Last week, President Barack Obama and Chinese President Xi Jinping pledged support for a cybersecurity agreement to quell the rising tensions between the two countries in cyberspace. The purpose of this agreement is to help prevent cybercrime against corporations and the government.
The big issues that brought this directly to the table were two 2014 breaches of United States databases that contained personnel files. During those events, assailants exposed 22.1 million people’s personnel records and security clearance files. These intrusions were linked back to the Chinese government, and it was considered to be incredibly damaging to U.S. national security.
However, the U.S. government made the case that this shouldn’t even be labeled an “attack.” In a testimony to Congress, James Clapper Jr., the director of national intelligence, argued that this was espionage, something that the U.S. often commits against the Chinese government. He argued that the U.S. didn’t want to make any commitments that would limit its capacity to use cyberweapons for covert purposes.
I really think you have to go big or go home when it comes to cybersecurity with China. Last week, we got support for a commitment to the importance of maybe addressing issues of cybersecurity between the U.S. and China (maybe).
Still, this doesn’t yield any significant action. Protecting against cybercrimes directed at corporations or the government won’t necessarily protect the security interests of the millions of ordinary people exposed by such attacks.
Second, cybersecurity doesn’t just defend against information theft — it very directly affects our energy supply, our economy and our military. Virtually everything electronic today is connected and networked. Scott Borg, the director of the U.S. Cyber Consequences Unit, argued that cyberattacks on our infrastructure have the “potential to
cause hundreds of billions of dollars worth of damage and to cause thousands of deaths.” Obama himself stated in 2009 that protecting this “digital infrastructure” was a “national security priority.”
The recent hollow agreement leaves China and the U.S. free to do whatever they want, as long as they don’t harm major tech giants. This isn’t meaningful negotiation — it’s a hollow detente, one that will have no impact on anything unless someone actually brings a meaningful agreement to the table.
Today, our world is more interconnected than ever. Yet the world’s biggest cyberpowers — the U.S., China and Russia — have not come together on a treaty for cooperation.
Meanwhile, the trust between the countries continues to deteriorate.
While this quasi-agreement with China seems like a step in the right direction, it’s not a step at all. It’s another example of why progress on the protection of cyberspace has halted in its tracks. This halt is something the world cannot afford.