The road President Obama and Chinese President Xi Jinping are headed down to set up what Obama called an “architecture to govern behavior in cyberspace that is enforceable and clear” is perhaps impossible to achieve, experts tell the New York Times. Cyberweapons are impossible to count. They can be reproduced with a few flicks of the keyboard, and they are easy to hide: It took U.S. investigators more than a year to figure out that the security records of 22 million federal employees and contractors were being stolen by Chinese actors. “Patriotic hackers,” criminal groups, terrorists and even teenagers all have access to the arsenal.
What the presidents are inching toward could be described as rules of the road, aimed at first stopping cybercrime, the one area both leaders could agree upon. The agreement does not address the nightmare scenario: a conflict in which a cyberattack on a U.S. company or the Pentagon results in retaliation and escalation. While the leaders vowed to establish a “hotline” for cyberattacks, it would likely ring in Washington at the Department of Homeland Security or the Justice Department. not at the White House or United States Cyber Command. Still, there was progress. Never before had China agreed with Obama's premise that the theft of intellectual property for commercial gain was off limits. “This is significant,” said James Lewis of the Center for Strategic and International Studies. “And it is measurable: We can count the number of commercial espionage cases.”