NEW YORK/SINGAPORE (Reuters) - The United States and China need to reach an agreement to restrict cyber attacks and designate some areas as off limits to hacking, two former senior U.S. officials said on Tuesday.
Henry Kissinger, an architect of the opening of U.S. relations with China in the 1970s, told a Thomson Reuters event that Washington and Beijing both had significant espionage capabilities and the key was finding a way to discuss them.
Jon Huntsman, the former U.S. ambassador to China, likened raising cyber attacks with Beijing to the challenge of discussing missile defense and the military use of space — issues that are also highly sensitive to the Chinese.
“At some point, we are going to have to develop a context in which we can actually discuss this and, I would think, draw some red lines around areas that we don’t want them into and they might not want us into,” said Huntsman, who left China in April to plan his presidential election campaign, and was speaking at the same event.
Their calls for a cyber detente follow a blitz of hacking attacks on major U.S.-based institutions in recent weeks, including the International Monetary Fund, the Senate, and companies such as Citigroup and Lockheed Martin.
Chinese entities have been suspected in attacks on Google e-mail accounts of U.S. officials and Chinese activists, though Beijing has denied involvement and said it too is a victim of international hacking.
“China has also many times reiterated that we are willing to open up exchanges and cooperation with the international community about Internet security,” Foreign Ministry spokesman Hong Lei said earlier on Tuesday.
Kissinger, former secretary of state, said that without an overall agreement, relations over the issue would likely deteriorate. “If you take it case by case it will lead to accusations and counter-accusations,” he said.
The spate of security breaches prompted NATO to endorse a cyber defense policy on Monday after a meeting last week. NATO officials say the policy focuses on protecting the alliance’s computer networks and defense planning processes, and allows for broader consultations on cyber threats.
“If there’s a cyber threat, NATO has consultation mechanisms and may consult about anything. But the ambition now is to defend NATO bodies, NATO agencies, NATO structures. This is what we are working concretely on,” said a NATO official.
Security experts say the borderless nature of the Web requires a coordinated global response against hacking. The view that cyber security is a technical problem, rather than a strategic one, has meant that it has not been a priority.
India’s top IT bureaucrat, R. Chandrasekhar, said high-level cooperation between states was needed. India’s computer networks have frequently been attacked, with the hackers suspected to be from China and Pakistan.
“Government to government contacts are there...(but) at the middle level,” he said. “Concerted efforts are needed. We are yet to see the emergence of a clear organizational
Neelie Kroes, European Commission Vice President for the Digital Agenda, said there are plans for a pan-EU network to coordinate responses to cyber attacks by 2012, and the EU has a strategic partnership with the U.S. on cybercrimes.
“Governments worldwide need to address cybersecurity threats, and drafting strategies is an important step toward doing so,” Kroes said.
Peter Coroneos, co-founder of the International Internet Industry Association and head of Australia’s industry body, called on world leaders to put cyber security on the agenda at forums such as the G20 and urge “slower-moving” nations to take a stand against hacking.
South Korea said on Tuesday it was drawing up a cyber security master plan, but some other Asian governments appeared to have no blueprint for tackling the threat.
Indonesia, a rapidly growing G20 country, warned that hackers could cause serious damage to its institutions.
“Every day, not every month, but every day, we get 1.2 million hacker attacks in Indonesia, both from within the country and outside,” said Gatot Dewa Broto, Indonesia’s communication and information ministry spokesman.
“If we don’t improve (our capabilities) we could face a possible public and commercial institutional collapse.”
But getting nations to work together to combat cyber security won’t be easy, experts said, pointing to differing ideologies and goals.
The Chinese government, for example, may be more interested in tracking down dissidents on the Internet than in prosecuting criminal hackers.
“At the end of the day, in my view, a lot of the Chinese solution for hackers is more aggressively finding out who’s doing what in cyberspace,” said Stewart Baker, a former Department of Homeland Security official now at the law firm Steptoe and Johnson LLP.
“These are the kinds of things that are likely to make the world a little less safe for hackers but also for the color revolutions,” he said. “If you help law enforcement around the world you’re helping the British bobbies.. but you’re also helping Russian, Iranian and Chinese security forces who are less attractive in the range of things that they do,” he said.
Others said they saw room for progress between the U.S. and China on questions such as the use of the Internet for child porn and terrorism.
“Law enforcement — that would be a good place to start,” said Jim Lewis, a cyber expert at the Center for Strategic and International Studies. “Everyone can agree that child porn is bad and you don’t want to support terrorism.”
Lewis also said that Beijing had many reasons to crack down on cybercrime. “Nobody likes cybercrime, including the Chinese. They don’t like cybercrime. They worry about their hackers turning on the government.”
Additional reporting by Jeff Mason, David Brunnstrom, Christopher Lecoq; Writing by Tiffany Wu; Editing by Martin Howell