The U.S. and India’s comprehensive agreement this week to work more closely on cybersecurity issues is tacitly aimed in part at pressuring China to abide by international cyberspace norms, a Washington information security expert said.
“There are a few items in the cybersecurity language [in the accord] that seem particularly oriented toward the U.S. getting India, and I assume other Asian countries, to align with the U.S. and against China in ‘cyberspace behavior norms’ — not using the Internet to steal intellectual property, not trying to inhibit computer security incident response teams and so on,” said John Pescatore, director of emerging security trends at the SANS Institute. “Those all translate to [concur] that China’s actions violate agreed-upon norms.”
Adam Segal, the Maurice R. Greenberg senior fellow for China studies and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, told us that “in any kind of security cooperation with India these days there is some balancing going on against China.”
He added that “one of the important principles that the Indians agreed to was this commitment to the multi-stakeholder model of Internet governance, which clearly is directed in part against China.”
A commitment to a wide-ranging framework for India-U.S. cooperation on cyber was a key outcome of the bilateral summit Tuesday between President Barack Obama and Prime Minister Narendra Modi of India. The meeting, the third in a series of U.S.-India summits at the White House, marked “the deepening strategic partnership” between the U.S. and India on an assortment of global challenges, according to a joint statement.
The two leaders stressed cyberspace enables economic growth and reaffirmed their commitment to “an open, interoperable and reliable Internet, underpinned by the multi-stakeholder model of Internet governance.” They also committed to enhancing cyber collaboration on critical infrastructure, cybercrime, and malicious activity by state and nonstate actors.
Additionally, Obama and Modi affirmed their commitment to “the voluntary norms” that no country should conduct or knowingly assist online activity that intentionally damages critical infrastructure, prevents responses to security incidents, supports theft of intellectual property and is not consistent with international law, including the United Nations Charter.
Segal noted that the Chinese government has signed off on some of the voluntary norms addressed in the U.S.-India framework. In September 2015, for example, after Chinese President Xi Jinping visited Obama at the White House, China and the U.S. agreed to norms relating to the theft of intellectual property and trade secrets. Prior to this agreement, there had been an increasingly active debate in the U.S. about imposing sanctions against China.
As a result, the U.S.-India cyber framework “is not directed at China in a kind of oppositional way,” Segal said. “It’s more a way of further binding China to those kinds of commitments, I would say.”
Overall, the U.S.-India pact is clearly a positive step, Segal said. “The fact that the two sides can identify a whole set of common principles they can commit to is an important framework for the two sides to work forward,” he said.
Segal cautioned that “we’re going to have to wait for actual implementation to see how closely they cooperate on information sharing, threat sharing and those kinds of things. But I think there’s a lot of enthusiasm for both the government of India and the U.S. government to make cyber an important area of cooperation.”
The framework for the U.S.-India cyber relationship is expected to be signed within 60 days, White House officials said.