President Trump’s erratic style and free-form diplomacy have U.S. cybersecurity experts concerned that he might undermine an Obama-era deal with Beijing that sharply curbed widespread Chinese cyberthefts for economic gain and unleash a new flood of hacks against U.S. companies.
As Trump prepares to host Chinese President Xi Jinping at his Florida resort Thursday, Trump’s demands that Beijing provide more trade concessions and do more to restrain North Korea could prompt Xi to use other points of leverage, including Beijing’s control of a far-reaching network of sophisticated hackers.
For years, according to U.S. officials, Chinese-backed hackers repeatedly looted valuable intellectual property and other business secrets from U.S. manufacturers, drugmakers, financial institutions and other companies, often with the assistance or tacit approval of the Chinese government or military.
But a late night negotiation involving U.S. and Chinese officials in a Washington hotel in September 2015, days before Xi was due in Washington for his first state visit, produced an accord with Beijing — the exact details of which remain secret — not to sponsor cyberattacks on U.S. corporations for commercial gain.
Chinese officials capitulated because they were afraid President Obama would impose economic sanctions against Chinese firms that benefited from the hacking, a move that would taint Xi’s high-profile visit, according to two former U.S. officials who participated in the talks who were not authorized to speak publicly.
Although Chinese espionage against the Pentagon and other U.S. government targets has continued, Chinese hacks against U.S. companies have dropped by more than 90% in the past year and a half, Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, said in an interview.
The dramatic drop in Chinese digital thefts of U.S. business secrets has eased a major point of tension between Washington and Beijing.
But other major foreign policy disputes remain, including U.S. concerns about China’s military buildup on disputed shoals in the resource-rich South China Sea and Chinese displeasure at Trump’s pre-inauguration phone call with the president of Taiwan, which Beijing considers a breakaway province.
Some experts now worry that China could ramp up corporate hacking again like turning on a tap if Trump’s first meeting with Xi goes badly.
“If the relationship goes very sour because of either trade issues or the South China Sea or Taiwan or something like that, the hacking would be an easy way for the Chinese to express their displeasure,” said Adam Segal, an expert on China at the nonpartisan Council on Foreign Relations.
The Trump administration’s relations with China have been “rocky,” Segal said. “It seems to have gone through a lot of swings in a very short time period.”
Several weeks before he took office, Trump infuriated China’s government when he publicly questioned the “one China” policy, which acknowledges Beijing’s position on its borders and sovereignty, a mainstay of U.S. foreign policy since the 1970s.
As a candidate, Trump accused China of deliberately devaluing its currency, stealing American jobs and dumping steel and other products into U.S. markets at artificially low prices. He threatened to impose a 45% tariff on Chinese imports.
During his confirmation hearing, Secretary of State Rex Tillerson raised the stakes by appearing to threaten a U.S. blockade to keep China away from the man-made islands it claims in the South China Sea.
But in recent weeks, the administration has shifted course. The White House put out a statement accepting the “one China” policy. Tillerson met with Xi in Beijing and both men came out promising to improve relations in what they termed “win-win cooperation.”
Summits between U.S. and Chinese leaders are normally carefully scripted in advance. But with Trump’s unconventional diplomacy — and significant disagreements on trade, North Korea and climate change, among other issues — Xi’s visit this week could create unexpected fallout — especially on cyber.
Chinese digital theft of U.S. intellectual property was high on the agenda at Obama’s two-day meeting with Xi at the Sunnylands estate in Rancho Mirage in June 2013, and the two governments agreed to negotiate what Obama called “common approaches” for cybersecurity.
After signing a bilateral cyberdeal in September 2015, China made similar pacts with several other nations, including the United Kingdom.
Some experts said Xi agreed because he wanted to crack down on Chinese military officials who were using state-sponsored hacking to enrich themselves and cronies, as well as to bring the network of China’s cyberforce under tighter government control.
Xi recently oversaw a massive reorganization of the People’s Liberation Army, removed a number of military leaders suspected of corruption and disloyalty, and consolidated military cyberforces.
But the bilateral agreements are “fragile,” Robert Silvers, a former top cybersecurity official at the Department of Homeland Security, said in an interview. “If China feels cornered in other aspects, they may decide to revisit their calculation about reducing hacking.”
Those earlier hacks were significant. In 2014, U.S. prosecutors charged five People’s Liberation Army officers with stealing trade secrets, and the indictments revealed the Chinese government’s hand in hacking into U.S. Steel computers during trade disputes as well as the theft of proprietary plans from Westinghouse power plants and manufacturing metrics for solar panels and other products.
It was the first time the U.S. government had publicly blamed Beijing, Silvers said.
“China got very, very upset, reacted poorly and denied it all,” Silvers said. Bilateral discussions about cybersecurity “iced over.”
Then, in June 2015, U.S. officials said Chinese hackers had stolen a vast database of background security investigations from the U.S. Office of Personnel Management. The digital theft compromised sensitive personal, financial and biometric data of more than 22 million current and former federal employees.
After news reports said the White House was considering retaliating by imposing sanctions weeks before Xi’s state visit, Beijing quickly sent Meng Jianzhu, who oversees all Chinese domestic security agencies, to Washington.
Meng carried a message from Xi: China was willing stop using state resources to steal U.S. business secrets. But on Sept. 11, the night before Meng was scheduled to return to Beijing, the details had still not been finalized.
Hoping to hammer out a deal, a group of junior Chinese officials rushed to the Eisenhower Executive Office Building on the White House grounds at 9 p.m. to meet with Obama administration officials. But a snag at the Secret Service gatehouse prevented the Chinese delegation from entering the building.
They met instead at the Marriott Wardman Park hotel in a leafy neighborhood near the Smithsonian’s National Zoo. Working until 3 a.m., about two dozen U.S and Chinese officials and interpreters passed terms of a deal back and forth over bottles of water and hard candies.
The U.S. side wanted Xi to publicly acknowledge that China would not help companies steal intellectual property, a request that nearly derailed the deal since China had always denied stealing U.S. secrets.
In the end, Beijing agreed. Speaking to businessmen in Seattle before the summit, Xi pledged that China would not conduct economic espionage in cyberspace. The U.S. side said privately that it would not pursue sanctions.
Since then, the two governments have set up a “hotline” for emergency communications in case of a potentially catastrophic series of hacks. And senior officials have met every six months to discuss cooperation on improving cybersecurity and blocking cybercrime.
Last December, then-Atty. Gen. Loretta Lynch and Homeland Security Secretary Jeh Johnson met with China’s Minister of State Guo Shengkun in Washington. The next meeting is set for June in Beijing, but it is unclear if the Trump administration plans to continue the dialogue.