Cyber Lexicon: U.S., China Speak Different LanguagesPreparing for U.S.-China White House Summit
Statements issued by the United States and China give a different take on cybersecurity talks scheduled to take place next week between Presidents Barack Obama and Xi Jingling.
See Also: A Toolkit for CISOs
Xinhua, the Chinese government news agency, reported on Sept. 12 that China and the U.S. have reached "important consensus on combating cybercrimes" after meetings late last week between a delegation of Chinese officials, headed by special envoy Meng Jianzhu, and top U.S. government officials, including National Security Adviser Susan Rice, FBI Director James Comey and Homeland Security Secretary Jeh Johnson.
But a terse White House statement issued that day acknowledges the gatherings took place, but does not characterize them, except to say that Rice's White House meeting with Meng involved "frank and open exchange about cyber issues."
Perhaps the different interpretation of the meetings is a language barrier - not English and Mandarin - but in how both sides define cybersecurity terms. The fact that the two governments don't share a common lexicon could pose problems for them in trying to reach agreement to make cyberspace safer for both nations and the world.
Still, as Xinhua suggests, the two sides might find some common ground in battling mutual cyberthreats, such as those coming from criminal fraudsters, rogue states and terrorists.
The United States and China conduct cyber espionage on each other, and there are accepted norms that it's OK to clandestinely collect information on government activities. The fact that the Chinese government might be behind the breach of U.S. Office of Personnel Management computers in itself doesn't bother American officials as far spying goes; that's what governments do.
But the U.S. government does not tolerate the theft of intellectual property from American corporations, and it's contemplating sanctions against Chinese individuals and companies, but not the government itself. That's despite that U.S. practice of conducting cyber espionage against Chinese businesses.
China steals intellectual property from American companies online, and then turns it over to its businesses to compete against U.S. industry. The U.S., on the other hand, garners economic intelligence from its hacks of Chinese systems, including state-owned businesses, to improve its position when negotiating trade deals. The U.S. sees a difference between the two; China doesn't.
"If you're on the receiving end, the two are exactly the same, except for the very last step," says cybersecurity expert and author Bruce Schneier, referring to how the intelligence it's used by the two nations.
China's Self Interest
A challenge facing Obama and other American leaders is to show their Chinese counterparts that the theft of intellectual property will hurt their commercial interests, too, as their economy matures.
But with gross domestic product growth rate of 7 percent to 12 percent a year, the Chinese aren't ready to seriously contemplate that message, says Larry Clinton, chief executive of the industry group Internet Security Alliance.
"The only way you sustain that sort of economic growth is to be stealing from others," Clinton says. "Without this sustained level of high economic growth, China's political stability would come under substantial pressure. So, for the moment, the likelihood of China curbing their economic-based cyber-attacks is unlikely, unless we can find a way clarify how it's in their own self-interest."
Despite the mistrust both governments have shown toward one another in cyberspace, last week's meetings sends a hopeful sign that the situation could change. Bruce McConnell, senior vice president at the think tank EastWest Institute, characterizes the meeting between Meng and U.S. officials as a positive step. "China and the U.S. are finally starting to recognize their mutual interest in creating cyberspace that is safe and secure place for people to work and live," says McConnell, a former deputy undersecretary for cybersecurity and senior counselor and director for strategy and policy at DHS. "I am confident the two presidents will make further progress next week in reducing tension in the bilateral relationship, including in cyber, while continuing to protect their national security interests."
And, it's in the best interest of both countries to reach agreement where they can.
"The United States and China have more to gain than lose through their intensive use of the Internet, even as friction in cyberspace remains both frustrating and inevitable," Jon Lindsay, an assistant professor at the University of Toronto's Munk School of Global Affairs, writes in a cyber-brief published by the Harvard Kennedy School's Belfer Center for Science and International Affairs. "Threat misperception heightens the risks of miscalculation in a crisis and of Chinese backlash against competitive U.S. firms."
Lindsay contends the rhetoric coming from some American officials about China's pilfering of intellectual property overstates the damage it causes. "Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated," he says. "Chinese cyber operators face underappreciated organizational challenges, including information overload and bureaucratic compartmentalization, which hinder the weaponization of cyberspace or absorption of stolen intellectual property."
The Chinese likely won't stop pilfering American intellectual property as a result of the summit; in fact, the Chinese deny they're stealing IP. Still, there are areas of common interests in which both nations could find agreement.