Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

06:30 PM
Connect Directly

4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks

As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?

Today, China's Public Security Minister Guo Shengkun, U.S. Secretary of Homeland Security Jeh Johnson, and other Chinese and American officials kicked off meetings to discuss the nations' cybersecurity relations.

This is an opportunity to renew conversations broken off when China removed itself from a working group after the United States indicted five members of the Chinese People's Liberation Army for hacking and economic espionage in May 2014.

President Obama and Chinese president Xi Jinping started mending fences Sep. 25 when they came to an agreement that neither nation would engage in cyber espionage for economic gain. (Chinese officials had brokered a similar "no-hack pact" with Russian officials four months earlier).

Yet, there is still a lot of cybercrime deriving from China -- state-sponsored or not. Unnamed officials told The Washington Post -- in a story published Monday -- that the PLA "has not substantially reengaged in commercial cyberespionage" since the arrests made in May 2014. Yet CrowdStrike reported seeing Chinese APT actors targeting American companies even after the pact was made in September. And the Chinese cybercrime underground, as detailed by Trend Micro's Forward-Looking Threat Team, is exceptionally robust.

The conversations this week are therefore fraught with diplomatic peril. What questions are the ones to have the best or worst response this week?


What is 'cybercrime'?

It sounds like a silly question, but according to Laura Galante, director of threat intelligence at FireEye, the U.S. and China have different ways of defining cybercrime. In a blog piece today, Galante wrote:

"The philosophical difference hinges on whether a country conceives of this issue as cybersecurity (securing networks and systems and associated infrastructure) or as information security (securing information, content, and ideas in addition to networks.)

China, along with Russia, more broadly defines cyber operations and tools in terms of 'information and communications technology.' With differences at this conceptual level ... more granular terms like 'cybercrime,' 'cyber-enabled data theft' and 'cyber espionage' will also require significant discussion before either side will feel confident that there is a clear, joint understanding of the activity at issue."


Are you holding up your end of the no-hack pact?

If a mere 60 days since the agreement between President Obama and President Jinping was made, the two nations begin discussing how well (or poorly) each side is holding up their side of the bargain, "I think it will be a conversation stopper," says Galante.

In fact, Galante doubts cyberespionage will be discussed in great detail. She believes the goal will be to renew conversations that had been shut down by avoiding sticking points like IP theft and Internet governance and focusing on areas where there will be more opportunities for alignment and cooperation, like stopping cyberterrorism and apprehending cybercriminals.


How can our nations help each other?

The question of helping one another stop cybercrime might be a non-starter, too. Tom Kellerman, chief cybersecurity officer for Trend Micro, says that if he were attending the meetings, he would ask "Why has the regime not dismantled the robust Chinese underground which [Trend Micro] highlighted in our recent report?"

Kellerman also believes that the two nations could collaborate on financial cybercrime. 

"How might the Chinese assist the US with anti-money laundering via cyber like in the use of Alipay and BitCoin?" he says. "When might the Chinese recognize that the US banks that they are heavily invested in are being pilfered by their Russian allies?"

Those might be conversation stoppers, too.


What are the rules of engagement?

Among the most important tasks of these meetings is to establish norms, protocols, and procedures, like, as Kellerman says, "What will the redlines be that distinguish when cyberattacks escalate to national security events?"

"What marks escalation," says Galante, "what triggers a response ... and how do you de-escalate?"

Galante says that both parties may also determine what kinds of "confidence-building measures" (CBMs) they may each produce to enhance the relationship. CBMs might come in the form of something as simple as white papers articulating how each party defines terminology. 

She says that exchanging white papers might not sound like much, but there is precedent for it. She mentions that the Cold War was gradually brought to a close because cultures that didn't understand each other got to know each other better by "engaging on so many fronts."

"This is diplomacy, at the end of the day." she says.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/2/2015 | 2:54:03 PM
nice post
its very good info
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...