With so much talk about Russian hacking and interference in the U.S. election in 2016, it’s difficult to remember that China was our greatest digital nemesis not so long ago.
But for the past two years, America’s cybersecurity relationship with China has looked like a model for digital diplomacy. In late 2015, the two countries signed an agreement not to hack each others’ private sector companies for commercial gain in an agreement that represents perhaps the most effective demonstration of government negotiation to limit state-sponsored cyberspying.
However, beneath the surface of that deal, many cybersecurity researchers have suspected that China’s spying on American companies has continued, pointing to a recent breach that used a backdoor in the popular CCleaner security to target U.S. giants Google, Microsoft, Intel, and VMware, leaving behind a few clues of Chinese involvement.
Other researchers have said that they’ve also seen signs of Chinese intrusions that were designed to siphon exactly the type of corporate intel the cybersecurity agreement between the U.S. and China was meant to protect.
As China has toed the agreement’s—which was reaffirmed by the Department of Justice and its Chinese counterparts in early October of this year—red line, it appears that the cyber threat from China hasn’t so much stopped as much as it has changed shape.
According to Chris Porter, the chief intelligence strategist for security firm FireEye, China’s hacking groups have shifted their target from pillaging American companies for intellectual property intel to focusing on government-focused espionage, which falls outside of the agreement’s defined ban on hacking foreign companies to give domestic ones an advantage.
“They’ve been careful to go after targets where you can’t clearly say what they’re taking, or where they can defend what they’re taking as permissible” under the agreement’s exceptions for traditional security-focused espionage, Porter said. “These groups are still taking data they can when they feel it won’t be held against them diplomatically.”
It appears China is doing everything it can get away with under the agreement. So why then did the Trump administration just renew the Obama-era deal?
Some of the Obama administration officials who helped architect the deal argue that the continuation of the pact makes sense as with the vast majority of cases, it accomplishes its objectives.
“In broad terms, it was successful,” said J. Michael Daniel, Obama’s White House cybersecurity coordinator. And he’s right. Despite a few exceptions, approximately 90% of Chinese hacking incidents targeting the American private sector have disappeared since the agreement was signed in 2015, according to numbers from FireEye and security firm Crowdstrike. “I think it continues to be a success. It did what it was intended to do: It shifted Chinese thinking and behavior.”