WASHINGTON • The United States and China are negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyber weapons to cripple the other's critical infrastructure during peacetime, according to officials involved in the talks.
While such an agreement could address attacks on power stations, banking systems, cellphone networks and hospitals, it would not, at least in its first version, protect against most of the attacks China has been accused of conducting in the US, including the widespread poaching of intellectual property and the theft of millions of government employees' personal data.
The negotiations have been conducted with urgency in recent weeks, with a goal to announce an agreement when President Xi Jinping of China arrives in Washington for a state visit on Thursday.
President Barack Obama hinted at the negotiations last Wednesday, when he told US business leaders at a Business Roundtable meeting that the rising number of cyber attacks would "probably be one of the biggest topics" of the summit meeting, and that his goal was to see "if we and the Chinese are able to coalesce around a process for negotiations" that would ultimately "bring a lot of other countries along".
But a senior administration official involved in the discussions cautioned that an initial statement between Mr Obama and Mr Xi may not contain "a specific, detailed mention" of a prohibition on attacking critical infrastructure.
Rather, it would be a more "generic embrace" of a code of conduct adopted recently by a working group at the United Nations.
CYBER AS DESTRUCTIVE FORCE
It would be the first time that cyber is treated as a military capability that needs to be governed as nuclear, chemical and biological weapons are.
MR VIKRAM SINGH, a former Pentagon and State Department official who is now vice- president for international security at the Centre for American Progress, on the talks
One of the key items in the UN document on principles for cyberspace is that no state should allow activity "that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public".
The goal of the US negotiators is to have Chinese leaders embrace the principles of the UN code of conduct in a bilateral agreement with Washington.
It seems unlikely that any deal coming out of the talks would directly address the most urgent problems with cyber attacks of Chinese origin, according to officials who spoke on the condition of anonymity to describe the continuing negotiations.
The agreement being negotiated would also not appear to cover the use of tools to steal intellectual property, as the Chinese military does often to bolster state-owned industries, according to an indictment of five officers of the People's Liberation Army last year.
Still, any deal to limit cyber attacks in peacetime would be a start.
"It would be the first time that cyber is treated as a military capability that needs to be governed as nuclear, chemical and biological weapons are," said Mr Vikram Singh, a former Pentagon and State Department official who is now vice-president for international security at the Centre for American Progress.
Within the Obama administration, the effort to design "a set of norms of behaviour" to limit cyber attacks has been compared to president John F. Kennedy's first major nuclear treaty with the Soviet Union in 1963, which banned atmospheric nuclear tests.
That accord did not stop the development of nuclear weapons or even halt underground tests, which continued for decades.
But it was a first effort to prevent an environmental disaster, just as this would be a first effort by the world's two biggest economic powers to prevent the most catastrophic use of cyber weapons.
THE NEW YORK TIMES