By reaching an agreement on cyber-theft with the U.S., the Chinese are showing a willingness to embrace the American definition of what constitutes appropriate espionage, former CIA director Michael Hayden said Tuesday.
But Hayden told an event on cyberattacks at the Council on Foreign Relations that it probably wouldn’t make all that much difference.
The two sides preliminarily agreed last month that neither government would “conduct or knowingly support the cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
“It is an explicit Chinese acceptance of the American definition as to what constitutes legitimate and illegitimate state espionage,” said Hayden, also the former director of the National Security Agency, during the HBO What To Do About Cyberattacks event. “But it is a useful statement to have the Chinese on the record. I’m incredibly skeptical that it will make much difference going forward.”
The U.S. in recent weeks has taken a tougher line publicly against China's hacking, saying it is reaching epidemic levels following the theft of persona details of more than 21 million American from the databases of the Office of Personnel Management (OPM). Ahead of the recent U.S. visit by Chinese President Xi Jinping, American officials warned of retaliatory sanctions against Chinese businesses and individuals - a threat that some believe forced Xi to sign the cyber-theft agreement.
Hayden said he wasn’t especially particularly upset about the OPM theft.
“Stealing OPM, that is just espionage,” Hayden, who is now principal of security advisory firm The Chertoff Group, said. “I have no anger against the Chinese for stealing that. It’s my data so I’m mad but intellectually I have no right to be angry. If I could have stolen that data in China, I would have done it in a heartbeat as director of NSA and I would have not had to go downtown for a meeting to ask permission. It’s just what adult nations do to one another.”
But he argued “the stuff we really get offended by” is stealing data for profit – so-called economic espionage that China and Russia have long been accused of conducting. To combat this, he said the Americans would be better off squeezing perpetrators economically, rather than by “creating some kind of discomfort in the cyber domain.”
“Why don’t you go after the domains for which they are actually committing the original crime which is commercial profit,” Hayden said, referring to a 2013 paper by Dennis Blair and Jon Huntsman about protecting intellectual property rights.
“It says punish them in the economic way,” he said. “It’s about sanctions. It’s about who gets to be listed on the New York Stock Exchange. Who sells that product inside North America? It’s about whose kids get to go to prestigious American universities … All of those things can be used … and that is what I thought we were going to do to the Chinese before President Xi arrived.”
But Hayden said Americans themselves need to take the threat of cyber attacks more seriously, noting that we “underestimate how disruptive this is” and that until now the government doesn’t “have a structure of law and policy” to combat cyberattacks.
“We have not yet decided what we want or what we will allow our government to do to keep us safe in this domain,” Hayden said, adding that the “problem” is that technology, social norms and policy are changing at different rates. “So, I fear the government will forever be in a tail chase.”