For two years, academic experts from the United States and China have quietly held talks on cyber-security, straining to establish rules of the road in a realm that has proven a persistent irritant between the world’s two largest economies.
The informal discussions have yielded modest progress in areas such as cooperation to combat Internet fraud, where both Beijing and Washington have an incentive to work together, according to participants.
But mostly, the talks appear to have exposed a wide gap between the United States and China over almost everything virtual: policing computer networks, moderating cyber warfare, even controlling information, Reuters reports.
China’s contrasting view of cyber security was made clear as soon as the United States began discussing the need to protect computer networks, James Mulvenon, a China expert at the Defense Group Inc, told a recent Washington conference.
China wanted to talk about censorship. “The Chinese came back immediately and said no, no, no, we want to talk about information security, which is both protecting the network and policing the content on the network,” Mulvenon said.
“Right from the outset, we were talking past one another,” he added.
Digital attacks and cyber snooping on U.S. technology firms and government agencies including the Pentagon, many of them believed to have originated in or been routed through China, have pushed cyber-security up the list of thorny issues troubling Sino-American relations.
While Beijing denies it, U.S. officials and experts suspect China’s hand was behind the hacking and phishing of web-search giant Google Inc. this year and last, as well as intrusions into Pentagon networks.
On Thursday, the Pentagon is due to release its formal cyber-security strategy.
Unlike nuclear, chemical and biological weaponry, or trade wars, there are no existing international treaties that cover cyber-war, computer espionage or hacking.
Former Secretary of State Henry Kissinger, an architect of the U.S. opening with China in the 1970s, told a Thomson Reuters event last month that a high-level agreement between the two sides is needed. “If you take it case by case it will lead to accusations and counter-accusations,” he said.
UNOFFICIAL TALKS FIRST
But so far, there has been relatively little official movement.
The annual cabinet-level U.S.-China Strategic and Economic Dialogue included cyber security for the first time this year, but the session was just 90 minutes long, cut in half by translation and produced no breakthroughs.
The unofficial talks between experts began after China approached the United States with concerns that hacker intrusions were stoking bilateral tension, said James Lewis, a cybersecurity expert who leads the U.S. side of the talks.
The U.S. group and experts from the state-affiliated China Institutes of Contemporary International Relations have covered four areas: law enforcement, trade, military issues and espionage.
Five group meetings and three smaller informal meetings have made headway in the law enforcement area, said Lewis, of the Center for Strategic and International Studies, a Washington think tank.
In one instance, the FBI helped China’s law enforcement agencies by staging raids in New York on Chinese in the United States who were defrauding people back home, he said.
“It’s slow, but I think there’s a little bit of progress,” said Lewis, adding that the goal is to eventually hand the conversations over to official negotiating teams.
SAME WEB, DIFFERENT DREAMS
But the military and espionage tracks have been hard going, highlighting what analysts say is a huge U.S.-China perception gap over values, capabilities, interests — and even basic definitions of deterrence and cyber security.
Analysts say China’s People’s Liberation Army believes its ability to attack U.S. cyber infrastructure compensates for its conventional military weakness compared to the United States.
“I’m quite skeptical of the likelihood that any effective understanding of offensive operations can be reached with the Chinese government,” said Stewart Baker, a former U.S. Department of Homeland Security official, now at the law firm Steptoe & Johnson.
China’s eagerness to acquire foreign technology also has inspired cyber intrusions that anger trade partners.
Hackers based in China have been accused of trying to steal everything from Google’s valuable search algorithm to manuals for U.S. satellites to gigabytes of proprietary business information from Western energy companies.
But China’s spymasters, paradoxically for a centrally controlled government, do not keep a tight leash on hackers and others that they train, said Lewis, whose group will hold its next round of unofficial cyber-security talks later this year.
Lewis said he was skeptical that Beijing was directing the high-value intellectual property theft or could stop it.
“They do train people and they do use proxies but that doesn’t mean that everyone is under their control,” he said.
Even if the United States could verify that China was behind malicious cyber activity and Beijing had the capacity to rein it in, negotiations toward a cyber treaty might require concessions Washington would be loathe to put on the table.
Jack Goldsmith, an international law and cyber-security expert at Harvard Law School, says China and other countries would likely demand U.S. restraint in areas such as intelligence gathering and encouraging political activists who challenge curbs on Internet freedom.
“Until the United States gets serious about which concessions that are attractive to our adversaries it is willing and able to make, American talk of a cyber-arms agreement is empty,” Goldsmith wrote recently.