A top US intelligence official said he is skeptical that a new China-US cyber agreement would slow a growing torrent of cyber attacks on US computer networks, adding that his approach will be to “trust but verify”.
Director of National Intelligence James Clapper told the Senate Armed Services Committee on Tuesday that the agreement does not include specific penalties for violations but that the US government could use economic sanctions and other tools to respond if needed, Reuters reported.
Clapper and other officials said they viewed last week’s cyber agreement between China and the United States on curbing economic cyber espionage as a “good first step” but noted it was not clear how effective the pact would be.
President Barack Obama said on Friday that he has reached a “common understanding” with Chinese President Xi Jinping that neither government would knowingly support cyber theft of corporate secrets or business information.
Asked if he was optimistic the agreement would eliminate Chinese cyber attacks, Clapper said simply: “No.”
Clapper said he is skeptical because Chinese cyber espionage aimed at extracting US intellectual property is so pervasive, and there are questions about the extent to which it was orchestrated by the Chinese government.
He said the US should “trust but verify”, a reference to former President Ronald Reagan’s approach to nuclear disarmament with the former Soviet Union.
Clapper and other top US military officials said cyber threats are increasing in frequency, scale, sophistication and severity, and the US needs the same kind of deterrent capability in cyberspace that it maintains for nuclear weapons.
Attacks by countries such as Russia, China, Iran and North Korea, as well as non-state actors, will increase and likely grow more sophisticated in coming years, expanding to include manipulation of data, he said.
“Such malicious cyber activity will continue and probably accelerate until we establish and demonstrate the capability to deter malicious state-sponsored cyber activity,” he said.
Establishing a credible deterrent requires agreement on norms of cyber behavior by the international community, he said.
However, they said attributing a cyber attack was far more difficult than determining who launched a missile.
Clapper said the current environment was like “the Wild West” and the world needed to deal with the evolving threats.
– Contact us at [email protected]