Cyber Peace? The U.S and China Reach an ‘Understanding’

Uploaded on 2015-10-05 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

US President Barack Obama announced that he had reached an ‘understanding’ on cyber security with Chinese President Xi and that neither government would knowingly support the theft of corporate intellectual property and information.  By Jamie Collier

The prominence of cyber security in US-China relations demonstrates the political and strategic significance of an issue once relegated to IT help desks.

The talks highlight the on-going process of governments developing norms on acceptable rule of behaviour in the cyber domain. Most states broadly agree with a United Nations peacetime norm stating that attacks on states’ vitals services and critical national infrastructure are unacceptable. Conversely, traditional government-to government espionage is often tolerated. US-China discussions contained no promises to refrain from government-to-government spying for intelligence gathering purposes. This could possibly include the recent US Office for Personal Management (OPM) data breach that was believed to be of Chinese origin. Traditional government-to-government espionage is largely seen as fair game, where it is acknowledged that most states conduct espionage to some degree. Further, in the wake of Edward Snowden’s NSA revelations, the US would find it increasingly difficult to argue against other states doing so. 

Recent US-China discussions focused specifically on corporate espionage. The US has previously struggled to deter China (as well as other states) from engaging in this behaviour. Western states such as the US have tried to draw a line between intelligence gathering for national security purposes, largely seen as acceptable and corporate espionage, viewed as unacceptable.

This largely highlights broader political differences between the US and China. Within China, many businesses are owned and run by the state. This means the distinction between the two forms of espionage is less clear compared to in the US. Further, corporate espionage has a closer direct link to Chinese national interests. 

Recent US-China cyber attacks have also highlighted the difficulties faced by officials formulating state strategy in the cyber domain. The US has previously struggled to deter Chinese corporate espionage despite gradually escalating its response.  

Precedents of escalation are still being established in the cyber domain with the US gradually increasing its response to cyber attacks.  

Last year, the US government charged five Chinese military hackers for cyber espionage and earlier this year the US placed economic sanction on North Korea for its alleged role in the Sony data breach. In the run up to President Xi’s visit, the US appeared willing to use economic sanctions to deter further attacks and it seems a combination of this threat, along with diplomacy, has led to an agreement.

However, it remains to be seen if the agreement will lead to concrete curbing of attacks on US businesses. Further, with escalation precedents still being established, perhaps the more interesting question what America’s next move will be if attacks continue. 
 
Jamie Collier is completing  a Doctorate in Cyber Security at Oxford University

 

« Insiders Responsible for 43% of Data Breaches
Cyber Liability Insurance’s Data Problems »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.