US-China Cyber Dialogue to Continue Under Trump

A U.S.-China dialogue focused on combating cyber crime will continue during the Trump administration, the Justice and Homeland Security departments announced Thursday.

The dialogue was announced in 2015 as part of a broad commitment against commercial hacking by President Barack Obama and Chinese President Xi Jinping, which, according to the cybersecurity firm FireEye, coincided with a drastic reduction in Chinese hacking of U.S. companies.

The dialogue could be a rare bright spot on cyber policy for the incoming Trump administration amid increased politically motivated hacking by Russia. That could be complicated, however, by President-elect Donald Trump’s insistence that Russia did not hack U.S. political targets during the 2016 election despite the conclusions of U.S. intelligence agencies.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Trump promised in a 2015 policy paper to “use every lawful presidential power” to combat unfair Chinese trade practices, including the cyber theft of trade secrets.

The third round of the U.S.-China dialogue took place in Washington on Wednesday, according to a DHS readout, with Homeland Security Secretary Jeh Johnson and Attorney General Loretta Lynch representing the U.S. The next round will take place in China in 2017, according to the readout.

The dialogue readout largely affirmed existing practices and protocols, such as the use of a hotline between the two nations to discuss sensitive cyber issues and avoid misunderstandings and information sharing about cyber criminal networks and attacks.

Many national security experts and lawmakers were initially skeptical the U.S.-China agreement would lead to a reduction in Chinese commercial hacking, which former National Security Agency Director Keith Alexander and others have described as the “greatest transfer of wealth in history,” 

The deal does not apply to traditional espionage aimed at promoting either nation's national security.

The agreement came amid veiled threats that the Obama administration would impose cyber-specific sanctions against top Chinese officials and more than a year after the Justice Department indicted five members of the People’s Liberation Army for hacking U.S. companies.

China bolted an earlier cyber dialogue in the wake of those indictments.

FireEye was conducting an average of 35 investigations of Chinese cyber espionage per month for different corporate clients in the years prior to the agreement, FireEye Chief Technology Officer Grady Summers told Nextgov during a cyber defense summit in Washington last month. The company has conducted between three and 10 such investigations per month since the September 2015 announcement, he said.

Chinese commercial hacking remains high in Europe and has risen in Asia since the announcement, Summers said.

FireEye is frequently hired to conduct cyber investigations for government and political clients and independently verified Russia’s involvement in this year’s Democratic National Committee breach. In 2014, FireEye purchased Mandiant, the firm that first successfully linked corporate hacking that originated in China to divisions of the PLA.