Cyber Peace? The U.S and China Reach an ‘Understanding’

US President Barack Obama announced that he had reached an ‘understanding’ on cyber security with Chinese President Xi and that neither government would knowingly support the theft of corporate intellectual property and information.  By Jamie Collier

The prominence of cyber security in US-China relations demonstrates the political and strategic significance of an issue once relegated to IT help desks.

The talks highlight the on-going process of governments developing norms on acceptable rule of behaviour in the cyber domain. Most states broadly agree with a United Nations peacetime norm stating that attacks on states’ vitals services and critical national infrastructure are unacceptable. Conversely, traditional government-to government espionage is often tolerated. US-China discussions contained no promises to refrain from government-to-government spying for intelligence gathering purposes. This could possibly include the recent US Office for Personal Management (OPM) data breach that was believed to be of Chinese origin. Traditional government-to-government espionage is largely seen as fair game, where it is acknowledged that most states conduct espionage to some degree. Further, in the wake of Edward Snowden’s NSA revelations, the US would find it increasingly difficult to argue against other states doing so. 

Recent US-China discussions focused specifically on corporate espionage. The US has previously struggled to deter China (as well as other states) from engaging in this behaviour. Western states such as the US have tried to draw a line between intelligence gathering for national security purposes, largely seen as acceptable and corporate espionage, viewed as unacceptable.

This largely highlights broader political differences between the US and China. Within China, many businesses are owned and run by the state. This means the distinction between the two forms of espionage is less clear compared to in the US. Further, corporate espionage has a closer direct link to Chinese national interests. 

Recent US-China cyber attacks have also highlighted the difficulties faced by officials formulating state strategy in the cyber domain. The US has previously struggled to deter Chinese corporate espionage despite gradually escalating its response.  

Precedents of escalation are still being established in the cyber domain with the US gradually increasing its response to cyber attacks.  

Last year, the US government charged five Chinese military hackers for cyber espionage and earlier this year the US placed economic sanction on North Korea for its alleged role in the Sony data breach. In the run up to President Xi’s visit, the US appeared willing to use economic sanctions to deter further attacks and it seems a combination of this threat, along with diplomacy, has led to an agreement.

However, it remains to be seen if the agreement will lead to concrete curbing of attacks on US businesses. Further, with escalation precedents still being established, perhaps the more interesting question what America’s next move will be if attacks continue. 
 
Jamie Collier is completing  a Doctorate in Cyber Security at Oxford University

 

« Insiders Responsible for 43% of Data Breaches
Cyber Liability Insurance’s Data Problems »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

Securonix

Securonix

Securonix delivers a next generation security analytics and operations management platform for the modern era of big data and advanced cyber threats.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.