Download eBook for Free

FormatFile SizeNotes
PDF file 0.8 MB Best for desktop computers.

Use Adobe Acrobat Reader version 7.0 or higher for the best experience.

ePub file 0.3 MB Best for mobile devices.

On desktop computers and some mobile devices, you may need to download an eBook reader to view ePub files. Calibre is an example of a free and open source e-book library management application.

mobi file 0.9 MB Best for Kindle 1-3.

On desktop computers and some mobile devices, you may need to download an eBook reader to view mobi files. Amazon Kindle is the most popular reader for mobi files.


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback120 pages $19.50 $15.60 20% Web Discount

Research Questions

  1. Can the United States and China achieve meaningful outcomes through formal negotiations over norms and rules in cyberspace?
  2. If meaningful negotiations are possible, what areas are most likely to yield agreement and what might be exchanged for what?
  3. What are the feasible paths to getting to useful agreements over norms in cyberspace?

Since the founding of the People's Republic of China in 1949, the U.S.-China relationship has been characterized by conflict, confrontation, and strategic mistrust. The tensions that divide the two countries have been growing in importance in recent years. Unfortunately, they apply just as much to cyberspace as to relations in the physical world. Indeed, of all the areas where the relationship between the two sides is troubled, cyberspace has been one of the most contentious. The United States and China began formal negotiations in 2013 to resolve such differences only to see them abruptly suspended in 2014, when China broke them off in response to the U.S. indictment of several Chinese military officers on charges related to cyber-espionage activities. This study explores U.S. policy options for managing relations with China over this critical policy area through the use of agreements and norms of behavior. It looks at two basic questions: Can the United States and China achieve meaningful outcomes through formal negotiations over norms and rules in cyberspace? And, if so, what areas are most likely to yield agreement and what might be exchanged for what? This analysis should be of interest to two communities: those concerned with U.S. relations with China, and those concerned with developing norms of conduct in cyberspace, notably those that enhance security and freedom.

Key Findings

Chinese and U.S. Views of Cybersecurity Have Very Little Overlap

  • The United States and China have very different perspectives on cyberspace. The United States emphasizes extending the rule of law internationally. China stresses the maintenance of state sovereignty.
  • The most important U.S. interest on the bilateral agenda is for China to eliminate espionage for commercial gain and modulate its other cyber-espionage activities. The hack of the Office of Personnel Management was a particular sore point.
  • Within the bilateral relationship, the United States places more importance on cyberspace issues than China does. Chinese behavior in cyberspace is often the top item on the bilateral agenda; U.S. behavior in cyberspace rarely makes China's top-ten list.

Avoiding Targeting or Carrying Out Espionage on Critical Infrastructure Provides Prospects for Negotiating a Set of Norms

  • The Chinese appear interested in norms against countries attacking one another's critical infrastructure. They also understand that such a norm would also have to forbid espionage against critical infrastructure (distinguishing espionage from implanting attacks is very hard).
  • The United States believes it can catch Chinese cheating and would like some process by which cheating, once discovered, is acknowledged — with possible consequences to follow.
  • The Chinese believe they are unlikely to catch cheating by the United States and are apprehensive of any agreement that would put them at a corresponding disadvantage.
  • Any serious agreement would need a process that both sides could trust and may require some way to increase China's confidence it is own attribution capabilities.


  • The United States should negotiate with China over cyber rules by linking the issue more directly to the broader health of the overall relationship between the two countries.
  • China and the United States could possibly achieve progress in cybersecurity negotiations by means of an agreement that would have both countries refrain from attacking each other's critical infrastructure or carrying out cyber espionage that could leave behind implants that could facilitate such attacks.
  • The United States might consider assisting China by sharing insights into attribution if, in exchange, China would to agree to common evidentiary standards and credibly commit to prosecuting those found to have violated them. Such an agreement would require some mutually approved method of determining when one or the other side had violated its part of the bargain in ways that would have the guilty party accord legitimacy to such findings and admit what it has done.
  • The United States may need to simultaneously incentivize China to come to and stay at the bargaining table by raising the costs if China continues its economically motivated cyber-espionage activities, while exploring the potential role of a quid pro quo in facilitating agreements that can be monitored.

Table of Contents

  • Chapter One

    The "Cyber Problem" in U.S.-China Relations

  • Chapter Two

    Coming to Terms

  • Chapter Three

    Getting to Now

  • Chapter Four

    Getting to Yes?

  • Chapter Five


Funding for this report was provided, in part, by donors and by the independent research and development provisions of the RAND Corporation's contracts for the operation of its U.S. Department of Defense federally funded research and development centers.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.