No US Cyber Peace Agreement with China.

Barack-Obama-and-Xi-Jinpi-012.jpg?w=620&q=85&auto=format&sharp=10&s=9a4a20ffa294ebb14516f600950ee475

Barack Obama and Xi Jinping shake hands.

The issue of the Chinese regime sponsoring hackers to rob American companies in order to feed the Chinese economy is now reaching a boiling point.

During remarks at the Sept. 16 Business Roundtable, a quarterly meeting of top CEOs, President Barack Obama gave a terse warning of where the Chinese cyberattacks could lead. “Although the Chinese and Russians are close, we are the best at this, and if we wanted to go on the offense, a lot of countries would have some significant problems,” Obama said recently.

During his visit to Washington, DC, Chinese President Xi Jinping is expected to sign an historic “cyber arms agreement” with the United States, under which each would agree to adhere to UN’s established norms of online behavior, the most important of which was not to attack the other’s infrastructure during peacetime. But in a conference call with reporters, an Obama administration spokesman scaled back expectations for that agreement, considerably. 

The United States and China are apparently negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other’s critical infrastructure during peacetime, according to officials involved in the talks.

While such an agreement could address attacks on power stations, banking systems, cellphone networks and hospitals, it would not, at least in its first version, protect against most of the attacks that China has been accused of conducting in the United States, including the widespread poaching of intellectual property and the theft of millions of government employees’ personal data.

The negotiations have been conducted with urgency in recent weeks, with a goal to announce an agreement when President Xi Jinping of China arrives in Washington for a state visit on Thursday. President Obama hinted at the negotiations, when he told the Business Roundtable that the rising number of cyberattacks would “probably be one of the biggest topics” of the summit meeting, and that his goal was to see “if we and the Chinese are able to coalesce around a process for negotiations” that would ultimately “bring a lot of other countries along.”

But a senior administration official involved in the discussions cautioned that an initial statement between Mr. Obama and Mr. Xi may not contain “a specific, detailed mention” of a prohibition on attacking critical infrastructure. Rather, it would be a more “generic embrace” of a code of conduct adopted recently by a working group at the United Nations.
“I don’t want to suggest that, you know, we’ve reached an arms control agreement here,” said Ben Rhodes, the White House deputy national security advisor for strategic communications. The sentiment was seconded by Dan Kritenbrink the senior director for Asian affairs at the National Security Council, “I would be reluctant to raise expectations about an agreement along the lines of what you just described,” he said. “That would be a long-term goal. We’re a long ways from getting there.”

That’s fine and good since any such agreement was purely “symbolic” in its value, wrote James Andrew Lewis, the director of the Technology and Public Policy Program at the Center for Strategic and International Studies. Neither “China nor the United States intends to attack the other’s critical infrastructure in peacetime,” he wrote in an op-ed on the CSIS site.
The agreement would have been nearly impossible to verify anyway, Harvard Law School professor Jack Goldsmith argued at Lawfare. . Unlike planes and aircraft carriers, offensive cyber capabilities are developed in secret, with carefully hidden budgets.

Even the symbolic value of the deal was limited; the US wouldn’t have committed to much that it hasn’t already. Adm. Michael Rogers, the head of US Cyber Command, the outfit charged with creating cyber offensive capabilities, has publically said that United States would follow the rules of war in using offensive cyber weapons. “Remember, anything we do in the cyber arena … must follow the law of conflict. Our response must be proportional, must be in line with the broader set of norms that we’ve created over time. I don’t expect cyber to be any different,” he said in April.

At least one analyst doubted that the sides might even have been able to agree on the scope of its core issue. Shannon Tiezzi, writing for The Diplomat, wrote that “such a deal is unlikely to actually spell out a definition of what constitutes ‘critical infrastructure.’ That lack of clarity also plagued a 2015 report from the United Nations Group of Governmental Experts on Information Security (GGE), which included a list of “norm, rules, and principles’ for state behavior in cyberspace.”
In many ways, “critical infrastructure” remains a catch-all for everything from water treatment plants to banks to manufacturing. And potential attacks on it have preoccupied Washington since then-Defense Secretary Leon Panetta first uttered “cyber Pearl Harbor.”

To date, China appeared to have no history of staging such attacks. Indeed, the most famous cyber-physical infrastructure hack remains the Stuxnet attack on Iran’s Natanz nuclear facility, widely attributed to but never claimed by the United States.

Drama aside, the fact that the White House and Beijing are a “long way” from even a symbolic agreement not to hack each other’s infrastructure says a lot about the distance between the two sides on basic language for what is and what is not normal online behavior. 

The Chinese have been involved in diplomatic relations for 5,000 years. The US has only existed for less than 250 years. Guess which nation has the advantage here. Any announcement that does not include “starting today, no Chinese cargo ship will be allowed in any US port,” or something of similar magnitude, will be seen by the Chinese as confirmation of our idiocy. 
If this sounds extreme, then wake up. We are at war.

Digital Trends: http://bit.ly/1O0K7UK
DefenseOne: http://bit.ly/1jkRREe
NYT:  http://nyti.ms/1QrCRyN

 

« Cyberspace: The New Frontier in Warfare
Snowden Wants Global Push to Expand Digital Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Xperience

Xperience

Xperience solves our clients’ toughest challenges by delivering business efficiency through digital transformation solutions across cloud, managed IT, CRM and ERP.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.