President Donald Trump has broken with a host of Obama-era international agreements, from the Trans-Pacific Partnership to the Paris climate pact — but he’s showing every sign of sticking with a 2015 hacking accord with China.
Last month, the Trump administration quietly reaffirmed the agreement, which Republicans had initially greeted with skepticism. And business groups, cyber researchers and international policy experts say they see little reason for Trump to cancel the deal, especially as he’s pressing for China’s cooperation in curbing North Korea’s increasingly bellicose cyber and nuclear programs.
The hacking agreement is not expected to be a major talking point when Trump meets on Wednesday in Beijing with Chinese President Xi Jinping, whose country remains one of the most skilled and aggressive operators in cyberspace.
China appears to be largely complying with the 2015 deal, in which both countries pledged not to steal trade secrets from each other for the benefit of their domestic companies. That has helped calm the friction that once reigned between Washington and Beijing over cyber disputes, leaving Trump free to press his complaints with China on issues such as its protectionist regulations and unfavorable trade balance with the U.S.
“Having the cyber accord that we have helps to narrow the issues in dispute,” said Luke Dembosky, who worked on the 2015 U.S.-China cyber pact as a senior Justice Department official. “We need every bit of goodwill we can muster between our two countries on issues like North Korea. And we should, as a country, capitalize on the breakthrough that was achieved in fall of 2015.”
Perhaps most surprisingly to some, the deal has had its intended effect: Chinese-backed cyber theft of American trade secrets has dropped roughly 90 percent since the September 2015 accord, according to two leading digital security firms. Before then, analysts estimated that the thefts were costing the U.S. hundreds of billions of dollars a year.
“We saw the level of that activity drop off a cliff,” said Chris Porter, chief intelligence strategist at FireEye, which closely tracks major Chinese-linked hacking groups. “At or near zero levels.”
Those same researchers, though, caution that Chinese hacking tactics may have mutated in recent months, once again threatening American businesses through means that push the boundaries of the 2015 accord.
The Trump administration has not made strong public statements either way regarding the U.S.-China cyber pact despite jointly pledging with China in October to continue implementing the deal.
“President Trump believes strongly in protecting intellectual property rights, which are a key part of a fair and reciprocal trade policy,” White House spokesman Marc Raimondi wrote in an email. “We will be closely monitoring [China’s] adherence to both the letter and the spirit of the commitment.”
When Xi visited the White House in 2015, cyber tensions were at an all-time high between the two countries. It was widely believed that Beijing’s cyber spies had been behind the devastating theft that spring of more than 20 million sensitive U.S. government security clearance background-check files. And business groups were imploring the Obama administration to punish China over what they said was a pervasive hacking campaign to steal America’s trade secrets and erode the country’s competitive advantage, costing the U.S. up to $400 billion a year.
But instead of slapping Beijing with sanctions, Obama and Xi announced a mutual vow to end the type of theft that was enraging U.S. business leaders. Republicans — and even some Democrats — were immediately dubious that the diplomatic route would have any tangible effect on China’s behavior. And notably, the deal did not require either side to stop traditional cyber espionage, such as the theft of the U.S. background-check records.
However, just over two years later, the pact has held.
There has been a “massive reduction” in Chinese intrusions of American companies, said Dmitri Alperovitch, co-founder of the digital security firm CrowdStrike, which is working on a report analyzing China’s digital behavior since the agreement.
And it has allowed the two countries to focus more on their trade relationship, making it “a remarkable success” from that perspective, said Porter, of FireEye. “It shows that diplomacy can be used to reduce the cyber threat to Americans.”
Those who worked on the deal also believe it played a broader role in stabilizing U.S.-China relations and set a rare precedent for the international community on cyber norms, which have been notoriously difficult to pin down.
“These are two of the, if not the two, world leaders on cyber issues,” said Dembosky, now a partner at the law firm Debevoise & Plimpton. “So for them to reach any agreement on matters of cyberspace … has huge ripple effects in the international community in a positive way.”
China did not give up its expansive cyber efforts, though. Instead, the country shifted its focus to regional targets, training its digital spies on dissidents in Tibet and Hong Kong, as well as political, military and economic targets across Asia, CrowdStrike’s Alperovitch said. According to FireEye’s Porter, Chinese hackers were able to pilfer intellectual property — from other nations, like Japan — that was largely comparable to what they had been getting in the U.S.
At the same time, Xi was also restructuring his military. The increasingly powerful leader wanted to consolidate the country’s cyber army and rein in government-linked hackers moonlighting as rogue digital actors, a process FireEye detailed in a June 2016 report.
And there are recent signs that Beijing may be testing the limits of its 2015 promises.
In mid-2016, FireEye noticed that one prominent suspected Chinese hacking group had resurfaced, catching it infiltrating a U.S. information technology services firm in a likely attempt to gain access to the firm’s clients. Porter said FireEye had also discovered Beijing-linked hackers spying on corporate executives, giving them access to inside information that might eventually come in handy for Chinese investors looking to purchase an American firm or Chinese companies bidding on a U.S. project.
It’s unclear whether either strategy would technically violate the narrow terms of the 2015 agreement.
“I do think that it’s still too early to call victory here,” Alperovitch said.
Still, cyber watchers say that Trump should stick with the deal.
The U.S. gave up almost nothing in inking the agreement, they note, as it already had a long-established commitment to not steal corporate secrets for domestic economic gain. Plus, the deal established law enforcement channels to swap details on cybercrime, a valuable tool given China’s proximity to North Korea’s increasingly assertive cyber army. Researchers believe Pyongyang was behind a global malware outbreak earlier this year that froze tens of thousands of computer networks, costing businesses hundreds of millions of dollars. South Korea has also blamed its northern neighbor for the digital theft of war plans.
China may have enabled North Korea’s hacking operations by providing network bandwidth or even physical space for Pyongyang’s digital warriors, according to studies and media reports. Details are thin on what assistance China may currently provide.
“China may well be in a position to be able to provide information about North Korean cyber activities,” said Samir Jain, who helped craft the U.S.-China cyber deal as a senior director for cyber policy at the National Security Council. “To the extent that the Chinese can provide information about those actors or about servers or other infrastructure being used by North, then that would all be helpful.”
The White House also doesn’t appear eager to rock the boat over any possible noncompliance with the 2015 deal. A White House blog post about Trump’s upcoming visit to Beijing mentioned only the North Korea situation and “China’s unfair trade practices.”
Indeed, those “unfair trade practices” are where industry leaders’ concerns now lie. They worry that new Chinese cybersecurity regulations could force foreign technology companies to hand over software for “security” reviews before being allowed to enter China’s booming market. Trump recently ordered the U.S. trade representative to investigate the issue, setting up a potential showdown with Beijing on trade.
“We are at risk of a trade war,” Dembosky said. “It may be a cold trade war, but it’s certainly getting much hotter. If we don’t reach some understanding with China on the processes — and the fairness of the processes on both sides for evaluating these risks — then both counties will suffer.”