But there are signs that this is about to change, as China’s massive cyber efforts begin to blur the distinction between commercial espionage and national security. The US cyber security firm Mandiant recently published a report which traced most of the cyber attacks on US corporations to a secret Chinese military unit, located in a 12-storey building in Shanghai. That corporations spy on each other is not new. But the Chinese military’s decision to deploy massive cyber resources against US companies is a startling development. The PLA’s objective is widely seen as part of an effort to alter the strategic balance between China and the United States by narrowing the gap between the two countries in the high technology sector.
In a speech at the Asia Society in New York early in March 2013, US national security adviser Tom Donilon pointed to the unacceptable frequency and intensity of Chinese cyber attacks on American corporations and called for a comprehensive dialogue with Beijing. Donilon’s remarks helped draw international attention to the impact of cyber warfare on the global economy and the future of US–China commercial ties. Donilon urged Beijing to recognise the dangers that the cyber theft of American intellectual property poses to the stability of the global economy; investigate and put an end to these attacks; and start negotiations on drafting a code of conduct.
This outreach to Beijing complements Obama’s determination to defend the US economy, critical national infrastructure and American corporations against cyber attacks originating from China and other external sources. In mid-March, Obama met with the CEOs of 13 major US corporations to discuss collaboration between the government and business on strengthening America’s cyber security.
The question of cyber security in the economic realm also came up in a phone conversation between Obama and the Chinese leader Xi Jinping after he formally became president of China in early March. Xi apparently agreed to start talks with the United States on cyber security, and Prime Minister Li Keqiang publicly affirmed China’s interest in building a peaceful relationship with America in his first press conference on the margins of the National People’s Congress.
Cyber security, then, could be at the top of the agenda in the American and Chinese quest for a ‘new type of relationship’. The US Treasury secretary, Jack Lew, who visited China recently, was expected to probe Chinese leaders on the terms of a bilateral dialogue on cyber security. Yet officials and media commentators in Beijing say the United States is unfairly targeting China. They say China is also a major victim of cyber attacks and insist that most of those originate from the United States. They call for an end to ‘irresponsible criticism’ of China and demand that the United States work with China to jointly develop rules for international cooperation in cyber space.
There are many reasons to believe that this cooperation might take place. Despite the many tensions in the bilateral relationship, the Chinese public reaction to the spate of recent US allegations of cyber theft and commercial espionage has been moderate. There have also been substantive track-two conversations between the United States and China on the economic dimension of cyber warfare and the need to build mutual trust.
The incipient Sino–US bilateral dialogue has the potential to alter the current international discourse on cyber security. Until now, Russia has led the debate in multilateral forums like the United Nations on information security. Russia, China and many developing countries have also aligned themselves against the United States and the West on questions relating to internet freedom and the sovereign right of states to regulate and control cyber space.
Although these ideological issues will remain important, the new Sino–US dialogue is about managing the profound interdependence of the world’s two largest economies in the cyber age. Just as the United States and the Soviet Union defined the nuclear discourse last century, Washington and Beijing are likely to shape international regulation of the cyber domain in the coming decades. Once there is a bilateral agreement between America and China on a basic set of norms, it could provide the basis for a broader multilateral regime for cyber security.
C. Raja Mohan is Head of Strategic Studies at the Observer Research Foundation, Delhi, and is Adjunct Professor at the S. Rajaratnam School of International Studies, Nanyang Technological University, Singapore.
A version of this article was first published here as RSIS commentary No. 046/2013.