Feeds

Obama-Chinese premier summit achieves little on cyber-security

'Nothing to do with the-NSA-program-which-shall-not-be-named'

Build a business case: developing custom apps

Analysis A summit meeting between Chinese President Xi Jinping and US President Barack Obama last week due to tackle the issue of cyber espionage failed to result in any agreement, perhaps partially because it was overshadowed by controversy over the NSA's controversial PRISM surveillance programme.

The meeting followed recent reports that Chinese hackers had stolen designs for more than two dozen US weapons systems as well as the latest allegations that the Chinese government was behind a series of cyberattacks on the campaigns of both Barack Obama and John McCain during the 2008 presidential election cycle. Chinese hackers allegedly gained access to campaign emails and numerous campaign files including policy position papers and travel plans, NBC News reports.

Obama officials and senior US politicians have consistently described the Chinese as the "world’s most active and persistent perpetrators of economic espionage" over recent months, claims routinely denied by Chinese officials. Both sides in what's coming to resemble a cyber Cold War have gradually stepped up the rhetoric with Chinese officials recently claiming they held "mountains of data" about US generated cyber attacks against China.

The summit was expected to thrash out at least the beginning of an agreement on cybersecurity but in the end achieved no more than a bi-lateral agreement to phase down the consumption and production of hydrofluorocarbons (HFCs), an environmental issue. The two world leaders were also meant to be discussing North Korea and cyber-security, the main topic up for discussion highlighted in a pre-briefing.

In a press conference during the summit President Obama described talks between the two world leaders on the issue of cybersecurity as heading into "uncharted waters", before going on to say that issues around the "NSA program" were different from issues about "theft and hacking".

We haven’t had, yet, in-depth discussions about the cybersecurity issue. We’re speaking at the 40,000-foot level, and we’ll have more intensive discussions during this evening’s dinner. What both President Xi and I recognize is that because of these incredible advances in technology, that the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important as part of bilateral relationships and multilateral relationships.

In some ways, these are uncharted waters and you don’t have the kinds of protocols that have governed military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what’s acceptable and what’s not. And it’s critical, as two of the largest economies and military powers in the world, that China and the United States arrive at a firm understanding of how we work together on these issues.

But I think it’s important, Julie, to get to the second part of your question, to distinguish between the deep concerns we have as a government around theft of intellectual property or hacking into systems that might disrupt those systems - whether it’s our financial systems, our critical infrastructure and so forth - versus some of the issues that have been raised around NSA programs.

When it comes to those cybersecurity issues like hacking or theft, those are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s non-state actors who are engaging in these issues as well. And we’re going to have to work very hard to build a system of defenses and protections, both in the private sector and in the public sector, even as we negotiate with other countries around setting up common rules of the road.

Greg Day, VP & CTO for EMEA at FireEye, said the lack of an immediate agreement between the two leaders on cybersecurity was unsurprising - while welcoming the fact the issue was at least high on the political agenda.

“While it was certainly a good move for these two national leaders to begin talks on the subject of cybersecurity and cyber espionage, many people will undoubtedly be left feeling somewhat underwhelmed by the outcome," Day said. "However, while a significant agreement was – perhaps unsurprisingly – not reached, it is important to maintain the lines of communication to prevent the accidental escalation of hostilities in cyberspace, especially since the level of ambiguity and misdirection is high in cyber conflicts."

“Despite the lack of a public plan of action to reduce ongoing incidents and allegations of cyber espionage, we remain hopeful that meetings such as this will reduce the problem … Cyber conflicts are a global governance issue and [are] not a problem that can be resolved with bilateral talks between two countries. The number of countries and non-state groups with sophisticated offensive capabilities in cyberspace is growing at an alarming rate. So even if one or two countries decide to show restraint, it is difficult to see how that will result in fewer attacks on the US and other countries, given the global and highly distributed nature of the problem,” he added. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?