Agreement between US and China does not mark end of cyber espionage

Strategic and diplomatic success of the agreement between US and China has no real effect.

The cyber agreement between US and China is a success of the new American doctrine but has no real consequences.

On 25. 9., Chinese president Xi Jinping signed a long-awaited agreement with Barack Obama concerning cyber security. Although media presented the agreement as the first cyber peace agreement, the real effect is negligible. According to security firm CrowdStrike, the cyber espionage from China continued in the past three weeks despite all assurances. And while the United States celebrates the first success of the new strategy of cyber intimidation, cyber security still remains one of the biggest security threats.

Pentagon's new security strategy reflects a radical change in the attitude towards Washington's cyberspace. The document from this year formulated for the first time the offensive use of cyber weapons and the situations in which the American government would use them. That includes threats to national interests, physical damage of critical infrastructure but also threats that would cause long-term economic damage. Ambiguously described situations and ill-defined reasons are the objectives of the strategy to make a vague idea of when the US will use the tools of cyber war.

Even though the US is, without a doubt, the greatest technologic power with the best cyber skills, they remain a perpetual victim of successful cyber attacks, information thefts and various kinds of cyber espionage. Concepts of active defence or voluntary cooperation of the private sector are now viewed as insufficient and Washington resorts to the defence strategy from the Cold War era – intimidation. The fundamental problem for the US is Chinese industrial, commercial and technological espionage worth several trillions of dollars that in the last few years have saved China years of research and was aptly called the largest transfer of wealth in world history.

Formulation of a new doctrine of cyber intimidation had several steps. First, in April the new presidential order made possible imposing sanctions on hackers overseas and after the new cyber strategy was revealed at the end of the month, five PRC generals were convicted of espionage. During last month's negotiations about cyber security between the US and China, another weapon of intimidation has come to light: a comprehensive package of economic sanctions. However, the sanctions were not executed and Xi Jinping promised that China will not engage in the industrial cyber espionage. It is hard to say how effective his words will be since he has also claimed that China has never even done any cyber espionage. The economic transformation of China is nevertheless based on the change of production of cheap products into sophisticated and advanced technologies and gaining production know-how. For that, they need foreign technologies and so the industrial espionage and theft of intellectual property will still be an essential tool to the growth of "non-market" and centrally planned economy with limited innovation environment.

Although the states cannot agree on the game rules, there are norms that are quietly respected by all. One of them is not causing physical damage with cyber attacks where all states take advantage of a non-violent character of the majority of cyber attacks and the fact that international laws cannot be applied to this domain. This creates a certain standard where the states take advantage of the grey zone for espionage, big data thefts and attacks on networks, but there is also a taboo regarding big destructive cyber attacks causing physical damage that could (like the former threat of nuclear war) start a series of mutual merciless and destructive cyber attacks.

Despite the new efforts to find an agreement between the US and China and the continuation of intense cyber espionage and non-violent information attacks, we do not have to fear a large cyber conflict. Unfortunately, such norms do not apply for non-state participants who have nothing to lose and use the anonymity in the Internet domain and relative absence and weakness of states.

About author: Petr Boháček

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace