Experts generally agree that the Obama administration’s cyber-security policies were a mixed bag. Managing cyber-security was an extraordinarily difficult task, given the novel nature of the technology and the escalating degree of threat. The United States certainly conducted successful offensive operations under Obama, including the Stuxnet attack and possibly certain “left of launch” attacks on North Korean missile programs. The former may have contributed to the willingness of Iran to deal on its nuclear program, while the latter does not appear to have meaningfully slowed or stopped the North Korean program. The Snowden files also revealed a variety of offensive tools and capabilities that could be used against Russia, China, or other potential threats.
But the Obama period was also marked by spectacular failures, including the loss of extensive defense technology and of OPM personnel data to Chinese hackers. And of course, the most spectacular defeat involved Russia’s multifaceted attack on the 2016 election, only a part of which included classic cyber-security concerns. In that case, moral suasion (knock it off!) did not work, or worked too late. But in 2015, President Obama and President Xi held talks to reduce tensions in cyberspace, and Obama called on Xi to restrain hacking efforts designed to appropriate privately-owned U.S. intellectual property (IP) for commercial purposes. In other words, Obama called on Xi to stop stealing U.S. private IP, and stop handing that IP over to Chinese firms.
As Herbert Lin at Lawfare points out, this is a very careful distinction that exempts a wide array of espionage activities. The United States wanted to reserve for its own intelligence agencies a justification for appropriating foreign military and commercial secrets for national security purposes; to steal information about Chinese military and dual-use technology in order to better understand the nature and extent of the Chinese military threat. This is largely in keeping with the bulk (if not the entirety) of U.S. technological espionage during the Cold War, which focused on analysis of Soviet capabilities rather than the appropriation and dissemination of (usually inferior) Soviet technologies. The problem with Chinese hacking, as depicted by the Obama-era Justice Department, was that in involved a state-sponsored effort to steal private U.S. property and then to give that property to state- and privately-owned Chinese firms.
A fine distinction, to be sure. But as Lin suggests, a recent National Counterintelligence and Security Center report implied that the Obama-Xi agreement may well have had the intended effect, limiting precisely the kind of espionage that the Obama administration was most concerned about. If true, this has some very large implications; first and foremost, it suggests that China is, at least in some areas, sensitive to a sort of moral suasion (or perhaps better to say “open to the enlightening of its self-interest”). It also suggests that repeated, full-throated denunciation of Chinese espionage could be counter-productive, especially if China believes that it has acted in accordance with the agreement it reached with President Obama.
If China feels cheated, or if China feels pressed, then China can certainly end the “lull” and crank cyber-espionage efforts back up. It remains to be seen whether the rhetorically aggressive approach of the Trump administration will pay any dividends with respect to Chinese behavior.