The clock is ticking on the Obama administration to determine whether China is adhering to a September pledge to eradicate corporate hacking.
Over the past few months, U.S. officials have fended off accusations that Beijing has not scaled back its massive hacking apparatus by insisting it will take time to assess whether the Asian power is complying with its agreement to cease conducting — or knowingly supporting — economic espionage.
But pressure will rise again in the coming months if the White House doesn’t create some type of metric that can show, either way, whether China is complying.
“We have to verify and hold them accountable,” said House Homeland Security Committee Chairman Michael McCaul (R-Texas). “I still don’t think China’s been held accountable.”
Adam Segal, a Chinese cyber policy expert and senior fellow at the Council on Foreign Relations, suggested those sentiments would spread further as more time passes without federal officials proving Chinese hacking is on a downward trend.
“Outside of six months they’re going to have a hard time convincing people that China is complying,” Segal said.
For the time being, even skeptics have allowed time for the White House to flesh out the agreement’s details. Top U.S. and Chinese officials met this week for their first summit to hammer out some logistics and clarify vague definitions in the initial deal.
“The administration is doing what it can to at least begin the discussions on this, which I think is important,” McCaul said. “And it’s important to get them to the table to have these discussions."
In a press conference announcing the anti-hacking pledge, reached during Chinese President Xi Jinping’s state visit, Obama vowed U.S. officials would monitor China’s behavior. But to this point, no public assessment has been made.
This week, the two sides held a high-level, two-day summit in Washington, D.C., to discuss the deal. Observers tamped down expectations ahead of time, cautioning that the get-together was unlikely to produce any specific guidelines to judge compliance.
An agreement issued late Wednesday dealt mostly with what information should be included in a request to investigate cyber crimes, and how quickly each country is expected to respond.
White House spokesman Josh Earnest deemed the meetings “incremental progress.” Most agreed.
“As the Chinese like to say, ‘A journey of a thousand miles begins with a single step,’” Rep. Adam SchiffAdam SchiffSchiff: Trump will blame Obama during his entire presidency Russia investigation 'back on track' after Nunes recusal Overnight Defense: US moving missile defense system to South Korea | Dems want justification for Syria strike | Army pick pushes back against critics of LGBT record MORE (D-Calif.), the House Intelligence Committee’s top Democrat, told The Hill. “This may be that single step.”
But since September, the White House has battled allegations that the U.S.-China cyber accord has had no effect on China’s robust hacking operations.
Within weeks of the deal, security researchers were quick to point out that Chinese government-linked hackers had not abated their aggressive efforts to penetrate American companies in search of trade secrets.
“The intrusion attempts are continuing to this day, with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures,” said Dmitri Alperovitch, co-founder of CrowdStrike, which monitors private sector cyberattacks, in an Oct. 19 blog post.
The head of U.S. counterintelligence operations confirmed this narrative in November. National Counterintelligence Executive Bill Evanina told a briefing he had seen “no indication” in the private sector “that anything has changed” regarding corporate espionage originating in Beijing.
Several unnamed administration officials pushed back this week, telling The Washington Post the Chinese military had actually scaled back its campaign to pilfer American trade secrets starting in 2014, following the Justice Department’s indictment of five officers.
But determining whether the move is simply strategic, or a genuine change in behavior, is an ongoing process, the officials maintained.
“A lot of these things just take time, more time than I think people realize,” said one official.
The White House may not have much time, though.
“I think the administration needs to make clear that we expect to see results and that we’re prepared to take steps if China continues to engage in economic espionage,” Schiff said.
The Obama administration has been under considerable pressure from Capitol Hill and the private sector to do more to curb Chinese hacking. Several GOP White House hopefuls have effectively used the issue as a key talking point in the debates.
Analysts say the Chinese economic espionage is costing the American economy hundreds of billions each year. And national security experts worry that suspected Chinese intrusions across the government are putting undercover agents at risk of exposure.
Lawmakers told The Hill they would like to see some actual figures indicating a widespread change in hacking activities.
“This is a measurable phenomenon, so we will be able to tell whether China is serious about it,” Schiff said, “or whether it wants to go through the motions of saying the right things.”
“Time will only tell,” said Senate Intelligence Committee Chairman Richard BurrRichard BurrTrump voter who cast ballot illegally won’t be charged Burr: US in new Cold War with Russia Senator: No signs of GOP 'slow-walking' Russia investigation MORE (R-N.C.). “Ball’s in their court.”
McCaul wants to Chinese hackers to actually face the U.S. criminal justice system.
“We’ll see how many people they really turn over for prosecution,” he said.
Schiff, McCaul and others believe the administration will eventually need to wield the economic sanctions that were put on hold when China agreed to come to the negotiating table.
“I suspect that those steps will be necessary, but we’ll see how far China’s willing to go without further prodding,” Schiff said.
And like others, McCaul remains frustrated China has not been punished for orchestrating the this summer’s catastrophic data breach at the Office of Personnel Management (OPM), which exposed over 20 million federal workers' sensitive background check data and roiled the government.
Beijing claimed this week the intrusions were pulled off by criminal, not government-backed, hackers, refuting the private assertions of U.S. officials. Chinese authorities also said this week they had apprehended the OPM cyber thieves.
“I think they’re doing that to basically throw a few bones and try to avoid the real subject, and that is their own culpability,” McCaul said.
“The administration is trying to play nice with them, but it was an act of espionage, the greatest one we’ve ever seen.”