Today, China's Public Security Minister Guo Shengkun, U.S. Secretary of Homeland Security Jeh Johnson, and other Chinese and American officials kicked off meetings to discuss the nations' cybersecurity relations.
This is an opportunity to renew conversations broken off when China removed itself from a working group after the United States indicted five members of the Chinese People's Liberation Army for hacking and economic espionage in May 2014.
President Obama and Chinese president Xi Jinping started mending fences Sep. 25 when they came to an agreement that neither nation would engage in cyber espionage for economic gain. (Chinese officials had brokered a similar "no-hack pact" with Russian officials four months earlier).
Yet, there is still a lot of cybercrime deriving from China -- state-sponsored or not. Unnamed officials told The Washington Post -- in a story published Monday -- that the PLA "has not substantially reengaged in commercial cyberespionage" since the arrests made in May 2014. Yet CrowdStrike reported seeing Chinese APT actors targeting American companies even after the pact was made in September. And the Chinese cybercrime underground, as detailed by Trend Micro's Forward-Looking Threat Team, is exceptionally robust.
The conversations this week are therefore fraught with diplomatic peril. What questions are the ones to have the best or worst response this week?
What is 'cybercrime'?
It sounds like a silly question, but according to Laura Galante, director of threat intelligence at FireEye, the U.S. and China have different ways of defining cybercrime. In a blog piece today, Galante wrote:
"The philosophical difference hinges on whether a country conceives of this issue as cybersecurity (securing networks and systems and associated infrastructure) or as information security (securing information, content, and ideas in addition to networks.)
China, along with Russia, more broadly defines cyber operations and tools in terms of 'information and communications technology.' With differences at this conceptual level ... more granular terms like 'cybercrime,' 'cyber-enabled data theft' and 'cyber espionage' will also require significant discussion before either side will feel confident that there is a clear, joint understanding of the activity at issue."
Are you holding up your end of the no-hack pact?
If a mere 60 days since the agreement between President Obama and President Jinping was made, the two nations begin discussing how well (or poorly) each side is holding up their side of the bargain, "I think it will be a conversation stopper," says Galante.
In fact, Galante doubts cyberespionage will be discussed in great detail. She believes the goal will be to renew conversations that had been shut down by avoiding sticking points like IP theft and Internet governance and focusing on areas where there will be more opportunities for alignment and cooperation, like stopping cyberterrorism and apprehending cybercriminals.
How can our nations help each other?
The question of helping one another stop cybercrime might be a non-starter, too. Tom Kellerman, chief cybersecurity officer for Trend Micro, says that if he were attending the meetings, he would ask "Why has the regime not dismantled the robust Chinese underground which [Trend Micro] highlighted in our recent report?"
Kellerman also believes that the two nations could collaborate on financial cybercrime.
"How might the Chinese assist the US with anti-money laundering via cyber like in the use of Alipay and BitCoin?" he says. "When might the Chinese recognize that the US banks that they are heavily invested in are being pilfered by their Russian allies?"
Those might be conversation stoppers, too.
What are the rules of engagement?
Among the most important tasks of these meetings is to establish norms, protocols, and procedures, like, as Kellerman says, "What will the redlines be that distinguish when cyberattacks escalate to national security events?"
"What marks escalation," says Galante, "what triggers a response ... and how do you de-escalate?"
Galante says that both parties may also determine what kinds of "confidence-building measures" (CBMs) they may each produce to enhance the relationship. CBMs might come in the form of something as simple as white papers articulating how each party defines terminology.
She says that exchanging white papers might not sound like much, but there is precedent for it. She mentions that the Cold War was gradually brought to a close because cultures that didn't understand each other got to know each other better by "engaging on so many fronts."
"This is diplomacy, at the end of the day." she says.