions.  If sanctions will still happen, there is a stronger argument that this is a win-win outcome with actions as well as diplomatic words in the offing.  I have a hard time believing that a Chinese envoy and a Chinese President agreed to make the statements on cybertheft in exchange for limited or unspecified forbearance related to sanctions.  The proof should come in the next few weeks as we watch to see whether the U.S. Treasury imposes sanctions or not.