Eighteen months ago, President Obama and Chinese President Xi Jinping announced, with considerable fanfare, an agreement aimed at curbing economic espionage.
According to the Sept. 25, 2015 White House press release, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
So, with Xi due to meet with President Trump in early April, an obvious question is: Has the agreement been effective?
The reviews on that are mixed, but there is general agreement that while it hasn’t stopped, the theft of intellectual property (IP) by the Chinese against the US is not as rampant as it was several years ago when The Commission on the Theft of American Intellectual Property estimated total losses, including jobs, competitiveness, stock value, market share, in the hundreds of billions, and former National Security Agency director Gen. Keith Alexander famously called it, “the greatest transfer of wealth in human history.”
Robert Silvers, writing on the Lawfare blog, called the statement, “a landmark concession” by the Chinese, and said in the months since, multiple researchers and analysts had concluded that the agreement, “coincided with a significant downturn in Chinese hacking activity.”
Not exactly. A report last June by FireEye iSIGHT Intelligence, concluded that while “unprecedented action by the US government” was a factor in the decline, it actually began in the middle of 2014 – more than a year before the Obama/Xi agreement – and was also due to political and military reforms in China, as well as widespread exposure of the country’s economic cyber espionage.
A high-profile example of that exposure came more than two-and-a-half years before the agreement, in February 2013 when Mandiant (since acquired by FireEye) issued a report that named a specific unit of the People’s Liberation Army (PLA) dedicated to cyber espionage, which it said had been targeting 141 organizations in the US and other countries, in some cases since 2006.
And it was in May 2014 that the US Department of Justice indicted five members of that PLA Unit 61398.
That and other factors have given John Quinn, former Far East specialist for the CIA, a more tempered view of the impact of the agreement. “I would characterize it as a work in progress, but a good start,” he said.
“It certainly can, and should, be refined and improved. There are several obvious issues regarding the lack of enforcement mechanisms, including the problem of monitoring compliance,” he said, noting that President Ronald Reagan, when dealing with Soviet leader Mikhail Gorbachev in 1986, “adopted the well-known ‘trust but verify’ posture.”
Sign up for Computerworld eNewsletters.