If agreed, it could become the first arms control accord for cyber-space, with each country committing not be the first to use cyber-weapons to cripple the other's critical infrastructure during peacetime. “It would be the first time that cyber is treated as a military capability that needs to be governed as nuclear, chemical and biological weapons are,” Vikram Singh, vice president for international security at the Center for American Progress was reported by the NYT as saying.
The deal is likely to happen despite both sides still accusing the other of spying – an allegation highlighted by the recent publication of a report called project *Camerashy. Camerashy has been produced by ThreatConnect Inc and Defense Group Inc which have partnered to share threat intelligence about the Chinese military grade signals intelligence Unit 78020 and the Advanced Persistent Threat (APT) group known as “Naikon”.
On Wednesday, Obama reportedly told the Business Roundtable that the rising number of cyber-attacks would “probably be one of the biggest topics” of the summit meeting, and that his goal was to see “if we and the Chinese are able to coalesce around a process for negotiations” that would ultimately “bring a lot of other countries along”. Xi Jinping was reported in the WSJ saying: “China and the United States share common concerns on cyber-security. We are ready to strengthen cooperation with the US side on this issue."
During the recent eighth annual meeting of the US-China Internet Industry Forum, Reuters reports Lu Wei, China's top Internet regulator, as saying: “We are on the same boat...The only choice we have is to cooperate.” And he hinted that the two countries were set to reach some kind of agreement on cyber warfare, banning attacks on infrastructure in peacetime.
However, even if the deal is done, it's likely to have little meaningful impact on either side's cyber-spying, says Thomas Rid, at the department of War Studies at Kings College London, who described the agreement as “symbolic”. In response to the suggestion of an agreed, 'no first strike on critical infrastructure in peace time' He told SC that: “There is no money to be made from damaging critical infrastructure – and China is not actually taking down America's grid – so agreeing not to do something that isn't happening anyway is a feel-good strategy that has little effect on the breaches that are happening.”
He also questions whether a more substantive agreement would have been possible anyway, saying: “Ultimately the question is whether some cyber-attacks emanating from China could be a form of corruption which the Chinese government is trying to stop?” The implication being that some acts of espionage, including pre-positioning of monitoring software, could be carried out by elements of the army – and others – working for their own financial gain.
Consequently, Rid says the Chinese government: “...will be careful to avoid promising anything they can't deliver upon.”