WASHINGTON—The nation’s top intelligence official said Tuesday that he’s not optimistic that an agreement the United States recently struck with China will effectively deter state-sponsored cyberattacks on business emanating from the communist nation.
President Barack Obama and Chinese President Xi Jinping met last week and agreed not to conduct or knowingly support cybertheft of trade secrets or competitive business information. The White House said the agreement covers cybertheft where the intent is to provide a competitive advantage to a country’s companies or commercial sectors.
At a Senate hearing, Armed Services Committee Chairman John McCain asked Director of National Intelligence James Clapper if he was optimistic that the agreement would result in the elimination of such attacks from China.
Clapper replied, “No.”
The agreement was not supposed to eliminate all cyberattacks, only state-sponsored ones that target businesses. Obama also said he told Xi that cyberthreats from China have to stop.
Recently, the Office of Personnel Management was the victim of what the United States believes was a Chinese espionage operation that affected an estimated 21.5 million current and former federal employees or job applicants.
McCain (R-Ariz.) said the Obama administration has not been aggressive enough in responding to cyberattacks or taking steps to effectively deter them.
“We are not winning the fight in cyberspace,” he said. “The problem is a lack of deterrence.”
Robert Work, deputy secretary of defense, acknowledged that the Defense Department needs to improve deterrence. “We do believe there are some things the department is doing that are working, but we need to improve in this area without question,” Work said.
Clapper said economic sanctions might be the best way to curb cyberattacks from China, which he said are “pretty pervasive.”
“I think there is a question about the extent to which the (Chinese) government actually orchestrates all of it or not,” he said.
Clapper added that when discussing penalties, policymakers also must remember that the United States conducts cyberspying, too.
“We, too, practice cyberespionage and in a public forum, I’m not going to say how successful we are, but we’re not bad,” Clapper said. “I think it’s a good idea to at least think about the old saw about people in glass houses should not throw rocks.”