Cyber Peace? The U.S and China Reach an ‘Understanding’

Uploaded on 2015-10-05 in INTELLIGENCE--USA, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News

ap_obama_xi_lb_150925_12x5_1600.jpg

President Barack Obama and Chinese President Xi Jinping 

US President Barack Obama announced that he had reached an ‘understanding’ on cyber security with Chinese President Xi and that neither government would knowingly support the theft of corporate intellectual property and information.  By Jamie Collier

The prominence of cyber security in US-China relations demonstrates the political and strategic significance of an issue once relegated to IT help desks.

The talks highlight the on-going process of governments developing norms on acceptable rule of behaviour in the cyber domain. Most states broadly agree with a United Nations peacetime norm stating that attacks on states’ vitals services and critical national infrastructure are unacceptable. Conversely, traditional government-to government espionage is often tolerated. US-China discussions contained no promises to refrain from government-to-government spying for intelligence gathering purposes. This could possibly include the recent US Office for Personal Management (OPM) data breach that was believed to be of Chinese origin. Traditional government-to-government espionage is largely seen as fair game, where it is acknowledged that most states conduct espionage to some degree. Further, in the wake of Edward Snowden’s NSA revelations, the US would find it increasingly difficult to argue against other states doing so. 

Recent US-China discussions focused specifically on corporate espionage. The US has previously struggled to deter China (as well as other states) from engaging in this behaviour. Western states such as the US have tried to draw a line between intelligence gathering for national security purposes, largely seen as acceptable and corporate espionage, viewed as unacceptable. This largely highlights broader political differences between the US and China. Within China, many businesses are owned and run by the state. This means the distinction between the two forms of espionage is less clear compared to in the US. Further, corporate espionage has a closer direct link to Chinese national interests. 

Recent US-China cyber attacks have also highlighted the difficulties faced by officials formulating state strategy in the cyber domain. The US has previously struggled to deter Chinese corporate espionage despite gradually escalating its response.  Precedents of escalation are still being established in the cyber domain with the US gradually increasing its response to cyber attacks.  Last year, the US government charged five Chinese military hackers for cyber espionage and earlier this year the US placed economic sanction on North Korea for its alleged role in the Sony data breach. In the run up to President Xi’s visit, the US appeared willing to use economic sanctions to deter further attacks and it seems a combination of this threat, along with diplomacy, has led to an agreement. However, it remains to be seen if the agreement will lead to concrete curbing of attacks on US businesses. Further, with escalation precedents still being established, perhaps the more interesting question what America’s next move will be if attacks continue. 
 
Jamie Collier is completing  a Doctorate in Cyber Security at Oxford University

 

« Insiders Responsible for 43% of Data Breaches
Cyber Liability Insurance’s Data Problems »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

National Security Agency (NSA)

National Security Agency (NSA)

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

National Cybersecurity and Communications Integration Center (NCCIC)

National Cybersecurity and Communications Integration Center (NCCIC)

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Totalsec

Totalsec

Totalsec is a Grupo Salinas company with a team of professionals in cybersecurity and information security providing Security Consulting, Solutions Integration, and Managed Security Services.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.