U.S.-China Agree on Cybersecurity “Rules of Engagement:” Cyber sanctions may still be on the table for 2015

On Friday, September 25, 2015, President Obama and President Xi announced a series of agreements on cybersecurity issues. President Obama made it clear that the cybersecurity attacks against the U.S. and particularly the U.S. private sector “needs to stop” with both countries agreeing that there would not be cybersecurity attacks for commercial advantage. Both countries pledged to promote “international rules of the road on cyberspace.” The White House fact sheet states:

  1. The United States and China welcome the July 2015 report of the UN Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International security, which addresses norms of behavior and other crucial issues for international security in cyberspace. The two sides also agree to create a senior experts group for further discussions on this topic.
  2. The United States and China agree to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues. China will designate an official at the ministerial level to be the lead and the Ministry of Public Security, Ministry of State Security, Ministry of Justice, and the State Internet and Information Office will participate in the dialogue. The U.S. Secretary of Homeland Security and the U.S. Attorney General will co-chair the dialogue, with participation from representatives from the Federal Bureau of Investigation, the U.S. Intelligence Community and other agencies, for the United States. This mechanism will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side. As part of this mechanism, both sides agree to establish a hotline for the escalation of issues that may arise in the course of responding to such requests. Finally, both sides agree that the first meeting of this dialogue will be held by the end of 2015, and will occur twice per year thereafter.

The days leading up to the bilateral meeting included high level talks between both countries on cybersecurity issues and were conducted in an environment where the Obama Administration reinforced that cybersecurity sanctions, authorized by the Cybersecurity Sanctions Executive Order on April 1, 2015, were a “tool in the toolbox” that could be utilized by the Administration.

Most view the announcements as a step forward, however as Congress continues to debate cybersecurity, this week is marked by an unusual number of Congressional hearings focusing on the U.S.-China relationship in cybersecurity policy, issues including “cyber war” as well as the U.S.’ overall cybersecurity readiness featuring the head of the Cyber Command, the Deputy Secretary of the U.S. Department of Defense and the direction of National Intelligence.

Cyber sanctions may still be on the table between now and the end of 2015 and could include other countries beyond that of China.