Will the United States impose cyber sanctions on China?

Last week, President Obama called cyber-enabled theft of trade secrets and intellectual property (IP) from U.S. companies “an act of aggression,” adding: “There comes a point at which we consider this a core national security threat.” He said that if China cannot figure out the boundaries of what is acceptable, “we can choose to make this an area of competition, which I guarantee you we will win.” Last Wednesday, in a meeting with CEOs at the Business Roundtable, he added: “We are prepared to [take] some countervailing actions in order to get their attention.”

Tough talk from this president. Notably, he made the last statement several days after Meng Jianzhu, President Xi’s chosen cyber envoy, spent four days in Washington with top U.S. intelligence and law enforcement officials in an eleventh-hour attempt to find a path forward and salvage President Xi’s visit. President Obama, it appears—at least as of last Wednesday—felt he did not yet have the Chinese government’s attention. He is impatient and irritated.

Carrying a big stick

Are we headed for sanctions? Let’s look back. Five years ago, given the severity and sensitivity of the charges, U.S. officials raised cybertheft concerns with their Chinese counterparts discretely, in private meetings and pull-asides. Facing denials and no change in conduct, in the spring of 2013, the president’s national security advisor and secretary of defense publicly named China. The National Security Agency (NSA) chief called China’s cybertheft “the most significant transfer of wealth in history.”

In June 2013, at his meeting with President Obama at Sunnylands, President Xi pledged to resolve concerns with the United States “in a pragmatic way.” Also in 2013, Edward Snowden leaked classified NSA documents on U.S national security surveillance programs. In a shot across the bow, the Justice Department in spring of 2014 indicted five People’s Liberation Army-affiliated cyber thieves. In response, China suspended bilateral cyber discussions. In May of this year, President Obama signed an executive order allowing the United States to impose severe financial restrictions on entities and individuals who engage in or benefit from cyber-enabled economic espionage or other specified malicious cyber-enabled activities. This includes harming or otherwise compromising the provision of services that support critical infrastructure. 

Since August, U.S. officials have made abundantly clear they are preparing sanctions against Chinese hackers.

Since August, U.S. officials have made abundantly clear they are preparing sanctions against Chinese hackers. Over the past several years, the secretaries of Treasury, State, Defense, Commerce, the Attorney General, the heads of U.S. intelligence agencies, the president, and his senior staff have— individually and jointly—raised with their Chinese counterparts, at every opportunity, deep U.S. concerns about the scope, scale, and severity of China’s cyber-enabled IP and trade secret theft for commercial gain.

Room for cooperation?

It is unclear what came out of the discussions between Meng Jianzhu and senior U.S. officials. Agreement by the United States and China on a foundational set, or even subset, of peacetime cyber norms for cyber conduct by states would be a meaningful first step. As I mentioned last month, China is currently participating in a United Nations experts group with the United States and other countries to craft peacetime norms. These include recommendations that states pledge they will refrain from attacks on other nations’ critical infrastructure or cyber emergency responders, and cooperate with other nations’ investigations into cybercrime. The United States and China should embrace these principles, and also pledge not to engage in IP theft for commercial advantage, during President Xi’s visit. U.S. officials publicly stated their support for this set of four peacetime cyber norms in testimony before Congress this past spring. The United States and China should, in addition, set goals for joint cross-border enforcement against non-state cyber criminals.

President Obama suggested last week that the two counties were trying to reach consensus on a process through which the United States and China and would negotiate norms and “bring a lot of other countries along.” This too would be a step forward. 

But agreement on process, or even norms themselves, will not necessarily forestall the deployment of U.S. sanctions. The hammer is cocked. It would appear the administration believes it has the cases and evidence to move forward. I think this president will proceed with sanctions absent a significant and enduring change of behavior, regardless of what principles or negotiation processes might be agreed to. That means the unprecedented scope and scale of state-enabled cybertheft of American companies’ IP and trade secrets for foreign competitors’ commercial benefit must end. It would be a mistake to assume that a consensus on negotiation process or substantive principles, however meaningful, is more than that. Yet President Obama did not characterize the “countervailing actions” that his administration is preparing as inevitable. He closed: “My hope is that it gets resolved short of that.”