U.S. President Barack Obama and Chinese President Xi Jinping will meet at a secluded estate in Southern California starting today for two days of talks on a host of bilateral and global issues. Among them will be cybersecurity, which has quickly risen in prominence to the top of the Sino-American agenda. What can businesses expect from the talks? In short, they can expect that the discussion will be the beginning of a long process of negotiations aimed at resolving the dispute, and they can hope that the two leaders make a strong commitment, public or private, to increase cooperation to create a more secure cyber realm.
More by contextChina
• Cloud Computing, Amazon and China: An Insider’s Perspective
• China’s E-Commerce Market Grows in Size, Importance and Dynamism
• The Significance of Amazon Appstore’s launch in China
The meeting comes amid reports that a secret U.S. government program called PRISM has been accessing the servers of Microsoft, Google, Apple, Facebook and other tech giants for years to collect data that feeds U.S. intelligence activities. The controversy could weaken Obama’s position in the discussion of alleged cyber espionage by China.
A flurry of recent news reports and the rising importance of cybersecurity to the US-China relationship has created the illusion that the phenomenon of Chinese hackers is a very new one. Businesses know better. They’ve been under attack for years. Between 2007 and 2009, Chinese hackers stole several terabytes of data from defense contractors working on the F-35 Joint Strike Fighter, the most expensive weapons program in U.S. history. In 2009, Coca-Cola was the victim of a Chinese cyber espionage campaign that may have scuttled a major acquisition.
Earlier this year, Apple joined the growing list of companies that admitted to having been hacked by China-based actors. And just last week, The Washington Post reported that “designs for many of the nation’s most sensitive advanced weapons systems have been compromised by Chinese hackers.” All of these incidents speak to the wisdom of comments made by James Lewis, a senior fellow at the Center for Strategic and International Studies: “Companies doing business in China or competing against Chinese rivals should expect hackers will go after their most confidential files.”
Some businesses have responded by taking a more active stance in disarming cyber threats. Microsoft, for one, disabled two botnets, large networks of computers infected with malware that allow a third party to control their operation, during a six-month span last year. These practices, and even permitting U.S. businesses to go on the offensive to protect themselves from China-based cyber attacks, should be kept on the table as options, according to a study released last week by the Seattle-based National Bureau of Asian Research (NBR). The report, which was written by a commission co-chaired by former U.S. Ambassador to China Jon Huntsman and former Director of National Intelligence Dennis Blair, stops short of recommending that businesses be given the right to launch offensive actions in retribution for attacks on their networks, but does note that such a move may be needed “if the loss of IP continues at current levels.”
How can the U.S. government help stem the tide of Chinese cyber attacks on American businesses? It can start by addressing the issue in earnest, an action which the Obama administration has adopted repeatedly in recent months, with National Security Advisor Tom Donilon, Defense Secretary Chuck Hagel, Undersecretary of State Robert Hormats, and the president himself all making public statements on the matter. Cybersecurity has also been confirmed as a topic on the agenda for the upcoming US-China presidential summit. What can businesses expect from the conversation between the two leaders on the topic?
They should expect that this is the beginning of a long process of negotiations through which the dispute will unfold. The two countries’ respective starting points in the discussion and their recent history of working out thorny economic issues underscores this point.
The U.S. and China are beginning the cybersecurity dialogue from very disparate standpoints. The U.S. has charged China with being a cyber aggressor and a thief. China refers to these charges as “groundless” and maintains the stance that the U.S. is seeking “Internet hegemony,” or complete dominance of cyberspace. Only through substantive talks over a long period of time can the chasm between these views be bridged.
The recent history of U.S.-China disputes, particularly over issues with serious economic ramifications, also suggests that progress is likely to be gradual. American officials decried Chinese currency manipulation for years before any the renminbi was allowed to appreciate in value. Disputes over Chinese enforcement of American intellectual property rights have been similarly lengthy and acrimonious. Take the case of Microsoft’s Windows. The Chinese government didn’t pledge to ensure its own computers featured licensed versions of the software until 2011. Local-level governments still haven’t completed the process of switching to legal software. The situation has been so vexing for Microsoft – CEO Steve Ballmer reportedly told President Obama that up to 90 percent of the company’s software used in China is pirated – that the Redmond-based tech giant has turned to compromise to improve its prospects. After Microsoft officials discovered that Gome, one of China’s largest electronics retailers, was selling computers that were pre-installed with unlicensed copies of Windows, the company filed a lawsuit. Within a year, Gome had promised to make sure 70 percent of the computers it sells have licensed software. This outcome is one among many demonstrating that progress in negotiating with China on economically contentious issues is measured in increments, not pure wins and losses.
Businesses can also hope that Presidents Obama and Xi establish a positive tone for their respective staffs to build on in tackling the issue. The real work on the substance of the cybersecurity dispute won’t occur in conversations between the two leaders, but rather during a series of high-level visits and in major meetings like the July Strategic and Economic Dialogue (S&ED). A strong public statement from Obama and Xi on their mutual desire to address threats in the cyber realm would establish a cooperative framework in which the dialogue at these meetings can proceed. A more private agreement on the nature of the threat the two countries face and the need for cooperation to address it will serve a similar function, assuming it’s communicated down through the ranks of officialdom.
Businesses undoubtedly want quick solutions to the cyber attacks that threaten their day-to-day operations and core intellectual property. These are not likely to manifest at the upcoming Obama-Xi summit. Every dialogue, however, has to start somewhere, and the private sector should retain hope that the discussion between two of the world’s most powerful men will yield a framework for addressing the issue that is more conducive to progress than the current bilateral standoff.
Editor’s Note: contextChina is a Seattle-based media company following the growing impact of China on the Pacific Northwest across business, technology and policy. You can follow contextChina on Twitter @contextchina.
