No Easy US-China Cyber Security Solutions
I spy, you spy, we all spy
In late September, the Presidents of China and the United States reached a number of agreements on cyber security, cyber espionage and cyber crime. They provide for a new high-level contact group as well as assurances to investigate and resolve complaints from each other.
The agreements are important diplomatic breakthroughs, but they are relatively piecemeal when seen against the bigger picture. They may ultimately prove to be destructive if not followed up quickly by a more comprehensive agreement.
From the US side, the agreements were intended to constrain China from using government-collected commercial intelligence for the benefit of its civil sector firms. This narrow focus on just one aspect of the bilateral cyber problem appears to reflect a US belief that it can be addressed without Washington having to give up anything.
This is further evidenced by its repeated demands, unaccompanied by any concessions, even rhetorical ones. The US decision to stake so much on eliminating cyber espionage without considering other major challenges may be misguided for at least three reasons.
First, the United States overestimates the negative impact of China’s cyber espionage on US competitiveness. Take for example the case of Westinghouse, the giant US corporation named as a victim in indictments brought against five People’s Liberation Army personnel in May 2014 for commercial espionage. Westinghouse was almost certainly the victim of cyber espionage and its trade secrets were undoubtedly handed to a Chinese competitor.
But within two months of the indictment, Westinghouse raised its estimates of likely new contracts in China to US$20 billion. Its competitiveness does not appear to have been impacted negatively in the short to medium term. And Westinghouse was already in a long term technology transfer relationship with China that had seen it hand over some 75,000 technical documents as well as engaging in joint nuclear construction projects in China.
Second, the US position rests on its assertion that there is a workable and enforceable distinction between the national security purposes of economic cyber espionage (which Washington defends and conducts) and the commercial purposes of cyber espionage (which Washington says it opposes).
In effect, the US is implying very clearly that the espionage against Westinghouse had no national security implications at all. Such a claim is not sustainable. There may be few companies in the United States where the blurring between military and civil purposes is more profound. Westinghouse is a major supplier of military nuclear reactors to the US Navy. For this reason, Westinghouse and the nuclear technology sector appear therefore to have been poor choices for action as part of a diplomatic strategy to counter China’s cyber espionage for being commercial in character.
Third, as many commentators have argued, the agreement on commercial espionage may create more diplomatic minefields than it eliminates because of imprecise language and lack of enforcement capability.