File photo of US President Barack Obama and Chinese President Xi Jinping (AFP)
Washington:
The top US intelligence official on Tuesday said he was sceptical that a new cyber US-China cyber agreement would slow a growing torrent of cyber-attacks on US computer networks, and said his approach will be to "trust but verify."
Director of National Intelligence James Clapper told the Senate Armed Services Committee the agreement did not include specific penalties for violations, but the US government could use economic sanctions and other tools to respond if needed.
Clapper and other officials said they viewed last week's cyber agreement between China and the United States on curb economic cyber espionage as a "good first step," but that it was unclear how effective the pact would be.
President Barack Obama on Friday said that he had reached a "common understanding" with China's President Xi Jinping that neither government would knowingly support cyber theft of corporate secrets or business information.
Asked if he was optimistic the agreement would eliminate Chinese cyber-attacks, Clapper said simply, "No."
Clapper said he was sceptical because Chinese cyber espionage aimed at extracting US intellectual property was so pervasive, and there were questions about the extent to which it was orchestrated by the Chinese government.
He said the US should "trust but verify," a reference to former President Ronald Reagan's approach to nuclear disarmament with the former Soviet Union, Clapper and other top US military officials said cyber threats were increasing in frequency, scale, sophistication and severity, and the United States needed the same kind of deterrent capability in cyberspace that it maintains for nuclear weapons.
Attacks by countries such as Russia, China, Iran and North Korea, as well as non-state actors, would increase and likely grow more sophisticated in coming years, expanding to include manipulation of data, he said.
"Such malicious cyber activity will continue and probably accelerate until we establish and demonstrate the capability to deter malicious state-sponsored cyber activity," he said.
Establishing a credible deterrent requires agreement on norms of cyber behaviour by the international community, he said.
However, they said attributing a cyber-attack was far more difficult than determining who launched a missile.
Clapper said the current environment was like "the Wild West," and the world needed to deal with the evolving threats.
One key question, he said, was whether to limit spying activity, such as the incident that compromised personal data of 21 million individuals in a database maintained by the Office Of Personnel Management.
Deputy Defence Secretary Robert Work told the committee that the US response would be "vigorous" if another incident on the scale of the OPM breach was firmly linked to China. He said the Pentagon was finalising a broad cyber warfare policy that was supposed to be shared with Congress over a year ago.
He said the response could involve a variety of tools, including economic sanctions and criminal indictments, as well as potential use of offensive cyber weapons.
US officials have linked the OPM breach to China, but have not said whether they believe the government is responsible.
Clapper said no definite statement had been made about the origin of the OPM hack since officials were not fully confident about the three types of evidence were needed link an attack to a given country: the geographic point of origin, the identity of the "actual perpetrator doing the keystrokes," and who was responsible for directing the act.
Director of National Intelligence James Clapper told the Senate Armed Services Committee the agreement did not include specific penalties for violations, but the US government could use economic sanctions and other tools to respond if needed.
Clapper and other officials said they viewed last week's cyber agreement between China and the United States on curb economic cyber espionage as a "good first step," but that it was unclear how effective the pact would be.
President Barack Obama on Friday said that he had reached a "common understanding" with China's President Xi Jinping that neither government would knowingly support cyber theft of corporate secrets or business information.
Asked if he was optimistic the agreement would eliminate Chinese cyber-attacks, Clapper said simply, "No."
Clapper said he was sceptical because Chinese cyber espionage aimed at extracting US intellectual property was so pervasive, and there were questions about the extent to which it was orchestrated by the Chinese government.
He said the US should "trust but verify," a reference to former President Ronald Reagan's approach to nuclear disarmament with the former Soviet Union, Clapper and other top US military officials said cyber threats were increasing in frequency, scale, sophistication and severity, and the United States needed the same kind of deterrent capability in cyberspace that it maintains for nuclear weapons.
Attacks by countries such as Russia, China, Iran and North Korea, as well as non-state actors, would increase and likely grow more sophisticated in coming years, expanding to include manipulation of data, he said.
"Such malicious cyber activity will continue and probably accelerate until we establish and demonstrate the capability to deter malicious state-sponsored cyber activity," he said.
Establishing a credible deterrent requires agreement on norms of cyber behaviour by the international community, he said.
However, they said attributing a cyber-attack was far more difficult than determining who launched a missile.
Clapper said the current environment was like "the Wild West," and the world needed to deal with the evolving threats.
One key question, he said, was whether to limit spying activity, such as the incident that compromised personal data of 21 million individuals in a database maintained by the Office Of Personnel Management.
Deputy Defence Secretary Robert Work told the committee that the US response would be "vigorous" if another incident on the scale of the OPM breach was firmly linked to China. He said the Pentagon was finalising a broad cyber warfare policy that was supposed to be shared with Congress over a year ago.
He said the response could involve a variety of tools, including economic sanctions and criminal indictments, as well as potential use of offensive cyber weapons.
US officials have linked the OPM breach to China, but have not said whether they believe the government is responsible.
Clapper said no definite statement had been made about the origin of the OPM hack since officials were not fully confident about the three types of evidence were needed link an attack to a given country: the geographic point of origin, the identity of the "actual perpetrator doing the keystrokes," and who was responsible for directing the act.
© Thomson Reuters 2015
Track Latest News Live on NDTV.com and get news updates from India and around the world
