Feeds

Obama-Chinese premier summit achieves little on cyber-security

'Nothing to do with the-NSA-program-which-shall-not-be-named'

High performance access to file storage

Analysis A summit meeting between Chinese President Xi Jinping and US President Barack Obama last week due to tackle the issue of cyber espionage failed to result in any agreement, perhaps partially because it was overshadowed by controversy over the NSA's controversial PRISM surveillance programme.

The meeting followed recent reports that Chinese hackers had stolen designs for more than two dozen US weapons systems as well as the latest allegations that the Chinese government was behind a series of cyberattacks on the campaigns of both Barack Obama and John McCain during the 2008 presidential election cycle. Chinese hackers allegedly gained access to campaign emails and numerous campaign files including policy position papers and travel plans, NBC News reports.

Obama officials and senior US politicians have consistently described the Chinese as the "world’s most active and persistent perpetrators of economic espionage" over recent months, claims routinely denied by Chinese officials. Both sides in what's coming to resemble a cyber Cold War have gradually stepped up the rhetoric with Chinese officials recently claiming they held "mountains of data" about US generated cyber attacks against China.

The summit was expected to thrash out at least the beginning of an agreement on cybersecurity but in the end achieved no more than a bi-lateral agreement to phase down the consumption and production of hydrofluorocarbons (HFCs), an environmental issue. The two world leaders were also meant to be discussing North Korea and cyber-security, the main topic up for discussion highlighted in a pre-briefing.

In a press conference during the summit President Obama described talks between the two world leaders on the issue of cybersecurity as heading into "uncharted waters", before going on to say that issues around the "NSA program" were different from issues about "theft and hacking".

We haven’t had, yet, in-depth discussions about the cybersecurity issue. We’re speaking at the 40,000-foot level, and we’ll have more intensive discussions during this evening’s dinner. What both President Xi and I recognize is that because of these incredible advances in technology, that the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important as part of bilateral relationships and multilateral relationships.

In some ways, these are uncharted waters and you don’t have the kinds of protocols that have governed military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what’s acceptable and what’s not. And it’s critical, as two of the largest economies and military powers in the world, that China and the United States arrive at a firm understanding of how we work together on these issues.

But I think it’s important, Julie, to get to the second part of your question, to distinguish between the deep concerns we have as a government around theft of intellectual property or hacking into systems that might disrupt those systems - whether it’s our financial systems, our critical infrastructure and so forth - versus some of the issues that have been raised around NSA programs.

When it comes to those cybersecurity issues like hacking or theft, those are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s non-state actors who are engaging in these issues as well. And we’re going to have to work very hard to build a system of defenses and protections, both in the private sector and in the public sector, even as we negotiate with other countries around setting up common rules of the road.

Greg Day, VP & CTO for EMEA at FireEye, said the lack of an immediate agreement between the two leaders on cybersecurity was unsurprising - while welcoming the fact the issue was at least high on the political agenda.

“While it was certainly a good move for these two national leaders to begin talks on the subject of cybersecurity and cyber espionage, many people will undoubtedly be left feeling somewhat underwhelmed by the outcome," Day said. "However, while a significant agreement was – perhaps unsurprisingly – not reached, it is important to maintain the lines of communication to prevent the accidental escalation of hostilities in cyberspace, especially since the level of ambiguity and misdirection is high in cyber conflicts."

“Despite the lack of a public plan of action to reduce ongoing incidents and allegations of cyber espionage, we remain hopeful that meetings such as this will reduce the problem … Cyber conflicts are a global governance issue and [are] not a problem that can be resolved with bilateral talks between two countries. The number of countries and non-state groups with sophisticated offensive capabilities in cyberspace is growing at an alarming rate. So even if one or two countries decide to show restraint, it is difficult to see how that will result in fewer attacks on the US and other countries, given the global and highly distributed nature of the problem,” he added. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.