Cybersecurity and the Limits of Leader Summits
From: The Diplomat
By Christopher Whyte
The recent summit meeting in California between President Barack Obama and his Chinese counterpart, President Xi Jinping was seen by many as an important milestone in Sino-American bilateral relations. Indeed, the informality and broad range of subjects discussed between two competitive nations led many observers to draw parallels to the U.S.-Soviet summits of yesteryear.
So where do we go from here? Will the summit produce concrete, cooperative policy results in the long term, as they so often did in the latter days of the Cold War?
This is likely to differ based on issue area being discussed. For instance, when it comes to economic cooperation, probably – both countries have a vested interest in deepening bilateral trade. On conventional security matters, particularly those related to strategic military planning, maybe. Though both countries remain encumbered by the constraints of domestic sentiment and the interests of international partners, summit diplomacy has a way of transforming frosty relations into a relative détente. A personal political connection at the highest levels can help facilitate understanding and general agreement on best practices.
However, when it comes to cybersecurity, summit diplomacy most likely will not help get results – at least not anytime soon.
Of course, the summit did produce a broadly optimistic cyber agreement in principle, based on the need to pragmatically deal with issues of mutual concern in the cyber world. Xi even pledged to pragmatically deal with concerns shared by the United States and the Chinese government, and publicly agreed that international laws apply to state activities in cyberspace.
And high level dialogue can and often does help more clearly communicate goals and interests between governments. Importantly, an ongoing conversation will likely help generate understanding on the different ways in which the two governments and other stakeholders see cybersecurity issues – whether as a national security concern, a commercial danger or otherwise.
However, it is on issues like cybersecurity that the limits of leadership summits like Sunnylands come into sharp relief. This is because on cyber issues, interstate diplomacy on securing public and private networks is only possible when the international community is able to effectively accommodate the interests of the multitude of non-state actors that are cyberspace’s real gatekeepers and stakeholders.
Governments around the world are undoubtedly worried about the strategic ways in which theft of data might skew long-term economic power, as evident from the National Security Agency and Cybercom Chief, Keith Alexander’s recent statements, as well as artificially enhance some countries’ ability to project power and influence.
But governments themselves are not in full control of the mechanisms of security in cyberspace, and it is unrealistic to think that leaders might be able to commit to specific pathways for engagement without first laying down the domestic regulatory and institutional framework that will be necessary to ensure nationwide compliance.
Before high level negotiation can succeed, then, China and the U.S. will need to develop policies and procedures that empower the central governments in Beijing and Washington to implement any interstate agreement across the nation, from the military to private companies and beyond.
After all, networks and new technologies are, beyond a certain point, most often built and maintained without reference to strict schemas of architectural or linguistic design. This makes it difficult if not technically impossible to cater to the interests of all stakeholders of a national cybersecurity apparatus through legislation. This is especially the case given the current pace of technological innovation.
Thus, before leaders can agree on positions or actions between their nations, they will need to engage in a sustained and significant public-private dialogue at home. Ironically, given the relationship between public discourse and policymakers in democracies like the United States, this task is likely to be easier in China where the government has enormous influence over private and state-run businesses. Beijing is therefore undoubtedly better able to enforce compliance to agreements it makes with the U.S. and other states on cybersecurity.
The motivations of private actors further complicate international diplomacy on cybersecurity. Any effective international agreement will therefore need to create an effective regulatory system that can overcome the obvious motivations some private stakeholders have to defy legal requirements. This can be best done by convincing non-state actors that they will not be at a disadvantage by complying with international regulations, and in fact actually benefit from them.
In the end, leadership summits may open the door to larger agreements on a multitude of issues. On cybersecurity, however, the Cold War-style of summit diplomacy is a non-starter – at least before a proper roadmap and good institutional infrastructure is in place.
Christopher Whyte is a program assistant at Center for the National Interest and a WSD-Handa Fellow at CSIS Pacific Forum. He is also an analyst for the geostrategic analytic firm Wikistrat, Ltd.