Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

06:30 PM
Connect Directly

4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks

As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?

Today, China's Public Security Minister Guo Shengkun, U.S. Secretary of Homeland Security Jeh Johnson, and other Chinese and American officials kicked off meetings to discuss the nations' cybersecurity relations.

This is an opportunity to renew conversations broken off when China removed itself from a working group after the United States indicted five members of the Chinese People's Liberation Army for hacking and economic espionage in May 2014.

President Obama and Chinese president Xi Jinping started mending fences Sep. 25 when they came to an agreement that neither nation would engage in cyber espionage for economic gain. (Chinese officials had brokered a similar "no-hack pact" with Russian officials four months earlier).

Yet, there is still a lot of cybercrime deriving from China -- state-sponsored or not. Unnamed officials told The Washington Post -- in a story published Monday -- that the PLA "has not substantially reengaged in commercial cyberespionage" since the arrests made in May 2014. Yet CrowdStrike reported seeing Chinese APT actors targeting American companies even after the pact was made in September. And the Chinese cybercrime underground, as detailed by Trend Micro's Forward-Looking Threat Team, is exceptionally robust.

The conversations this week are therefore fraught with diplomatic peril. What questions are the ones to have the best or worst response this week?


What is 'cybercrime'?

It sounds like a silly question, but according to Laura Galante, director of threat intelligence at FireEye, the U.S. and China have different ways of defining cybercrime. In a blog piece today, Galante wrote:

"The philosophical difference hinges on whether a country conceives of this issue as cybersecurity (securing networks and systems and associated infrastructure) or as information security (securing information, content, and ideas in addition to networks.)

China, along with Russia, more broadly defines cyber operations and tools in terms of 'information and communications technology.' With differences at this conceptual level ... more granular terms like 'cybercrime,' 'cyber-enabled data theft' and 'cyber espionage' will also require significant discussion before either side will feel confident that there is a clear, joint understanding of the activity at issue."


Are you holding up your end of the no-hack pact?

If a mere 60 days since the agreement between President Obama and President Jinping was made, the two nations begin discussing how well (or poorly) each side is holding up their side of the bargain, "I think it will be a conversation stopper," says Galante.

In fact, Galante doubts cyberespionage will be discussed in great detail. She believes the goal will be to renew conversations that had been shut down by avoiding sticking points like IP theft and Internet governance and focusing on areas where there will be more opportunities for alignment and cooperation, like stopping cyberterrorism and apprehending cybercriminals.


How can our nations help each other?

The question of helping one another stop cybercrime might be a non-starter, too. Tom Kellerman, chief cybersecurity officer for Trend Micro, says that if he were attending the meetings, he would ask "Why has the regime not dismantled the robust Chinese underground which [Trend Micro] highlighted in our recent report?"

Kellerman also believes that the two nations could collaborate on financial cybercrime. 

"How might the Chinese assist the US with anti-money laundering via cyber like in the use of Alipay and BitCoin?" he says. "When might the Chinese recognize that the US banks that they are heavily invested in are being pilfered by their Russian allies?"

Those might be conversation stoppers, too.


What are the rules of engagement?

Among the most important tasks of these meetings is to establish norms, protocols, and procedures, like, as Kellerman says, "What will the redlines be that distinguish when cyberattacks escalate to national security events?"

"What marks escalation," says Galante, "what triggers a response ... and how do you de-escalate?"

Galante says that both parties may also determine what kinds of "confidence-building measures" (CBMs) they may each produce to enhance the relationship. CBMs might come in the form of something as simple as white papers articulating how each party defines terminology. 

She says that exchanging white papers might not sound like much, but there is precedent for it. She mentions that the Cold War was gradually brought to a close because cultures that didn't understand each other got to know each other better by "engaging on so many fronts."

"This is diplomacy, at the end of the day." she says.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/2/2015 | 2:54:03 PM
nice post
its very good info
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
PUBLISHED: 2020-11-25
osCommerce has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...