Can Obama and Xi Agree to Regulate Cyber Spying?

The two leaders have an opportunity to establish some ground rules at their meeting in California.


The building housing "Unit 61398" of the People's Liberation Army, center top, is seen in the outskirts of Shanghai, China. (AP)

In the run up to the "shirt-sleeves" summit between Chinese President Xi Jinping and U.S. President Barack Obama, which will take place at the Sunnylands estate in California on June 7-8, one of the questions has been how would Obama raise the cyber espionage issue. An approach that directly calls out the seriousness of the attacks but indirectly hints at the possible sanctions seems the most likely. This would be a "good cop, bad cop" approach. Obama would stress that Chinese attacks, especially on the private sector, needed to be dialed back, but that Washington also wanted to continue working with Beijing on a range of issues, including Iran, North Korea denuclearization, and climate change. Obama would also hint that there is a great deal of legislation being considered that might lead to sanctions on Chinese companies and travel restrictions on individuals, and that China should work with him to prevent that from happening.

"Good cop, bad cop" is still likely to make a showing at the meeting, but in a background briefing yesterday, senior U.S. government officials said Obama would also raise the norm of state responsibility: governments have a responsibility for actions emanating from their territory. This argument may reduce some of the tension between the two sides by shifting focus from who directs the attacks to where the attacks come from. It provides a pause, at least temporarily, from the assigning responsibility directly to the Chinese government and the People's Liberation Army that we saw in the Pentagon's report to Congress and U.S. Secretary of Defense Chuck Hagel's speech at the Shangri-La Dialogue.

The government officials also noted that Obama will raise an economic argument. Cyberattacks could threaten foreign investment in China if businesses believe their intellectual property and sensitive information will be compromised. This seems to describe the operating environment in China for years; it is unclear why this argument would gain traction with Xi now.

Pushing the norm of state responsibility does raise the interesting question of what Obama will say when Xi complains about the United States hacking its networks. In fact, China seems to be preparing to make just that point. China Daily published a piece today noting that "cyber-attacks from the U.S. are as grave as the ones the U.S. claims China has conducted." As Jason Healey of the Atlantic Council notes, the norm is a double-edged sword, especially as the United States is a primary victim and culprit of attacks. The Akami State of the Internet report named the United States as the second-largest originator of cyber-attacks, behind China.

As many have noted, these talks are unlikely to bring any concrete deliverables. The number of cyber espionage attacks are not going to decline dramatically immediately after the meeting ends. Still, it may not be misplaced to share the administration's hope that this can be a first step in defining some norms of behavior in cyberspace.

This post appears courtesy of, an Atlantic partner site.