U.S. authorities are moving ahead with plans to strengthen cooperation with China against cybercriminals and other hackers, according to the Departments of Homeland Security and Justice, despite growing concerns from officials and business executives about the mercantilist impact of Beijing’s new cybersecurity law.
Thursday’s third U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues in Washington saw the launch of a cyber-hotline between the two capitals; an agreement to begin sharing indicators of compromise through newly established channels; and a pledge to hold a U.S.-China roundtable for officials and technology companies to discuss “cybersecurity issues of mutual concern.”
The meeting, between Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson on the U.S. side and China’s State Councilor and Minister for Public Security Guo Shengkun, was the third since President Obama and his Chinese counterpart Xi Jinping reached a deal in September last year to cooperate in fighting cybercrime and stop hacking for economic gain.
National security cyber-espionage — like the massive theft of data from the Office of Personnel Management — was excluded.
Among the other topics discussed this week, according to a DHS statement, were:
- Continued cooperation “on misuse of technology and communications to facilitate violent acts of terrorism.”
- Continued cooperation on cybercrime cases involving online distribution of child pornography. Expanded cooperation “to counter Darkweb marketplaces’ illicit sale of synthetic drugs and firearms.”
- “Both sides recommend that the Dialogue continue to be held each year, and that the fourth Dialogue occur in 2017.”
A statement from the White House Thursday noted that Guo also met with National Security Advisor Susan Rice. Rice “raised U.S. concerns about the potential impacts of China’s cybersecurity law … on commercial and people-to-people links between the United States and China,” the statement says.
The law, passed last month and due to take effect in June, includes requirements for “critical information infrastructure operators” to keep vital business and personal data in China, provide unspecified “technical support” to security agencies, and pass national security reviews of their IT products.
It has been seen by critics as overly broad and vaguely worded — leading to fears that foreign companies operating in critical sectors would have to hand over intellectual property or open back doors within products in order to operate.