4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks

  /     /     /  
Publicated : 22/11/2024   Category : security


4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks


As meetings begin in Washington, will are you still hacking us be on the list of questions?



Today, Chinas Public Security Minister Guo Shengkun, U.S. Secretary of Homeland Security Jeh Johnson, and other Chinese and American officials kicked off meetings to discuss the nations cybersecurity relations.
This is an opportunity to renew conversations broken off when China removed itself from a working group after the United States
indicted
five members of the Chinese Peoples Liberation Army for hacking and economic espionage in May 2014.
President Obama and Chinese president Xi Jinping started mending fences Sep. 25 when they
came to an agreement
that neither nation would engage in cyber espionage for economic gain. (Chinese officials had brokered a similar
no-hack pact with Russian officials
four months earlier).
Yet, there is still a lot of cybercrime deriving from China -- state-sponsored or not. Unnamed officials told
The
 
Washington Post
-- in
a story published Monday
-- that the PLA has not substantially reengaged in commercial cyberespionage since the arrests made in May 2014. Yet
CrowdStrike reported
seeing Chinese APT actors targeting American companies even after the pact was made in September. And the Chinese cybercrime underground,
as detailed by Trend Micros
Forward-Looking Threat Team, is exceptionally robust.
The conversations this week are therefore fraught with diplomatic peril. What questions are the ones to have the best or worst response this week?
  
What is cybercrime?
It sounds like a silly question, but according to Laura Galante, director of threat intelligence at FireEye, the U.S. and China have different ways of defining cybercrime. In a
blog piece
today, Galante wrote:
The philosophical difference hinges on whether a country conceives of this issue as cybersecurity (securing networks and systems and associated infrastructure) or as information security (securing information, content, and ideas in addition to networks.)
China, along with Russia, more broadly defines cyber operations and tools in terms of information and communications technology. With differences at this conceptual level ... more granular terms like cybercrime, cyber-enabled data theft and cyber espionage will also require significant discussion before either side will feel confident that there is a clear, joint understanding of the activity at issue.
 
Are you holding up your end of the no-hack pact?
If a mere 60 days since the agreement between President Obama and President Jinping was made, the two nations begin discussing how well (or poorly) each side is holding up their side of the bargain, I think it will be a conversation stopper, says Galante.
In fact, Galante doubts cyberespionage will be discussed in great detail. She believes the goal will be to renew conversations that had been shut down by avoiding sticking points like IP theft and Internet governance and focusing on areas where there will be more opportunities for alignment and cooperation, like stopping cyberterrorism and apprehending cybercriminals.
 
How can our nations help each other?
The question of helping one another stop cybercrime might be a non-starter, too. Tom Kellerman, chief cybersecurity officer for Trend Micro, says that if he were attending the meetings, he would ask Why has the regime not dismantled the robust Chinese underground which [Trend Micro] highlighted in our recent report?
Kellerman also believes that the two nations could collaborate on financial cybercrime. 
How might the Chinese assist the US with anti-money laundering via cyber like in the use of Alipay and BitCoin? he says. When might the Chinese recognize that the US banks that they are heavily invested in are being pilfered by their Russian allies?
Those might be conversation stoppers, too.
 
What are the rules of engagement?
Among the most important tasks of these meetings is to establish norms, protocols, and procedures, like, as Kellerman says, What will the redlines be that distinguish when cyberattacks escalate to national security events?
What marks escalation, says Galante, what triggers a response ... and how do you de-escalate?
Galante says that both parties may also determine what kinds of confidence-building measures (CBMs) they may each produce to enhance the relationship. CBMs might come in the form of something as simple as white papers articulating how each party defines terminology. 
She says that exchanging white papers might not sound like much, but there is precedent for it. She mentions that the Cold War was gradually brought to a close because cultures that didnt understand each other got to know each other better by engaging on so many fronts.
This is diplomacy, at the end of the day. she says.

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
4 Conversation- Starters & Stoppers For US-China Cybersecurity Talks