During the second week of January, I was in Beijing for the tenth round of the Center for Strategic and International Studies (CSIS) and China Institute of Contemporary International Relations (CICIR) Cybersecurity Dialogue. Government officials, think tank analysts, and academics participate in the meeting, and previous discussions have covered issues such as norms, state responsibilities in cyberspace, and crisis escalation and communication. The meetings have also included scenarios (which have in the past been inaccurately reported as "war games") that allow the two sides to talk through how they might respond to certain types of cyberattacks and what they would expect from other nation-states in terms of cooperation and communication.
The talks are off-the-record, so these are my broad takeaways, not ascribed to any specific individuals or organizations. Though in some instances I will use "the Chinese," individuals were not speaking as official representatives and there were differences among the group.
Not surprisingly, Russia and the hack of the Democratic National Committee kept popping up in conversation, though not officially on the agenda. The Chinese side stressed three points. First, they are not convinced by the U.S. government’s public attribution of the hacks to Russia. This has historically been the case. In previous cases involving Chinese hackers and other nation-state attackers, the official response has been that attribution is hard, if not impossible. Like many in the security community, the Chinese were clearly not impressed by the level of technical detail offered the Department of Homeland Security and FBI’s GRIZZLY STEPPE report. While this may reflect the lack ability on the Chinese side, Beijing also clearly has a strategic interest in discounting Washington’s capability to attribute attacks. There was some interest on the Chinese side in the idea for a neutral third party for attribution that has been discussed by Scott Harold, Martin Libicki and Astrid Cevallos.
Second, some of the Chinese respondents did not see much deterrence value in the U.S. public response to the hacking. The response came too late after the revelations and was not proportionate. One Chinese discussant essentially said, "You say this is a threat to democratic institutions but all you did was expel a few diplomats and levy some sanctions." There was also a criticism of the sanctions as unilateral and a barrier to building international cooperation on cyber norms.
Third, there was a little schadenfreude from the Chinese in watching the U.S. side complain about "fake news" and interference in domestic politics. The Chinese side pivoted their standard "we are the biggest victims of cybercrime in the world" away from espionage and crime to trolling and influence operations. Some of the Chinese seemed to think that the United States might shift its international dialogue on cyber norms to include influence operations, or at the least moderate its criticism of internet censorship and the Great Firewall.
The discussions on the bilateral relationship covered little new ground. The Chinese complained about the media response to the cybersecurity law, arguing that they are not meant to restrict foreign companies; we should wait to see how they are implemented; and Beijing is committed to opening up and international cooperation. They praised the IANA transition, but worried about political interference under President Trump. And they expressed continued disappointment that the U.S. government has not embraced China’s World Internet Conference at Wuzhen.
There were, however, some concrete signs of the value of the talks I attended and the official dialogue held by the Department of Homeland Security and Ministry of Public Security. Although the announcement in June 2016 that it took the two sides almost nine months to set up an email for communications was met with some mockery, the Chinese said it has now been used to handle over 2000 incidents, mainly covering botnets, counterfeit sites, and website vulnerabilities. The Chinese are clearly worried about China policy under President Trump. I was asked several times at the dialogue and another conference the same week at Beijing University whether the new administration would continue the official discussions on cybersecurity. I think they should, but if they do not, talks like the CSIS-CICIR dialogue will become even more important.