US, China to cooperate more on cyber threat

LOLITA C. BALDOR Associated Press Published:

WASHINGTON (AP) -- Asserting that cyberattacks against the U.S. don't come only from China, the U.S. and Chinese defense ministers said they agreed Monday to work together on cyber issues to avoid miscalculations that could lead to future crises.

Defense Secretary Leon Panetta said that since China and the United States have advanced cyber capabilities, it is important to develop better cooperation.

"It's true, as the general pointed out, that obviously there are other countries, actors, others involved in some of the attacks that both of our countries receive," Panetta told reporters after an afternoon meeting in the Pentagon marking the first visit by a Chinese defense minister to the U.S. since 2003. "But because the United States and China have developed technological capabilities in this arena it's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area."

Gen. Liang Guanglie, China's minister of national defense, offered a vigorous defense of his country, saying through an interpreter that, "I can hardly agree with the proposition that the cyberattacks directed to the United States are directly coming from China. ... We cannot attribute all of the cyberattacks (against the) United States to China."

Just six months ago, however, senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.

It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it signaled the opening salvo of a broad diplomatic push to combat cyberattacks that originate in China.

Liang said that he and Panetta talked about ways to strengthen cybersecurity, but they are leaving the details to the experts.

Cybersecurity was just one of the many issues discussed by the two leaders during their meeting, but it is also one of a number of contentious topics that rattle the often rocky relationship between the two nations.

"The U.S. needs to start laying the ground work for better understanding by the Chinese of what we expect from them in cyberspace," said James Lewis, a cybersecurity expert with the Center for Strategic and International Studies who has met with Chinese officials and scholars for informal discussions. "We want to figure out some way to get some understanding in place before something bad happens."

As an example he said American officials want to know who to talk to when Chinese hackers breach U.S. computer networks. And if there is a cyber incident in China, Lewis said, "we need the Chinese to feel confident that they can call us up and ask, 'was it you?', and get a straight answer."

Chinese officials have routinely denied the cyberspying, insisting that their own country also is a victim of such attacks. And they note that the hacking is anonymous and often difficult to track.

U.S. cybersecurity experts acknowledge that attribution can be difficult, and that while they can trace an attack to China, it is often difficult to track directly to the Chinese government. Last December's report by U.S. intelligence agencies said America must openly confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and represent a "persistent threat to U.S. economic security."

And, separately, several cybersecurity analysts have concluded that as few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the cyberattacks that aim to steal critical data from U.S. companies and government agencies. Officials estimate that the stealthy attacks have stolen billions of dollars in intellectual property and data.

Because people and businesses in both China and American have been victims of cyberattacks, officials have been talking more about building a better relationship so that they can work together.

Law enforcement is one area of cybersecurity where the two nations have begun to build partnerships, but so far it has been extremely limited. Lewis said that in 2011, U.S. authorities requested assistance from the Chinese 11 times, and in seven of the cases received no information. But, he said the Chinese cooperated with U.S. law enforcement in a high profile financial fraud case late last year.