On the eve of a significant agreement between the United States and China on trade and information security, the head of the National Security Agency cautioned that the two superpowers must develop a set of norms that would curb cyber-espionage and theft of intellectual property from U.S. firms.
Adm. Michael Rogers appeared in a rare open hearing of the Senate intelligence committee to offer an update on the agency's work, with a particular focus on the various cyberthreats, which increasingly are coming from state-sponsored actors.
[ Related: What would a U.S.-China cybertreaty really mean? ]
"The greatest amount of activity is still criminal-based, but when I look at [it] from a national security perspective I would argue at the moment the nation-state represents the greater national security challenge," Rogers said.
Then on Friday, the White House announced a broad-ranging economic accord with China that touches on many of the issues that have been of high concern to firms in the tech sector.
The U.S. and China come to ‘common understanding’
On the topic of infiltrating corporate networks and stealing intellectual property, a fact sheet from the White House describes the agreement as follows:
"Both countries affirm that states should not conduct or knowingly support misappropriation of intellectual property, including trade secrets or other confidential business information with the intent of providing competitive advantages to their companies or commercial sectors. Both countries affirm that states and companies should not by illegal methods make use of technology and commercial advantages to gain commercial benefits."
President Obama, speaking after his meeting with Chinese President Xi Jinping, touted the "common understanding" the two nations had reached outlining a "way forward" on cyber issues.
"I raised once again our very serious concerns about growing cyberthreats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain," Obama said.
"We've agreed that neither the U.S. nor the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage. In addition, we'll work together, and with other nations, to promote international rules of the road for appropriate conduct in cyberspace," he said.
Additionally, the White House outlined joint commitments to several other areas that aim to promote an "expanded two-way trade and investment in the technology sector," which the administration calls "one of the pillars of the bilateral economic relationship" between the two nations.
So, for instance, both countries offered an affirmation of non-discriminatory policies toward foreign companies and a commitment not to advance "policies or practices that require the transfer of intellectual property rights or technology as a condition of doing business in their respective markets."
But security has been perhaps the most contentious issue on the table at this week's talks, and Rogers reminded members of the Senate committee that the threats are far greater than just the activities of the Chinese.
Several senators asked about his views on formalizing something like a cybersecurity non-proliferation pact with China, as the White House has been exploring. Rogers explained that he favors some kind of an agreement on what might constitute "norms" in the cyber arena, which could be multilateral in a way that a formal arms agreement could not.
Moreover, Rogers pointed out that the online world is much messier than any conventional military or diplomatic issue, so the idea of trying to bring a group like the Islamic State, or ISIS or ISIL, into a global accord on cyber issues is a non-starter.
"I certainly think we can get to the idea of norms. A formal treaty, I don't know. Because one of the challenges in my mind is how do we build a construct that ultimately works for both nation-states and non-state actors," he said.
"And one of the challenges inherent in cyber is the fact that you are dealing -- unlike the nuclear world, where you're dealing with a handful of actors all nation-states -- you're dealing with a much greater number of actors, many of whom, quite frankly, are not nation-states and have no interest in sustaining the status quo, so to speak. In fact, if you look at ISIL and other groups, their vision would be to tear the status quo down. They're not interested in stability."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.