Can the US and China Cooperate on the First (and Last) Line of Cyber Defense?
Image Credit: shutterstock

Can the US and China Cooperate on the First (and Last) Line of Cyber Defense?


Earlier this month, I noted that the recent agreement between China and the United States to cooperate on a number of cyberspace-related policy issues, including an understanding on intellectual property theft, would, in all likelihood, not lead to a reduction of the number of cyberattacks ostensibly launched from Chinese territory.

A new report issued by the U.S.-based cybersecurity company CrowdStrike appears to confirm my previous analysis, since it outlines that attacks by Chinese “state-affiliated” hackers (a rather vague term) on U.S. technology and pharmaceutical companies have continued unabated from the time the agreement was announced until now.

This is not surprising. After all, the agreement did not specifically prohibit all cyberattacks and the collection of information via cyberespionage, but rather called for an end to the passing on of information extracted from U.S.-private sector networks to Chinese companies in order for them to gain a competitive advantage. It may be too premature to argue that the agreement has failed.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

For now, the September 2015 China-U.S. cyber agreement remains the most useful framework for bilateral cooperation on cyber-related policy issues after the June 2013 Sunnylands summit pledges to deepen cybersecurity cooperation were abandoned with the U.S. indictment of five Chinese military hackers in May 2014.

To avoid past mistakes, the rather vague September agreement needs to be followed up as soon as possible by bilateral meetings to more clearly define specific venues of cooperation between China and the United States.

And while the September agreement talks about a meeting of a new joint China-U.S. high-level government-to-government working group to combat cybercrime to be held before the end of the 2015 and biannually in subsequent years, other initiatives to deepen cooperation between the two countries need to happen.

One possible way to do so is to strengthen cooperation between the Chinese and U.S. Computer Emergency Response Teams (CERTs). In general, CERTs are the first (and last line) of defense in protecting a country’s critical information infrastructure from cyberattacks and are tasked with coordinating responses to network intrusions across the nation and beyond.

China’s CERT is specifically tasked with “building up the national monitoring, warning, emergency response, evaluation and public opinion centers for network security.” It serves as the coordinating body for other CERTs in China and also engages with CERTs in other countries.

Of particular note here is the cooperation between the CERTs of China, Japan, and South Korea. The CERTs meet annually, share information including threat data, have established a 24/7 technical hotline, and purportedly have a protocol for crisis escalation in place in the event of major cyberattacks. Representatives of the three countries recently met in Seoul to better coordinate their cyber policies when it comes to fighting cybercrime and terrorism.

China and the United States have also been cooperating on a CERT level over the last couple of years, but at a rather ad-hoc and impromptu level, which has substantially undermined collaboration. For example, up until now no joint protocol exists for how to handle requests for information or what type of information needs to be provided for one side to take action when an incident occurs.

That China is willing to cooperate more closely with other countries can be seen with Beijing’s participation in yearly joint cyber exercises – the Cyber Exercise Drill – organized by the Asia Pacific Computer Emergency Response Team (APCERT). The aim of these “blind drills” is to coordinate international responses to cyberattacks. The exercises specifically deal with improving communication protocols, information sharing, and crisis response times of the CERTs participating.

As an initial first step, the United States could join the drill and apply the lessons learned on the multilateral level to the Sino-U.S. bilateral level. (In the past, APCERT has extended invitations to the Organization of the Islamic Cooperation-Computer Emergency Response Team and the European Government Computer Security Incident Response Teams).

Cooperation between countries is possible, and this has been exemplified in the field of cybercrime. There, Beijing and Washington have cooperated on multiple occasions in the past. The last time, a few weeks prior to the Obama-Xi meeting in Washington D.C. in September, the Chinese government has agreed to arrest a number of Chinese hackers at the request of the Chinese government.

Deeper China-U.S. CERT cooperation will be beneficial for both countries. However, in order for it to work in the long run, steps will need to be taken to isolate this relationship at the technical level from bilateral political considerations.

Thus, the current Sino-U.S. rapprochement on cyberspace-related issues on the political level can only serve as an impetus for deeper cooperation at the technical level of both countries. Once that is established, politics will need to recede and experts on both sides left alone to help safeguard the global cyber commons.

A version of this article was previously published at

Sign up for our weekly newsletter
The Diplomat Brief