Feeds

Obama-Chinese premier summit achieves little on cyber-security

'Nothing to do with the-NSA-program-which-shall-not-be-named'

Reducing security risks from open source software

Analysis A summit meeting between Chinese President Xi Jinping and US President Barack Obama last week due to tackle the issue of cyber espionage failed to result in any agreement, perhaps partially because it was overshadowed by controversy over the NSA's controversial PRISM surveillance programme.

The meeting followed recent reports that Chinese hackers had stolen designs for more than two dozen US weapons systems as well as the latest allegations that the Chinese government was behind a series of cyberattacks on the campaigns of both Barack Obama and John McCain during the 2008 presidential election cycle. Chinese hackers allegedly gained access to campaign emails and numerous campaign files including policy position papers and travel plans, NBC News reports.

Obama officials and senior US politicians have consistently described the Chinese as the "world’s most active and persistent perpetrators of economic espionage" over recent months, claims routinely denied by Chinese officials. Both sides in what's coming to resemble a cyber Cold War have gradually stepped up the rhetoric with Chinese officials recently claiming they held "mountains of data" about US generated cyber attacks against China.

The summit was expected to thrash out at least the beginning of an agreement on cybersecurity but in the end achieved no more than a bi-lateral agreement to phase down the consumption and production of hydrofluorocarbons (HFCs), an environmental issue. The two world leaders were also meant to be discussing North Korea and cyber-security, the main topic up for discussion highlighted in a pre-briefing.

In a press conference during the summit President Obama described talks between the two world leaders on the issue of cybersecurity as heading into "uncharted waters", before going on to say that issues around the "NSA program" were different from issues about "theft and hacking".

We haven’t had, yet, in-depth discussions about the cybersecurity issue. We’re speaking at the 40,000-foot level, and we’ll have more intensive discussions during this evening’s dinner. What both President Xi and I recognize is that because of these incredible advances in technology, that the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important as part of bilateral relationships and multilateral relationships.

In some ways, these are uncharted waters and you don’t have the kinds of protocols that have governed military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what’s acceptable and what’s not. And it’s critical, as two of the largest economies and military powers in the world, that China and the United States arrive at a firm understanding of how we work together on these issues.

But I think it’s important, Julie, to get to the second part of your question, to distinguish between the deep concerns we have as a government around theft of intellectual property or hacking into systems that might disrupt those systems - whether it’s our financial systems, our critical infrastructure and so forth - versus some of the issues that have been raised around NSA programs.

When it comes to those cybersecurity issues like hacking or theft, those are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s non-state actors who are engaging in these issues as well. And we’re going to have to work very hard to build a system of defenses and protections, both in the private sector and in the public sector, even as we negotiate with other countries around setting up common rules of the road.

Greg Day, VP & CTO for EMEA at FireEye, said the lack of an immediate agreement between the two leaders on cybersecurity was unsurprising - while welcoming the fact the issue was at least high on the political agenda.

“While it was certainly a good move for these two national leaders to begin talks on the subject of cybersecurity and cyber espionage, many people will undoubtedly be left feeling somewhat underwhelmed by the outcome," Day said. "However, while a significant agreement was – perhaps unsurprisingly – not reached, it is important to maintain the lines of communication to prevent the accidental escalation of hostilities in cyberspace, especially since the level of ambiguity and misdirection is high in cyber conflicts."

“Despite the lack of a public plan of action to reduce ongoing incidents and allegations of cyber espionage, we remain hopeful that meetings such as this will reduce the problem … Cyber conflicts are a global governance issue and [are] not a problem that can be resolved with bilateral talks between two countries. The number of countries and non-state groups with sophisticated offensive capabilities in cyberspace is growing at an alarming rate. So even if one or two countries decide to show restraint, it is difficult to see how that will result in fewer attacks on the US and other countries, given the global and highly distributed nature of the problem,” he added. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.