UK/China cyber security deal: National security attacks still OK, it seems

Contrary to several trigger-happy reports, China's president Xi Jinping has not signed a formal agreement with the UK prime minister David Cameron on cyber security.

Rather, the nations have issued a joint statement – which UK government spokespersons did not want to tell The Register was legally binding – which mentions an agreement between both nations to not "conduct or support cyber-enabled theft of intellectual property".

The UK/China "Joint Statement on Building a Global Comprehensive Strategic Partnership for the 21st Century" was published by the Foreign and Commonwealth Office today. The relevant paragraph is below:

The UK and China agree to establish a high-level security dialogue to strengthen exchanges and cooperation on security issues such as non-proliferation, organised crime, cyber crime and illegal immigration.

The UK and China agree not to conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of providing competitive advantage.

The two sides will enhance mutual respect and understanding, and continue exchanges on human rights and rule of law.

Cameron stated it was a "testament to [the] strong relationship [between China and the UK] that we're able to work on these important issues ... such as cyber, where we've reached a new agreement on cyber-enabled commercial espionage, and on human rights".

While far from a cyber-peace deal, the joint statement comes on the heels of a nigh identical bargain struck between China and the US, which was presented as such.

President Obama announced at the time that himself and the Chinese president had "agreed that neither the US nor the Chinese government will conduct, or knowingly support, cyber-enabled theft of intellectual property – including trade secrets or other confidential business information – for commercial advantage."

Notably, malicious attacks conducted for national security purposes by either China, the US, or the UK, are not covered by any of the agreements.

Kevin Mandia, boss of China-focused infosec firm FireEye, criticised the US-China agreement, stating it would do next to nothing to slow or stymie cyber espionage.

Blighty's focus remains on IP, however. A keynote speech delivered on Wednesday to the UK/China Intellectual Property Symposium by Baroness (Lucy) Neville-Rolfe, Minister for Intellectual Property, restated Chancellor George Osbourne's claims, given during his visit to China last month, that the UK is "China's best partner in the West".

Neville-Rolfe lauded several initiatives which sought to protect the interests of British businesses' IP online in China. "During my visit I supported the signing of a landmark IP agreement between the China-Britain Business Council and the Alibaba Group," said the baroness, who noted how subsequent enforcement lead to the dismantling of a network producing "counterfeit engine lubricants" which had "recorded sales of £1.5m in the past year alone and was uncovered by a joint operation between Alibaba, British businesses and Chinese law enforcement."

The Register received the following enlightening comment from a government spokesperson: "[T]his agreement sets out a clear statement and commitment by both sides not to conduct or support the cyber-enabled theft of intellectual property, trade secrets or confidential business information, with the intent of providing competitive advantage. It's a clear sign of our commitment to promoting security and stability in cyberspace, by clarifying the rules of the road. It is part of our objective of making the UK one of the most secure places in the world to do business in cyberspace. We have set out this week that when it comes to the UK's infrastructure we have clear and robust systems in place." ®