After years of the U.S. suffering losses valued in the billions of dollars due to economically-motivated cyber espionage from China, there are some signs that China has begun to reduce its intrusions into U.S. private sector firms' computer networks. What led to this unexpected change in Chinese behavior? Is it because of the high-profile agreement signed by President Barack Obama and Chinese President Xi Jinping last September? How sustainable is that agreement? And what broader implications does it have for the overall U.S.-China relationship? The answers to these questions carry important consequences for U.S. national interests.
It remains somewhat unclear whether China has indeed reduced its intrusions into U.S. private sector computer systems, as some U.S. cybersecurity firms that previously tracked Chinese cyber threat actors have claimed. The nature of hacking is such that it is virtually impossible to ever know for certain exactly what level of intrusion sets are occurring.
If China did reduce its economically-motivated cyber espionage, there are a number of possible explanations for why it did so. Some observers have argued that China actually started cutting back several months before last fall's summit agreement, perhaps taking steps to exert greater control over the community of military hackers. Other observers suspect that Chinese hackers may have simply redirected their efforts to other, more valuable or more vulnerable targets in other countries.
Others believe China was spurred to curtail its theft of intellectual property by the U.S. indictments of five Chinese military officers in 2014. Such observers also point to the hurried, unscheduled visit to Washington in early September last year of Meng Jianzhu, a high-ranking Chinese Communist Party official in charge of political and legal affairs, just after the U.S. announcement that it was planning to push ahead with sanctions against Chinese actors for cyberespionage. In this view, Meng's last minute visit suggests that the Chinese leadership agreed to reduce its hacking of U.S. firms out of a fear that Xi's visit might be preceded by additional U.S. indictments of Chinese hackers.
Finally, some analysts worry that Chinese hackers, who were notoriously sloppy in their operational security, may simply have improved their practices and are now better able to mask their behavior, meaning that hacking hasn't actually gone down, it simply isn't being detected as frequently as in the past.
None of these explanations suggest that China changed its behavior because it concluded that private sector firms are illegitimate targets. China's assertions about cyberspace norms focus on the right of states to censor access to online information. Moreover, China's economy, the commanding heights of which are controlled by the state, differs dramatically from a market economy, where the private sector and the government are cleanly separated, making the U.S. argument that private sector actors are illegitimate targets an alien one to Chinese leaders.
Many observers suspect that China's apparent compliance with the cyber agreement represents little more than a shift in tactics that is probably temporary. Such analysts note that China did not lay down a costly marker, since it did not admit to having previously engaged in cyber espionage. Because it seems unlikely that China has suddenly changed its view of economically motivated cyber espionage wholesale, it is important for U.S. policymakers to keep focused on this issue. The U.S. should make clear that indictments may once again be sought if Chinese hackers resume cyber espionage against U.S. firms. At the same time, the United States should seek to expand the value of the bilateral agreement by supporting the inclusion of U.S. allies and partners so as to guard against possible backsliding or simple retargeting by China.
The 2015 cyber agreement should be seen as a potentially important first step, but by no means a final step, toward addressing the broader problem of Chinese espionage. At its heart, reducing cyber espionage against U.S. companies merely addresses a question of means, not ends. Even if China completely eliminates cyber espionage against U.S. companies, it will still continue targeting traditional U.S. national security actors through various means, including cyber espionage.
Similarly, Chinese efforts to steal valuable intellectual property and business proprietary information from U.S. private sector enterprises through human agents can also be expected to continue. Additional U.S. attention and resources will be needed to address these challenges.
A genuine reduction in Chinese economically-motivated cyber espionage could go some way toward easing tensions in the broader bilateral U.S.-China relationship. But absent changes in Chinese behavior toward U.S. friends and allies, a better attitude toward international law, and improvements in domestic human rights, the ultimate impact of a reduction in economic cyber espionage may simply not go far enough to restore the bilateral relationship to a healthy state.
Scott W. Harold is the associate director of the RAND Center for Asia Pacific Policy, a political scientist at the nonprofit, nonpartisan RAND Corporation and a member of the Pardee RAND Graduate School faculty.
This commentary originally appeared on The Cipher Brief on July 31, 2016. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.
