Cyber Peace? The U.S and China Reach an ‘Understanding’

US President Barack Obama announced that he had reached an ‘understanding’ on cyber security with Chinese President Xi and that neither government would knowingly support the theft of corporate intellectual property and information.  By Jamie Collier

The prominence of cyber security in US-China relations demonstrates the political and strategic significance of an issue once relegated to IT help desks.

The talks highlight the on-going process of governments developing norms on acceptable rule of behaviour in the cyber domain. Most states broadly agree with a United Nations peacetime norm stating that attacks on states’ vitals services and critical national infrastructure are unacceptable. Conversely, traditional government-to government espionage is often tolerated. US-China discussions contained no promises to refrain from government-to-government spying for intelligence gathering purposes. This could possibly include the recent US Office for Personal Management (OPM) data breach that was believed to be of Chinese origin. Traditional government-to-government espionage is largely seen as fair game, where it is acknowledged that most states conduct espionage to some degree. Further, in the wake of Edward Snowden’s NSA revelations, the US would find it increasingly difficult to argue against other states doing so. 

Recent US-China discussions focused specifically on corporate espionage. The US has previously struggled to deter China (as well as other states) from engaging in this behaviour. Western states such as the US have tried to draw a line between intelligence gathering for national security purposes, largely seen as acceptable and corporate espionage, viewed as unacceptable.

This largely highlights broader political differences between the US and China. Within China, many businesses are owned and run by the state. This means the distinction between the two forms of espionage is less clear compared to in the US. Further, corporate espionage has a closer direct link to Chinese national interests. 

Recent US-China cyber attacks have also highlighted the difficulties faced by officials formulating state strategy in the cyber domain. The US has previously struggled to deter Chinese corporate espionage despite gradually escalating its response.  

Precedents of escalation are still being established in the cyber domain with the US gradually increasing its response to cyber attacks.  

Last year, the US government charged five Chinese military hackers for cyber espionage and earlier this year the US placed economic sanction on North Korea for its alleged role in the Sony data breach. In the run up to President Xi’s visit, the US appeared willing to use economic sanctions to deter further attacks and it seems a combination of this threat, along with diplomacy, has led to an agreement.

However, it remains to be seen if the agreement will lead to concrete curbing of attacks on US businesses. Further, with escalation precedents still being established, perhaps the more interesting question what America’s next move will be if attacks continue. 
 
Jamie Collier is completing  a Doctorate in Cyber Security at Oxford University

 

« Insiders Responsible for 43% of Data Breaches
Cyber Liability Insurance’s Data Problems »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Bsquare

Bsquare

Bsquare DataV software and engineering services help enterprises implement business-focused Internet of Things systems.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.