WASHINGTON (Reuters) - The United States has made substantial progress in recent talks on computer hacking issues with both China and Russia, a White House official told the Reuters Cybersecurity Summit on Tuesday.
Michael Daniel, the Obama administration’s cybersecurity policy coordinator, said that China has agreed to establish a joint working group with the United States to address Internet security issues such as cyber espionage.
The group will convene for the first time this summer, stepping up communication that had previously been relegated to sporadic discussions or long-running unofficial talks between private citizens from the two countries.
“We’re working to set the agenda” for the initial meeting, Daniel said at the summit held at Reuters’ Washington offices.
The move comes amid increased pressure on Beijing from President Barack Obama and other U.S. officials to curb theft of digital data, especially from targets outside the traditional spying realms of military and government.
The developments are a rare positive event after a string of unsettling cyber attacks have renewed calls for international agreements on norms of behavior.
“The ability to carry on a dialogue with both the Russians and the Chinese is improving over time,” Daniel said. “One of our key goals in this space it is to improve that international cooperation.”
With Russia, the talks are an attempt to recover ground from an earlier negotiation that would have established a Moscow-Washington hotline to defuse Internet-security emergencies. That round of discussions had seemed promising for months last year but collapsed at the last minute, officials have said.
Daniel and Obama’s national security advisor, Tom Donilon, both worked on the issue during recent travel to Russia, and “some final announcements will come over the next few months,” Daniel said, declining to give details.
Late last year, a classified consensus U.S. intelligence report determined that China was by far the largest thief of economically valuable intellectual property from U.S. companies, taking more than No. 2 Russia and other countries combined.
This year, a report by the private security company Mandiant accused a specific unit in the Chinese army of responsibility for a raft of intrusions.
Mandiant Chief Security Officer Richard Bejtlich told the Reuters Summit that the Chinese army unit changed its tactics for a while after the report was published, but he added that “it appears that these guys are reconstituting.”
Though concrete changes might be a ways off, the agreement to direct talks shows that “the Chinese apparently are taking this seriously,” said Jim Lewis of the Center for Strategic and International Studies, a cybersecurity expect who has led the U.S. side of the semi-official “track two” talks. “They know they have to do something to placate the Americans.”
Dmitri Alperovitch, the chief technology officer of security firm CrowdStrike and author of several analyses on Chinese spying campaigns, said that the more formal talks with Beijing would be a “huge step forward” but one not likely to stop state-sponsored Internet spying on their own.
“The next step is to tell them what we’re going to do in response” if the behavior doesn’t change, Alperovitch said at the Summit. He suggested that the United States could penalize some sectors of Chinese imports by adding tariffs.
(Follow Reuters Summits on Twitter @Reuters_Summits)
Reporting by Joseph Menn in Washington; Editing by Tiffany Wu and Paul Simao