All Quiet on the Cyber Front?
At China US Focus, EWI Fellow Franz-Stefan Gady discusses negotiations between the U.S. and China at the APEC conference in Beijing, and asks whether the parties fell short on cyber-diplomacy.
Despite being one of the most pressing Sino-US issues, cybersecurity has received scarce attention during meetings between China and the United States at this year’s APEC Summit. U.S. Deputy National Security Advisor for Strategic Communications, Ben Rhodes, remarked on the sidelines of the summit that it was important for both countries to have a dialogue on cyber spying and that the U.S. will not stand idle on the issue, however the Chinese side, except for a brief mentioning of cyber terrorism, remained silent.
According to an interview in The Hill, U.S. cybersecurity expert, James A. Lewis, thinks that this has to do with divergent priorities: “The Chinese talked about cooperating on cyber terrorism, and Obama talked about the importance of protecting intellectual property, there’s still a disconnect.” During a press conference with U.S. President Barrack Obama, Chinese president Xi Jinping mentioned his desire to “develop a new type of military-to-military relationship between the two countries.” Any new official dialogue between the Pentagon and the People’s Liberation Army (PLA) on military matters would have to include cyber issues in the agenda. In addition, both sides also agreed to deepen cooperation between the U.S. Department of Homeland Security and the Chinese Ministry of Public Security, which could also point to bilateral discussions on cybercrime and cyberterrorism.
Over the last few months, the United States and China did maintain a quiet inter-governmental dialogue on cybersecurity indicating that both sides realize that their mutual dependence on cyberspace is just too great to suspend all forms of cooperation. Yet, there was neither an announcement of the resumption of the work of the official U.S.-China Cyber Working Group (China suspended its participation after the indictment of 5 PLA members by the U.S. Justice Department in May 2014), nor were there any other signals that the divisive issues of cyber espionage would be addressed in the immediate future.
One reason for the absence of serious discussions on cybersecurity at the APEC Summit could be that the United States overplayed its hand in “naming and shaming” Chinese entities engaged in cyber espionage in the run up to the summit. On the first day of the summit, the U.S. media reported the breaching of the networks of the U.S. Postal Service compromising the data of more than 800,000 employees with fingers pointing to China. According to some sources, the breach was known since mid-September, which calls into question the reason behind the timing of the announcement of the network intrusion. On the one hand it just could be unfortunate timing due to lack of coordination within the U.S. government, on the other hand it could have been a deliberate U.S. move with the aim to strengthen the U.S. negotiating position on cyber issues vis-à-vis China. The PRC has been using the Snowden revelations as a shield to deflect any accusations of Chinese wrongdoing in cyberspace.
In addition, the publication of a report by the U.S.-based cybersecurity firm, Novetta Solutions, on the Chinese hacker group Axiom in late October may have further fueled Chinese resentment. Among cyber experts, the report revealed nothing new, and some critics are voicing concerns that a modus operandi is emerging in which U.S. cybersecurity firms use the Chinese threat to gain publicity and promote their own parochial business interests. Indeed, since these sorts of reports have not been able to stem the tide of Chinese cyber attacks, the whole strategy of “naming and shaming” may be called into question. It appears to achieve little except to undermine cyber diplomacy between China and the United States.
Apart from the Sino-U.S. cyber relations, reports on a bilateral cyber treaty between China and Russia to be signed during the APEC summit seem to have been exaggerated. Some sources now claim that an agreement on Russian-Chinese cooperation in cyberspace will be signed in the first half of 2015. According to the Russian media one unnamed source claims that, “This [agreement] will be more powerful than what we have with the Americans.” Russia and the US signed a cybersecurity cooperation agreement in 2013. Despite all the noise between Washington and Beijing about cyberspace, Russia has U.S. officials more worried than China. However, as I have pointed out before, Russia and China are not naturally allies. The only thing they have in common is a shared belief in the innate hostility of the American dominated international system against their supposed rightful ambitions as great powers.
That cybersecurity remains a top concern for the United States in Asia is evident in the results of the 2nd ASEAN-U.S. Summit which President Obama attended right after the APEC 2014 meeting. At the summit the United States pledged to help build ASEAN’s cyber capabilities, help foster cooperation and “reduce the risk of conflict during a cyber incident by supporting an ASEAN cybercrime workshop hosted by Singapore in 2014, jointly chairing with Singapore the ASEAN Regional Forum Seminar on Operationalizing Cyber Confidence Building Measures scheduled for 2015.” It would not be the first time that the perceived China threat would move other Asian countries and the United States closer together on an issue.