Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/1/2015
06:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks

As meetings begin in Washington, will 'are you still hacking us' be on the list of questions?

Today, China's Public Security Minister Guo Shengkun, U.S. Secretary of Homeland Security Jeh Johnson, and other Chinese and American officials kicked off meetings to discuss the nations' cybersecurity relations.

This is an opportunity to renew conversations broken off when China removed itself from a working group after the United States indicted five members of the Chinese People's Liberation Army for hacking and economic espionage in May 2014.

President Obama and Chinese president Xi Jinping started mending fences Sep. 25 when they came to an agreement that neither nation would engage in cyber espionage for economic gain. (Chinese officials had brokered a similar "no-hack pact" with Russian officials four months earlier).

Yet, there is still a lot of cybercrime deriving from China -- state-sponsored or not. Unnamed officials told The Washington Post -- in a story published Monday -- that the PLA "has not substantially reengaged in commercial cyberespionage" since the arrests made in May 2014. Yet CrowdStrike reported seeing Chinese APT actors targeting American companies even after the pact was made in September. And the Chinese cybercrime underground, as detailed by Trend Micro's Forward-Looking Threat Team, is exceptionally robust.

The conversations this week are therefore fraught with diplomatic peril. What questions are the ones to have the best or worst response this week?

  

What is 'cybercrime'?

It sounds like a silly question, but according to Laura Galante, director of threat intelligence at FireEye, the U.S. and China have different ways of defining cybercrime. In a blog piece today, Galante wrote:

"The philosophical difference hinges on whether a country conceives of this issue as cybersecurity (securing networks and systems and associated infrastructure) or as information security (securing information, content, and ideas in addition to networks.)

China, along with Russia, more broadly defines cyber operations and tools in terms of 'information and communications technology.' With differences at this conceptual level ... more granular terms like 'cybercrime,' 'cyber-enabled data theft' and 'cyber espionage' will also require significant discussion before either side will feel confident that there is a clear, joint understanding of the activity at issue."

 

Are you holding up your end of the no-hack pact?

If a mere 60 days since the agreement between President Obama and President Jinping was made, the two nations begin discussing how well (or poorly) each side is holding up their side of the bargain, "I think it will be a conversation stopper," says Galante.

In fact, Galante doubts cyberespionage will be discussed in great detail. She believes the goal will be to renew conversations that had been shut down by avoiding sticking points like IP theft and Internet governance and focusing on areas where there will be more opportunities for alignment and cooperation, like stopping cyberterrorism and apprehending cybercriminals.

 

How can our nations help each other?

The question of helping one another stop cybercrime might be a non-starter, too. Tom Kellerman, chief cybersecurity officer for Trend Micro, says that if he were attending the meetings, he would ask "Why has the regime not dismantled the robust Chinese underground which [Trend Micro] highlighted in our recent report?"

Kellerman also believes that the two nations could collaborate on financial cybercrime. 

"How might the Chinese assist the US with anti-money laundering via cyber like in the use of Alipay and BitCoin?" he says. "When might the Chinese recognize that the US banks that they are heavily invested in are being pilfered by their Russian allies?"

Those might be conversation stoppers, too.

 

What are the rules of engagement?

Among the most important tasks of these meetings is to establish norms, protocols, and procedures, like, as Kellerman says, "What will the redlines be that distinguish when cyberattacks escalate to national security events?"

"What marks escalation," says Galante, "what triggers a response ... and how do you de-escalate?"

Galante says that both parties may also determine what kinds of "confidence-building measures" (CBMs) they may each produce to enhance the relationship. CBMs might come in the form of something as simple as white papers articulating how each party defines terminology. 

She says that exchanging white papers might not sound like much, but there is precedent for it. She mentions that the Cold War was gradually brought to a close because cultures that didn't understand each other got to know each other better by "engaging on so many fronts."

"This is diplomacy, at the end of the day." she says.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ProfessionalH174
50%
50%
ProfessionalH174,
User Rank: Apprentice
12/2/2015 | 2:54:03 PM
nice post
its very good info
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17185
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-12424
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-18380
PUBLISHED: 2019-12-09
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
CVE-2019-19687
PUBLISHED: 2019-12-09
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, whic...
CVE-2019-19682
PUBLISHED: 2019-12-09
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the ...