Get real, China's cybercrime accord with the US will change nothing

Why a truce won't stop these superpowers hacking each other like mad

China president Xi Jinping agreed a truce on cybercrime with US President Barack Obama last week, a little different to the talk leading up to the event of a 'cyberwar accord' between the world's two most powerful nations.

There is more chance of Donald Trump saying something that isn't offensive or ignorant than there is of a cyber-peace treaty stopping anything remotely cyber-warfare related in times of war, which is probably why the two political and economic giants didn't go there.

Instead, they travelled down a similar but different road: the two agreed that 'cyber economic crime' must stop.

While both countries adopt a ludicrous position of 'I didn't do it' when it comes to launching any kind of cyber attacks against the other, be that industrial espionage or more traditional information spying raids, both also say the other must stop or there will be sanctions.

Advertisement - Article continues below
Advertisement - Article continues below

Obama spoke of a common understanding between the US and China that neither country would "conduct or knowingly support cyber-enabled theft of intellectual property", after warning that Chinese cyber attacks are not acceptable, and Xi Jinping happily agreed that "confrontation and friction are not the right choice for both sides" and insisted both countries would abide by "norms of behaviour."

To which my response is a big fat SO WHAT?

That response gets even more obese when you throw in the small detail that this 'deal' does cover the theft of trade secrets but not the taking of national security information. So it looks like state-sponsored removal of data as we almost certainly saw in both the US Office of Personnel Management (OPM)and Anthem breaches is set to continue.

Look, deals are only of any import if both sides stick to them, but the chances of that happening are pretty remote in the real world sense. No matter how much they deny it, the fact remains that both nations are hacking the bejesus out of each other. Cyber-spying is rife, and commercial espionage is par for the course.

China, if I were to risk a comment on who is being most successful, is looking like the undoubted winner right now. President Xi Jinping may say that the two powerhouse countries "share common concerns on cyber security" and that he is "ready to strengthen cooperation with the US side" but it means diddly-squat while Unit 61398 (Google it) of the People's Liberation Army's 3rd Department continues to attack US commercial and governmental concerns.

There is strong suspicion that it was behind the massive intelligence grab from OPMrecently, and the Anthem data breach, both of which were hugely successful in collecting personal information, health records, and even fingerprints of US government employees. Looking back, the PLA 3rd Department Unit 61398 is thought to have also targeted companies with an interest in CNI operations including power transmission lines, oil pipelines and power generation facilities to name but a few.

Advertisement - Article continues below

For President Xi Jinping to state that hacking and cyber-espionage are both illegal and that the Chinese government doesn't engage in the theft of commercial secrets or encourage others so to do is, frankly, laughable. It's hard to reach any conclusion other than no matter what is said, no matter what is signed, the truth of the matter is that the hacking will go on and security will continue to be tested in the most strenuous of ways.

That's what I'll be taking away from this particular state visit, and I have a funny feeling that whatever documents are signed I will feel pretty empty soon after. Anyone who says that such an 'accord' will make any difference whatsoever to the state-sponsored threatscape is, frankly, guilty of blowing smoke out of their ass...

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020