Mandia: US-China No-Hack Pact Could Be Game ChangerMandia: US-China No-Hack Pact Could Be Game Changer
Mandiant founder Kevin Mandia says change is coming in the wake of Xi and Obama's pledge not to conduct cyberespionage for economic gain if China holds up its end of the deal.
October 14, 2015
FIREEYE CYBER DEFENSE SUMMIT -- Washington, D.C. -- Kevin Mandia, founder of Mandiant and president of FireEye, says the historic agreement last month between President Obama and China's president Xi Jinping not to conduct cyberspying attacks for economic gain could signal a new chapter.
"With two heads of state recognizing that they can control the direction it goes in-- things are definitely going to change," Mandia said here today in an interview with Dark Reading. "I can't see how it gets worse after their conversation."
The pact specifically applies to the theft of trade secrets and stops short of banning traditional espionage via hacking. Cyberespionage has been a notoriously prolific US strategy for China, with the US among its top targets, although Chinese officials deny such hacking activity. Obama has threatened sanctions for foreign or other hackers who break into US interests for economic gain and for stealing intellectual property. Meanwhile, the US publicly has remained mostly mum about China's cyberespionage for traditional intel-gathering purposes.
China reportedly arrested a "handful" of hackers in that nation last month at the request of US officials, possibly as a show of good faith that China indeed intends to tighten the screws on cyberattacks aimed at pilfering intellectual property.
FireEye's Mandia envisions the US-China no-hack pledge playing out in one of three ways: worst-case, China pays lip service only and continues stealing US IP; China scales back that type of hacking; or China curtails that activity altogether. In the end, he thinks it will lead to the two national powers teaming up against cybercrime overall in the name of a global economy.
"The companies that have high capabilities in determining attribution and other nations with the capability to pierce anonymity will be able to work together against cybercrime," Mandia says. So nations without that ability will become more abused for trafficking cybercrime, he says.
"I think that means over time, the US and China, if they become high attribution states, they will have to work together" against cybercrime, he says.
Overall, the pact is better than no pact at all, Mandia says.
Mandia says he expects the US to begin fining Chinese companies for cyber theft.
"The OPM [Office of Personnel Management] breach in my opinion, the [attackers] have been doing it for a long time, in China and they get paid to do it," Mandia said in a keynote address here yesterday. "They were either ignored or abated by the Chinese government."
Mandia says nations such as the US and China may "agree to lighten up once in while" on attacks. "There will be more unwritten norms," he says.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks