Threat Intelligence Blog

Posted June 30, 2016

By: Emilio Iasiello, LookingGlass Cyber Threat Intelligence Group

In early June, the Eighth Round of the China-U.S. Strategic and Economic Dialogue (SED) was held in which senior officials of both governments had in-depth discussions on major bilateral, regional, and global topics. The talks were extensive, covering a wide range of high-level strategic issues that included military-to-military relations, nuclear security, confidence building measures, and cybersecurity, among others. The intent of the SED is to manage disputes between the two governments and find areas where cooperation can result in mutual benefit. Some Chinese scholars have referred to the Dialogue as a valuable ‘pressure-relieving valve’ during a time of strategic tension between the two countries.  Similarly, State Department officials have hailed these talks a “flagship dialogue.”

One important topic that was discussed was cybersecurity, an issue that has been contentious between the two governments since China has been publicly accused of supporting a global cyber espionage campaign. Indeed, when the United States ultimately indicted five People’s Liberation Army officers in 2013, China’s first reaction was to criticize the move and to remove itself from a joint cyber working group shortly after the indictment was issued. It took a state visit between Beijing and Washington, the threat of imposed cyber sanctions against Chinese interests, and an agreed “no hack” pact for commercial competitive advantage to reset the two governments on cybersecurity issues.  In December 2015, high-level talks resumed.

Cybersecurity was one of the featured issues discussed at the recent SED. The two sides agreed to continue to implement guidelines for combating cyber crime and criminal-related issues, as well as to cooperate on mitigating malicious cyber activity. In addition, both sides agreed to continue to reaffirm their September 2015 commitment to refrain from conducting or knowingly supporting cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors. Equally important, both governments affirmed the efforts first set forth by the inaugural Senior Experts Group on International Norms in Cyberspace and Related Issues, the result of a commitment made by the two countries during President Xi Jinping’s state visit to the U.S. last September.  The group is expected to meet twice a year with the next meeting tentatively set to convene in six months.

The SED comes at a time when the two sides are at odds over many geopolitical issues, particularly over the South China Sea. Finding common ground is difficult, especially when national security interests may not synch up. While areas of disagreement may remain, it’s imperative to find those issues where the relationship can deepen and strengthen based on mutual interest.

The cyber domain is a hotly contested subject where states seek to define norms of behavior and resolve the question of future Internet governance. Both China and the United States have been reprimanded by some in the global community for their suspected involvement in cyber espionage and conducting sweeping global surveillance, respectively.  Therefore, any opportunity where these two governments can come together and start to collaborate on even a small part of the larger cyber problem is an encouraging step forward.  Cyber crime is one such area as it remains a universal problem and one that particularly impacts both countries. China and the United States have been cited as being the most at risk to hacking, as well as being among the leaders from which a good percentage of cyber attacks originate. Finding a framework that seeks to remove some of the international legal and law enforcement hurdles will go a long way in setting an example for others to follow.

In the past couple of years, China has been aggressively engaged in reaching out to foreign governments for cooperation on cyber crime issues; among them, the African Union, Indonesia, the United Kingdom, and South Korea. A 2014 policy paper authored by China’s Ministry of Foreign Affairs regarding potential future cooperation between China and the European Union has been regarded as a possible framework model for the United States and China on cyber crime.

Currently, China is not a signatory of the Council of Europe’s Convention on Cyber Crime, which is largely considered to be the first international treaty seeking to address Internet and computer crime by harmonizing national laws. The purpose of such a treaty is to establish a common criminal policy by having participating governments adopt appropriate legislation that would facilitate international cooperation in identifying and mitigating these threats. For governments not signatories to the Convention, one-on-one agreements and bilateral engagement is necessary to address criminal issues. This is why the SED is important for these two countries at this time: it provides the vehicle in which the two governments can find consensus and cooperation by building trust and transparency, two necessary attributes for reducing potential tension and escalation on hot button issues.

So much progress has been made with the no-hack for commercial gain between the two governments, followed by a similar pledge by members of the G-20 shortly thereafter. To build on these successes, momentum must be capitalized on, and sides have to be willing to frequently engage one another as willing participants toward striving for a satisfying conclusion.  So far, the two are off to a promising start.

Additional Posts

Weekly Phishing Report: July 5, 2016

PHISHING REPORT: TOP TARGETS Week of June 26 – July 2, 2016 In this week’s phishing report, we ...

Weekly Threat Intelligence Brief: June 28, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...