- Can the United States and China achieve meaningful outcomes through formal negotiations over norms and rules in cyberspace?
- If meaningful negotiations are possible, what areas are most likely to yield agreement and what might be exchanged for what?
- What are the feasible paths to getting to useful agreements over norms in cyberspace?
Since the founding of the People's Republic of China in 1949, the U.S.-China relationship has been characterized by conflict, confrontation, and strategic mistrust. The tensions that divide the two countries have been growing in importance in recent years. Unfortunately, they apply just as much to cyberspace as to relations in the physical world. Indeed, of all the areas where the relationship between the two sides is troubled, cyberspace has been one of the most contentious. The United States and China began formal negotiations in 2013 to resolve such differences only to see them abruptly suspended in 2014, when China broke them off in response to the U.S. indictment of several Chinese military officers on charges related to cyber-espionage activities. This study explores U.S. policy options for managing relations with China over this critical policy area through the use of agreements and norms of behavior. It looks at two basic questions: Can the United States and China achieve meaningful outcomes through formal negotiations over norms and rules in cyberspace? And, if so, what areas are most likely to yield agreement and what might be exchanged for what? This analysis should be of interest to two communities: those concerned with U.S. relations with China, and those concerned with developing norms of conduct in cyberspace, notably those that enhance security and freedom.
Chinese and U.S. Views of Cybersecurity Have Very Little Overlap
- The United States and China have very different perspectives on cyberspace. The United States emphasizes extending the rule of law internationally. China stresses the maintenance of state sovereignty.
- The most important U.S. interest on the bilateral agenda is for China to eliminate espionage for commercial gain and modulate its other cyber-espionage activities. The hack of the Office of Personnel Management was a particular sore point.
- Within the bilateral relationship, the United States places more importance on cyberspace issues than China does. Chinese behavior in cyberspace is often the top item on the bilateral agenda; U.S. behavior in cyberspace rarely makes China's top-ten list.
Avoiding Targeting or Carrying Out Espionage on Critical Infrastructure Provides Prospects for Negotiating a Set of Norms
- The Chinese appear interested in norms against countries attacking one another's critical infrastructure. They also understand that such a norm would also have to forbid espionage against critical infrastructure (distinguishing espionage from implanting attacks is very hard).
- The United States believes it can catch Chinese cheating and would like some process by which cheating, once discovered, is acknowledged — with possible consequences to follow.
- The Chinese believe they are unlikely to catch cheating by the United States and are apprehensive of any agreement that would put them at a corresponding disadvantage.
- Any serious agreement would need a process that both sides could trust and may require some way to increase China's confidence it is own attribution capabilities.
- The United States should negotiate with China over cyber rules by linking the issue more directly to the broader health of the overall relationship between the two countries.
- China and the United States could possibly achieve progress in cybersecurity negotiations by means of an agreement that would have both countries refrain from attacking each other's critical infrastructure or carrying out cyber espionage that could leave behind implants that could facilitate such attacks.
- The United States might consider assisting China by sharing insights into attribution if, in exchange, China would to agree to common evidentiary standards and credibly commit to prosecuting those found to have violated them. Such an agreement would require some mutually approved method of determining when one or the other side had violated its part of the bargain in ways that would have the guilty party accord legitimacy to such findings and admit what it has done.
- The United States may need to simultaneously incentivize China to come to and stay at the bargaining table by raising the costs if China continues its economically motivated cyber-espionage activities, while exploring the potential role of a quid pro quo in facilitating agreements that can be monitored.
Table of Contents
The "Cyber Problem" in U.S.-China Relations
Coming to Terms
Getting to Now
Getting to Yes?