Donilon, speaking at the annual FOSE government IT conference, warned that continued "cyber-enabled economic theft" on the part of the Chinese imperils the half a trillion-dollar economic relationship between the two superpowers.
"That needs to be a principal discussion between the United States and China," Donilon said. "You can't really have a $500 billion relationship — economic relationship— and have this kind of theft going on. And the rules of the road need to change with respect to that."
U.S. Digital Systems in Grave Danger
In assessing the cybersecurity environment, Donilon, who served as President Obama's top security aide until June 2013, starts with the basic premise that the intrusions into critical digital systems are grave, and that they are growing more intense and varied in origin.
"The principal dynamic is that the threats become more sophisticated and pervasive. As the world [leaves] more of its business life, personal life and its security online there are obviously increasing threats and increased responsibilities for the government, for companies, other organizations and individuals to act in a way to protect these networks," he said.
"On the landscape," he added, "I think it's important to separate it out by the threat."
Snowden Represent Another Type of Threat
In addition to groups that aim to infiltrate corporate networks to swipe trade secrets and intellectual property, Donilon points to garden-variety criminals engaging in fraud, lone-wolf and activist hackers, and rogue insiders such as former NSA contractor Edward Snowden as among the various threat vectors.
Taken together, the cyber threats amount to a public-policy challenge of the first order, one that demands greater cooperation among business and government, according to Donilon.
"I think that's the dynamic that we're going to be faced with. There's going to be more sources, more sophisticated, which means you need to have a multi-dimensional approach," he said.
Provisions to facilitate the sharing of information about emerging threats have been a hallmark of several of the bills addressing cybersecurity that have been introduced in Congress, but have not yet passed.
Donilon acknowledged that businesses, generally, have been improving their security posture, though those efforts have been uneven. And while the lines of communication have opened in recent years, many firms are still reluctant to share threat information with federal authorities or others in the private sector, in part out of fear of the potential legal repercussions.
"I think we are making some progress in that, but a lot more progress needs to be made, especially in terms of having best practices used more evenly across the landscape, and in terms of information sharing both among companies and other entities that run critical infrastructure and between the public and private sector, which I think is very important," he said.
Sign up for CIO Asia eNewsletters.