A 2012 paper from the EastWest Institute laid out several recommendations for cyber détente between the United States and China. It developed a case that built on remarks by Henry Kissinger and Jon Huntsman a year earlier. As the two countries prepare for the Strategic and Economic Dialogue in Beijing from 9-10 July 2014, and the Strategic Dialogue on 8 July, they might usefully conduct a mutual stock taking of what went so horribly wrong in their cyber relationship and what they can do to redress it.
Signs of Détente
Some glimmer of hope came in the bilateral agreement in 2013 to open official dialogue on the subject and after China set up a special unit in its Foreign Ministry to deal with cyber diplomacy. These developments came after Presidential agreement in 2011 that cybersecurity was an important bilateral issue, after several rounds of multilateral dialogue within the United Nations framework over almost a decade, a decade of work within the APEC framework, and informal bilateral dialogues in the previous four years. These informal dialogues included Track 2 work by CSIS, the University of California at San Diego and the EastWest Institute, and various peer groups in China, including the Internet Society of China. The proof of the detente was in improved bilateral cooperation on cyber crime, including in the fight against child pornography. By the time it arrived, the detente was a decade overdue as the number and seriousness of threats in cyberspace had been increasing each year.
What Went Wrong
It would be convenient for the appearance of balance to say that both sides are to blame for the recent downturn in cyber diplomacy. But that is not what happened. The public record shows unambiguously that the good efforts were scuttled, temporarily at least, by one development: the U.S. indictment on 19 May 2014 of five Chinese PLA personnel for hacking and the separate offences of industrial espionage. China’s commitment to continuing the dialogue had survived the Snowden revelations in the previous June of the scale of U.S. cyber espionage that came just months after the two countries had set up the working group on cyber issues. And the U.S. commitment had survived what it saw as continuing egregious behavior in cyber space by China.
The bringing of the indictments has been challenged widely within the United States as bad politics and bad diplomacy. A hard-nosed editorial in The New York Times on 24 May provides an essential critical departure point, describing the indictments as “pointless and perhaps counterproductive”. Being brief, the editorial did not venture an analysis of the charges. Moreover the editorial accepted the logic of the indictments in domestic terms — “understandable as a feel-good gesture” — because it also accepted the narrative of the U.S. administration of the billion dollar losses and industrial white-anting being caused by the espionage. An article in the National Journal on 28 May described the indictments as “simply silly” and an “empty gesture”. In a discussion of the indictments at a Brookings Institution event on May 22 led by the U.S. Assistant Attorney involved in the indictments, John Carlin, most comments in the question and answer session questioned the wisdom or common sense of the legal action.
Industrial Espionage and Strategic Policy
The U.S. assessments of China’s cyber espionage may be correct on the facts (we outside the intelligence community cannot be sure), but the overall story being woven around the alleged facts has a number of inconsistencies in it. At one level of policy, taking the case of the solar panel industry, the indictments are based on the intelligence analysis that the competitiveness of a U.S.-based company was undermined by Chinese cyber espionage. Even a cursory glance at serious academic literature on the state of the global solar panel industry and the U.S. part in it suggests that this allegation is suspect. The industry was in a state of over investment and over-supply, with many factors affecting pricing and competiveness ahead of possible knowledge only obtainable by espionage.
Moreover, in addition to doubts about the alleged impact on U.S. business in three sectors (civil nuclear, steel and solar panels) named in the indictments, there is room to doubt the underlying assessment that the level of industrial espionage is a threat of strategic proportions to the United States that would justify elevating it to the same level in the U.S./China relationship as the quite justified complaints at a strategic level of the impact on the U.S. economy of undervaluation of the Chinese currency. The “twin” main conclusion of the October 2011 report by the Counter Intelligence Executive on “Foreign Spies Stealing US Economic Secrets in Cyberspace” seem entirely reasonable: “Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security” and “cyberspace … amplifies these threats”. Is the main problem the basic insecurity of cyberspace or is it the states that exploit it for some economic gain (China, Russia, France and Israel are named in the report). The report even shows some balance by addressing alleged U.S. cyber espionage against French companies. A subsequent U.S. National Intelligence Estimate on industrial espionage released in February 2013, assessed that China’s industrial espionage was far more threatening to U.S. industrial and economic security than that from other countries.
United States diplomacy on this issue has a problem. The U.S. assessment that China’s cyber espionage is undermining the U.S. economy at a strategic level is simply not proven in the public record. The United States has not even been able to prove it convincingly in the case of a specific sector. The Administration has simply released too little data. With the U.S. indictments subject to so much questioning at home from serious scholars and a wide range of public media commentators, and in the absence of a convincing set of econometric tools for demonstrating the alleged impact on the U.S. economy, the damage to U.S. diplomacy toward China on this issue has been magnified.
Priorities for Cyberspace Cooperation
Cyber détente between the United States and China will only be possible when both sides more visibly commit to some verifiable restraint. This restraint may have to be in the civil sector before more complex military or espionage aspects of cyberspace confrontation can be addressed. Within the civil sector, the United States might usefully shift away from its heavy and misplaced emphasis on seeing Chinese industrial cyber espionage as its most serious threat. There are other threats that may be far more serious and that require China’s cooperation. A 2013 report of the 2020 Project of the International Cybersecurity Protection Alliance identified nineteen features of the future threat landscape from criminals (and states supporting criminals) and industrial espionage was not one of the nineteen.
The 2012 paper by the EastWest Institute identified two priority areas for action in the civil sphere:
- The United States and China should agree on a joint public study on the interdependence of their respective critical information infrastructure
- The United States should work to include China in the existing infrastructure of the 24/7 Network of Contacts for High-Tech Crime of the G-8.
Perhaps there would be merit in setting up a working group on a future looking subject of cyberspace cooperation, such as security of bio implements and implants. Somehow, the two sides need to find a way to return to this sort of practical agenda. It will not be easy, but it is urgent and it is still very much overdue.
Greg Austin is a Professorial Fellow at the EastWest Institute.
