The United States and China are expected to announce an agreement governing the use of cyberattacks against critical infrastructure, according to a New York Times report.
President Obama and China’s President Xi Jinping will likely negotiate the agreement next week when President Xi visits Washington, D.C., and the outcome could be announced Friday.
The New York Times calls it “the first arms control accord for cyberspace.” The agreement would likely protect infrastructure like power plants and hospitals from cyberattacks during peacetime, but would not apply in situations similar to the recent high-profile hack on the Office of Personnel Management, in which government employee information was stolen.
A senior administration official told the New York Times that the agreement between Presidents Obama and Xi would likely be a “generic embrace” of a United Nations code of conduct that prohibits damaging critical infrastructure.
However, such a generic agreement would not address the cyberattacks that have grabbed headlines in the U.S., like the OPM hack that the U.S. attributed to China. Director of National Intelligence James Clapper recently told Congress that the OPM hack was not considered an attack—and therefore it would not be governed by the agreement currently under negotiation. “There was no destruction of data or manipulation of data,” Clapper said. “It was simply stolen. So that’s a passive intelligence collection activity, just as we do.”
But an initial agreement over critical infrastructure could eventually extend to data collection and other areas, the Times reports. Tracking the agreement’s effects could be difficult, however—tracing an online attack back to its origin is not a simple task, making it hard to tell if either government is living up to its end of the bargain.
H/T The New York Times | Illustration by Max Fleishman