Cyber Peace? The U.S and China Reach an ‘Understanding’

Uploaded on 2015-10-05 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News

ap_obama_xi_lb_150925_12x5_1600.jpg

President Barack Obama and Chinese President Xi Jinping 

US President Barack Obama announced that he had reached an ‘understanding’ on cyber security with Chinese President Xi and that neither government would knowingly support the theft of corporate intellectual property and information.  By Jamie Collier

The prominence of cyber security in US-China relations demonstrates the political and strategic significance of an issue once relegated to IT help desks.

The talks highlight the on-going process of governments developing norms on acceptable rule of behaviour in the cyber domain. Most states broadly agree with a United Nations peacetime norm stating that attacks on states’ vitals services and critical national infrastructure are unacceptable. Conversely, traditional government-to government espionage is often tolerated. US-China discussions contained no promises to refrain from government-to-government spying for intelligence gathering purposes. This could possibly include the recent US Office for Personal Management (OPM) data breach that was believed to be of Chinese origin. Traditional government-to-government espionage is largely seen as fair game, where it is acknowledged that most states conduct espionage to some degree. Further, in the wake of Edward Snowden’s NSA revelations, the US would find it increasingly difficult to argue against other states doing so. 

Recent US-China discussions focused specifically on corporate espionage. The US has previously struggled to deter China (as well as other states) from engaging in this behaviour. Western states such as the US have tried to draw a line between intelligence gathering for national security purposes, largely seen as acceptable and corporate espionage, viewed as unacceptable. This largely highlights broader political differences between the US and China. Within China, many businesses are owned and run by the state. This means the distinction between the two forms of espionage is less clear compared to in the US. Further, corporate espionage has a closer direct link to Chinese national interests. 

Recent US-China cyber attacks have also highlighted the difficulties faced by officials formulating state strategy in the cyber domain. The US has previously struggled to deter Chinese corporate espionage despite gradually escalating its response.  Precedents of escalation are still being established in the cyber domain with the US gradually increasing its response to cyber attacks.  Last year, the US government charged five Chinese military hackers for cyber espionage and earlier this year the US placed economic sanction on North Korea for its alleged role in the Sony data breach. In the run up to President Xi’s visit, the US appeared willing to use economic sanctions to deter further attacks and it seems a combination of this threat, along with diplomacy, has led to an agreement. However, it remains to be seen if the agreement will lead to concrete curbing of attacks on US businesses. Further, with escalation precedents still being established, perhaps the more interesting question what America’s next move will be if attacks continue. 
 
Jamie Collier is completing  a Doctorate in Cyber Security at Oxford University

 

« Insiders Responsible for 43% of Data Breaches
Cyber Liability Insurance’s Data Problems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Arctic Wolf Networks

Arctic Wolf Networks

Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service that redefines the economics of cybersecurity.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.