CyberScout

What You Need to Know About the China-U.S. Cyber Security Pact

What You Need to Know About the China-U.S. Cyber Security Pact

Last month, President Obama and Chinese President Xi Jinping announced a milestone cyber security agreement.

Both superpowers agreed not to steal or enable the theft of intellectual property or other commercial trade secrets from each other.

Notably, the pact does not cover government-to-government cyber spying—such as the recent exposure of detailed background records for 21 million former and current U.S. employees that resulted from a massive hack of the Office of Personnel Management, blamed on China.

The agreement establishes formal channels by which U.S. law enforcement officials can request real investigations of alleged commercial hacking capers from their Chinese counterparts. That includes a “red-phone” the White House can use to register complaints with the Chinese government at a Cabinet level.

ThirdCertainty asked Brian Huntley and Eduard Goodman, Information Security Officer and Chief Privacy Officer, respectively, at CyberScout to outline the go-forward ramifications. CyberScout sponsors ThirdCertainty.

3C: What’s noteworthy about this historical cybersecurity agreement between the U.S. and China?

Brian Huntley, CyberScout Information Security OfficerBrian Huntley, CyberScout Information Security Officer

Huntley: It’s noteworthy that these two cyber espionage superpowers were so overt about the agreement’s negotiation and execution. This agreement’s international prominence may influence global cyber security affairs. It could be the baseline benchmarked by other international powers seeking similar bilateral control agreements.

I can remember (President) Nixon’s and (Henry) Kissinger’s first outreach to China, which laid the initial groundwork for the political atmosphere this agreement is built on. This affirms that U.S. foreign policy has done good in the world.

Goodman: While the theft of intellectual property from a technology perspective has been discussed for decades now, the cyber security angle is now an important one for both countries.

I liken this to the initiation of talks between the U.S. and Soviet Union around nuclear disarmament. Those discussions began in the late 1960s and culminated in the SALT I treaty, which started a continuing and ongoing discussion with the Russians on the subject for over four decades.

3C: The backdrop remains complex and tenuous. What’s likely to happen next?

Eduard Goodman, CyberScout chief privacy officer

Goodman: This is really about starting a dialogue. Past events point to a high level of certainty that a number of recent hacks, including the U.S. Office of Personnel Management breach, originated in China, and may have been state-condoned, if not state-sponsored. So this is really a starting point to build cooperation in order to build trust.

Huntley: Both the U.S and China will need to expand and enhance their global trade dispute management and arbitration capabilities. This is necessary in order to cope with case-management scenarios covered in the agreement.

3C: What’s the big takeaway for U.S. companies and organizations?

Huntley: Organizations with significant industrial control system (ICS) presence in their operations should breathe slightly easier. It should now be clearer where in the morass of multiple U.S. federal jurisdictions they can, and should, first turn for assistance with cyber espionage management.

The ICS community now has more incentive to surface cyber espionage attacks at the federal level, as the result of the commercial relief they may be able to capture under this treaty. This last creates a win-win for the ICS companies and the federal government.

Goodman: The challenge with cyber security is that, unlike building an ICBM with a nuclear warhead, hacking can be carried out very easily. The origin of a hack is most often obfuscated. So there is a certain level of government “plausible deniability.”

However, because of its development boom, China’s infrastructure is becoming increasingly at risk from a cyber perspective. Playing in the U.S.’s favor is the fact that China has more of a stake then ever before to ensure confidence in its state and private systems. A potentially crippling attack to its infrastructure could have catastrophic effects for China.

This article originally appeared on ThirdCertainty.com.