Cybersecurity pact with China is a victory for the U.S.

Deal takes steps to limit cyber threats to U.S. companies and sets standard for talks between nations worldwide

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Last month, Pres­i­dent Oba­ma and Chi­nese Pres­i­dent Xi Jin­ping announced a mile­stone cyber­se­cu­ri­ty agree­ment.

Both super­pow­ers agreed not to steal or enable the theft of intel­lec­tu­al prop­er­ty or oth­er com­mer­cial trade secrets from each other.

Notably, the pact does not cov­er gov­ern­ment-to-gov­ern­ment cyber spying—such as the recent expo­sure of detailed back­ground records for 21 mil­lion for­mer and cur­rent U.S. employ­ees that result­ed from a mas­sive hack of the Office of Per­son­nel Man­age­ment, blamed on China.

More: How Chi­nese mil­i­tary tac­tics were used to hack a U.S. retailer

The agree­ment estab­lish­es for­mal chan­nels by which U.S. law enforce­ment offi­cials can request real inves­ti­ga­tions of alleged com­mer­cial hack­ing capers from their Chi­nese coun­ter­parts. That includes a “red-phone” the White House can use to reg­is­ter com­plaints with the Chi­nese gov­ern­ment at a Cab­i­net level.

Third­Cer­tain­ty asked Bri­an Hunt­ley and Eduard Good­man, Infor­ma­tion Secu­ri­ty Offi­cer and Chief Pri­va­cy Offi­cer, respec­tive­ly, at IDT911 to out­line the go-for­ward ram­i­fi­ca­tions. IDT911 spon­sors ThirdCertainty.

3C: What’s note­wor­thy about this his­tor­i­cal cyber­se­cu­ri­ty agree­ment between the U.S. and China?

Brian Huntley, IDT911 Information Security Officer
Bri­an Hunt­ley, IDT911 Infor­ma­tion Secu­ri­ty Officer

Hunt­ley: It’s note­wor­thy that these two cyber espi­onage super­pow­ers were so overt about the agreement’s nego­ti­a­tion and exe­cu­tion. This agreement’s inter­na­tion­al promi­nence may influ­ence glob­al cyber­se­cu­ri­ty affairs. It could be the base­line bench­marked by oth­er inter­na­tion­al pow­ers seek­ing sim­i­lar bilat­er­al con­trol agreements.

I can remem­ber (Pres­i­dent) Nixon’s and (Hen­ry) Kissinger’s first out­reach to Chi­na, which laid the ini­tial ground­work for the polit­i­cal atmos­phere this agree­ment is built on. This affirms that U.S. for­eign pol­i­cy has done good in the world.

Good­man: While the theft of intel­lec­tu­al prop­er­ty from a tech­nol­o­gy per­spec­tive has been dis­cussed for decades now, the cyber­se­cu­ri­ty angle is now an impor­tant one for both countries.

I liken this to the ini­ti­a­tion of talks between the U.S. and Sovi­et Union around nuclear dis­ar­ma­ment. Those dis­cus­sions began in the late 1960s and cul­mi­nat­ed in the SALT I treaty, which start­ed a con­tin­u­ing and ongo­ing dis­cus­sion with the Rus­sians on the sub­ject for over four decades.

3C: The back­drop remains com­plex and ten­u­ous. What’s like­ly to hap­pen next?

Eduard Goodman, IDT911 chief privacy officer
Eduard Good­man, IDT911 chief pri­va­cy officer

Good­man: This is real­ly about start­ing a dia­logue. Past events point to a high lev­el of cer­tain­ty that a num­ber of recent hacks, includ­ing the U.S. Office of Per­son­nel Man­age­ment breach, orig­i­nat­ed in Chi­na, and may have been state-con­doned, if not state-spon­sored. So this is real­ly a start­ing point to build coop­er­a­tion in order to build trust.

Hunt­ley: Both the U.S and Chi­na will need to expand and enhance their glob­al trade dis­pute man­age­ment and arbi­tra­tion capa­bil­i­ties. This is nec­es­sary in order to cope with case-man­age­ment sce­nar­ios cov­ered in the agreement.

3C: What’s the big take­away for U.S. com­pa­nies and organizations?

Hunt­ley: Orga­ni­za­tions with sig­nif­i­cant indus­tri­al con­trol sys­tem (ICS) pres­ence in their oper­a­tions should breathe slight­ly eas­i­er. It should now be clear­er where in the morass of mul­ti­ple U.S. fed­er­al juris­dic­tions they can, and should, first turn for assis­tance with cyber espi­onage management.

The ICS com­mu­ni­ty now has more incen­tive to sur­face cyber espi­onage attacks at the fed­er­al lev­el, as the result of the com­mer­cial relief they may be able to cap­ture under this treaty. This last cre­ates a win-win for the ICS com­pa­nies and the fed­er­al government.

Good­man: The chal­lenge with cyber­se­cu­ri­ty is that, unlike build­ing an ICBM with a nuclear war­head, hack­ing can be car­ried out very eas­i­ly. The ori­gin of a hack is most often obfus­cat­ed. So there is a cer­tain lev­el of gov­ern­ment “plau­si­ble deniability.”

How­ev­er, because of its devel­op­ment boom, China’s infra­struc­ture is becom­ing increas­ing­ly at risk from a cyber per­spec­tive. Play­ing in the U.S.’s favor is the fact that Chi­na has more of a stake then ever before to ensure con­fi­dence in its state and pri­vate sys­tems. A poten­tial­ly crip­pling attack to its infra­struc­ture could have cat­a­stroph­ic effects for China.

More on U.S.-China cyber­se­cu­ri­ty issues:
FBI chief: Chi­na has hacked every major U.S. company
Will Chi­na use Anthem hack to jump start domes­tic health care?
Sanc­tions for cyber crimes can help deter threats—to a point

Posted in Cybersecurity, Featured Story