Cybersecurity

NSA official: China violating agreement on cyber economic espionage

by Jacqueline Thomsen 11/08/18 04:45 PM ET

Senior National Security Agency official Rob Joyce said Thursday that he believes China is violating a 2015 agreement with the U.S. to end cyber economic espionage.

Then-President Obama and Chinese President Xi Jinping reached a deal at the time to stop conducting cyber-enabled intellectual property theft. However, Joyce said at the Aspen Institute’s Cyber Summit on Thursday that it “is clear they are well beyond the bounds of the agreement today that was forged between our two countries.”

{mosads}Joyce, who served in the chief cybersecurity position in the White House before returning to the NSA in April, said he didn’t think reaching the agreement instead of imposing such sanctions against China at the time was a bad idea, noting that it had “a marked effect on how the Chinese were behaving.”

But Joyce didn’t rule out the U.S. hitting China with sanctions now, adding that he didn’t “think the moment’s passed.”

“Certainly sanctions are things we’ve used in context of cyber malfeasance, and we’ll continue to use that along with other capabilities,” Joyce said.

Joyce’s comments come shortly after the Trump administration announced a crackdown on Chinese economic espionage. The Justice Department last month unveiled charges against a Chinese state-owned company, a Taiwanese company and three Taiwanese nationals for alleged economic espionage for the Chinese government.

Then-Attorney General Jeff Sessions said at the time that the Chinese actions pose “a real and illegal threat to our nation’s economic prosperity and competitiveness.”

Joyce also said at the event Thursday that while it’s “concerning” that Chinese actors have been discovered probing U.S. critical infrastructure, like the power grid, for possible vulnerabilities to exploit, they haven’t “transitioned onto the operational technology,” which is where, he said, “they really need to be.”

Joyce added that such moves by the Chinese on critical infrastructure aren’t a deterrent for the U.S. to stop taking actions against those actors, whether in the form of offensive cyber operations or otherwise.

“When we have to go and testify on the Hill about the current state of cyber threats and what we’re doing about it and where it’s going,” Joyce said, “[lawmakers] don’t look at intrusions by other nations and ask us, ‘hey, are you going to dial back the cyber programs in the U.S. government because there’s a threat or somebody could hold us at risk?'”

“In fact, usually there’s table pounding, saying, why aren’t you doing more or could you do more or what do we need to do,” he said.