WASHINGTON — Asserting that cyberattacks against the US do not come only from China, the US and Chinese defense ministers said they agreed Monday to work together on cybersecurity issues to avoid miscalculations that could lead to future crises.
Defense Secretary Leon Panetta said that since China and the United States have advanced cyber capabilities, it is important to develop better cooperation.
“It’s true, as the general pointed out, that obviously there are other countries, actors, others involved in some of the attacks that both of our countries receive,” Panetta told reporters after an afternoon
meeting in the Pentagon marking the first visit by a Chinese defense minister to the US since 2003.
“But because the United States and China have developed technological capabilities in this arena, it’s extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area.”
General Liang Guanglie, China’s minister of national defense, offered a vigorous defense of his country, saying through an interpreter that, “I can hardly agree with the proposition that the cyberattacks directed to the United States are directly coming from China … We cannot attribute all of the cyberattacks (against the) United States to China.”
Just six months ago, however, senior US intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain.
It was the most forceful and detailed airing of US allegations against Beijing after years of private complaints, and it signaled the opening salvo of a broad diplomatic push to combat cyberattacks that originate in China.
Guanglie said he and Panetta talked about ways to strengthen cybersecurity, but they are leaving the details to the experts.
Cybersecurity was just one of the many issues discussed by the two leaders during their meeting, but it also is one of a number of contentious topics that rattle the often rocky relationship between
the two nations.
“The US needs to start laying the groundwork for better understanding by the Chinese of what we expect from them in cyberspace,” said James Lewis, a cybersecurity expert who has met with Chinese officials and scholars for informal discussions. “We want to figure out some way to get some understanding in place before something bad happens.”
As an example he said American officials want to know whom to talk to when Chinese hackers breach US computer networks. And if there is a cyber incident in China, Lewis said, “we need the Chinese to feel confident that they can call us up and ask, ‘Was it you?’, and get a straight answer.”
Chinese officials routinely have denied the cyberspying, insisting that their own country also is a victim of such attacks. And they note that the hacking is anonymous and often difficult to track.
US cybersecurity experts acknowledge that attribution can be difficult, and that while they can trace an attack to China, it is often difficult to track directly to the Chinese government. Last December’s report by US intelligence agencies said America must openly confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and represent a “persistent threat to US economic security.”
And, separately, several cybersecurity analysts have concluded that as few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the cyberattacks that aim to steal critical data from US companies and government agencies.
Officials estimate that the stealthy attacks have stolen billions of dollars in intellectual property and data.
Because people and businesses in both China and America have been victims of cyberattacks, officials have been talking more about building a better relationship so that they can work together.
Law enforcement is one area of cybersecurity where the two nations have begun to build partnerships, but so far it has been extremely limited.
Lewis said that in 2011, US authorities requested help from the Chinese 11 times, and in seven of the cases received no information. But, he said, the Chinese cooperated with US law enforcement in a high profile financial fraud case late last year.