Feeds

Obama-Chinese premier summit achieves little on cyber-security

'Nothing to do with the-NSA-program-which-shall-not-be-named'

5 things you didn’t know about cloud backup

Analysis A summit meeting between Chinese President Xi Jinping and US President Barack Obama last week due to tackle the issue of cyber espionage failed to result in any agreement, perhaps partially because it was overshadowed by controversy over the NSA's controversial PRISM surveillance programme.

The meeting followed recent reports that Chinese hackers had stolen designs for more than two dozen US weapons systems as well as the latest allegations that the Chinese government was behind a series of cyberattacks on the campaigns of both Barack Obama and John McCain during the 2008 presidential election cycle. Chinese hackers allegedly gained access to campaign emails and numerous campaign files including policy position papers and travel plans, NBC News reports.

Obama officials and senior US politicians have consistently described the Chinese as the "world’s most active and persistent perpetrators of economic espionage" over recent months, claims routinely denied by Chinese officials. Both sides in what's coming to resemble a cyber Cold War have gradually stepped up the rhetoric with Chinese officials recently claiming they held "mountains of data" about US generated cyber attacks against China.

The summit was expected to thrash out at least the beginning of an agreement on cybersecurity but in the end achieved no more than a bi-lateral agreement to phase down the consumption and production of hydrofluorocarbons (HFCs), an environmental issue. The two world leaders were also meant to be discussing North Korea and cyber-security, the main topic up for discussion highlighted in a pre-briefing.

In a press conference during the summit President Obama described talks between the two world leaders on the issue of cybersecurity as heading into "uncharted waters", before going on to say that issues around the "NSA program" were different from issues about "theft and hacking".

We haven’t had, yet, in-depth discussions about the cybersecurity issue. We’re speaking at the 40,000-foot level, and we’ll have more intensive discussions during this evening’s dinner. What both President Xi and I recognize is that because of these incredible advances in technology, that the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important as part of bilateral relationships and multilateral relationships.

In some ways, these are uncharted waters and you don’t have the kinds of protocols that have governed military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what’s acceptable and what’s not. And it’s critical, as two of the largest economies and military powers in the world, that China and the United States arrive at a firm understanding of how we work together on these issues.

But I think it’s important, Julie, to get to the second part of your question, to distinguish between the deep concerns we have as a government around theft of intellectual property or hacking into systems that might disrupt those systems - whether it’s our financial systems, our critical infrastructure and so forth - versus some of the issues that have been raised around NSA programs.

When it comes to those cybersecurity issues like hacking or theft, those are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s non-state actors who are engaging in these issues as well. And we’re going to have to work very hard to build a system of defenses and protections, both in the private sector and in the public sector, even as we negotiate with other countries around setting up common rules of the road.

Greg Day, VP & CTO for EMEA at FireEye, said the lack of an immediate agreement between the two leaders on cybersecurity was unsurprising - while welcoming the fact the issue was at least high on the political agenda.

“While it was certainly a good move for these two national leaders to begin talks on the subject of cybersecurity and cyber espionage, many people will undoubtedly be left feeling somewhat underwhelmed by the outcome," Day said. "However, while a significant agreement was – perhaps unsurprisingly – not reached, it is important to maintain the lines of communication to prevent the accidental escalation of hostilities in cyberspace, especially since the level of ambiguity and misdirection is high in cyber conflicts."

“Despite the lack of a public plan of action to reduce ongoing incidents and allegations of cyber espionage, we remain hopeful that meetings such as this will reduce the problem … Cyber conflicts are a global governance issue and [are] not a problem that can be resolved with bilateral talks between two countries. The number of countries and non-state groups with sophisticated offensive capabilities in cyberspace is growing at an alarming rate. So even if one or two countries decide to show restraint, it is difficult to see how that will result in fewer attacks on the US and other countries, given the global and highly distributed nature of the problem,” he added. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.