President Barack Obama announced Friday that the United States and China have agreed to establish a new working group for combating cybercrime, potentially paving the way for more extensive cooperation between two countries locked in a fierce and costly digital rivalry.
The working group, composed of senior law-enforcement and intelligence officials from both nations, will evaluate how the two major powers respond to each other’s requests for assistance fighting “malicious cyber activity,” the White House said in a statement. The group will hold its first meeting before the end of the year, with subsequent meetings occurring twice per year.
The new cyber dialog will include “a hotline for the escalation of issues that may arise in the course of responding to such requests,” a system reminiscent of the direct link between the leaders of the U.S. and the Soviet Union during the Cold War.
“No nation has done more to advance its economic interests through the theft of the work product of others than China, at tremendous cost to American businesses and jobs.”
The U.S. and China also agreed not to “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, for commercial advantage,” Obama said at a joint press conference with Chinese President Xi Jinping.
The agreement was immediately met with cautious optimism from some members of Congress.
“No nation has done more to advance its economic interests through the theft of the work product of others than China, at tremendous cost to American businesses and jobs,” Rep. Adam Schiff (D-Calif.), the top Democrat on the House Intelligence Committee, said in a statement. “I remain skeptical that China will deliver on this promise, and believe it will be necessary to impose a series of increasing consequences on Chinese businesses that continue to profit from the theft of American research and development. But if curbing cyber theft is a journey of a thousand miles, perhaps China has taken a first step.”
“Actions speak louder than words,” said Rep. Will Hurd (R-Texas), chairman of the House Oversight Committee’s information-technology subcommittee. “We need to remain vigilant against possible attacks by the Chinese government and Congress needs to continue to do more to enable the fortification of our nation’s digital infrastructure.”
READ MORE: Cybersecurity expert James Lewis: U.S.–China cybercrime agreement ‘a major step forward’
Tim Maurer, the director of New America’s Global Cybersecurity Norms and Resilience Project, called the agreement “a great sign that diplomacy can be successful at addressing even very complicated issues in an area of significant tensions.”
“With the head-of-state level commitment, let’s hope it will now trickle down and be effectively implemented in the months to come,” Maurer said.
President Xi’s first state visit to the U.S. came at a time of record tensions between the two countries over issues ranging from hacking and data theft to oppressive restrictions on foreign businesses.
The U.S. has privately concluded that China is responsible for the massive data breach at the Office of Personnel Management, the federal government’s human-resources agency. Hackers believed by U.S. officials to be working for China stole more than 22 million personnel records, including more than 5 million fingerprint records. The Obama administration has declined to publicly blame China for the OPM hack, angering many Republicans, in Congress and on the 2016 campaign trail, who want the president to more aggressively confront Beijing.
Sen. Ron Wyden (D-Ore.), who has called attention to the woeful state of federal cybersecurity in the wake of the OPM hack, said he was “encouraged” by signs that the U.S. and China were making tentative diplomatic progress.
“I raised the issue of cyberattacks with Chinese officials in Beijing last year, and they approached the issue very differently from the way most American officials do,” Wyden said through a spokesman. “This is what makes talks with them so challenging.”
Wyden noted that China, unlike the U.S., did not distinguish between economic and political espionage, adding, “I had some pretty heated discussions with Chinese officials about this.”
The Treasury Department is developing sanctions against Chinese businesses and citizens in retaliation for the OPM hack, but those sanctions were delayed so as not to disrupt Xi’s visit and the negotiations that led to today’s announcement. President Obama signed an executive order in April that laid the foundation for sanctions over cyber misconduct.
U.S. officials and tech companies are also concerned about a new Chinese security policy and its effects on American businesses operating in the country. Beijing wants foreign companies to pledge that their products are “secure and controllable,” but experts worry that this could be code for a backdoor mandate, letting Chinese authorities bypass the companies’ encryption.
The U.S. and China will also create a “senior experts group” to further study the issues raised by the 2015 report of the United Nations Group of Governmental Experts on cyber norms, which recommended that “states cooperate to prevent harmful [cyber] practices and should not knowingly allow their territory to be used for internationally wrongful acts.” Both countries were among the 20 nations that drafted and endorsed that report.
“This agreement represents important, substantive progress in the relationship between the U.S. and China,” said Rep. James Langevin (D-R.I.), the top Democrat on the House Subcommittee on Emerging Threats and Capabilities. “I congratulate President Obama and his team for their work in negotiating this agreement, and I look forward to a new era of understanding in cyberspace.”
Photo via Dave Crosby/Flickr (CC BY SA 2.0) | Remix by Jason Reed