The cybersecurity deal between the United States and China is a deal without trust. With the United States threatening sanctions and declaring that its patience for Chinese cyberattacks had reached an end, the leader of the Chinese Communist Party (CCP), Xi Jinping, agreed to end cyberattacks that have been stealing trillions in value annually from the U.S. economy.
The agreement is being viewed with a sort of pessimistic hope in the cybersecurity community.
“My opinion is, I'll believe it when I see it,” said Darren Hayes, director of cybersecurity and an assistant professor at Pace University, in a phone interview.
While some experts believe the threat of sanctions against Chinese companies is too large for the CCP not to comply, the CCP has a track record of saying one thing and doing another.
“I know it’s a priority for the U.S. government, because they estimate that trillions of dollars have been stolen, but this agreement lacks credibility,” said Hayes.
Obama and Xi announced the agreement during a joint press conference on Sept. 25, and drew a distinction between spy operations meant for economic gain, and those meant solely for espionage.
They agreed, Obama said, that neither country will “conduct or knowingly support cyberenabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Obama said he told Xi “the question now is, are words followed by actions.”
Oversight for Cyberspies
The cyberagreement will establish a system for high-level dialogue between the United States and the CCP. On the U.S. side, this will include U.S. secretary of homeland security and the U.S. attorney general.
The CCP will assign an official at the ministerial level. Other departments, including the FBI, the Department of Homeland Security, and Chinese offices with similar roles, will take part.
According to a White House fact sheet, this biannual dialogue will be used as a mechanism “to review the timeliness and quality of responses” if an incident takes place. In other words, if the United States detects a cyberattack being used to steal from a business, they will alert the CCP, and participants in the dialogue will review whether the CCP did anything about it.
Despite the oversight, on the surface the agreement appears to be toothless. Yet, deep down this may not be the case.
