Get real, China's cybercrime accord with the US will change nothing
Why a truce won't stop these superpowers hacking each other like mad
China president Xi Jinping agreed a truce on cybercrime with US President Barack Obama last week, a little different to the talk leading up to the event of a 'cyberwar accord' between the world's two most powerful nations.
There is more chance of Donald Trump saying something that isn't offensive or ignorant than there is of a cyber-peace treaty stopping anything remotely cyber-warfare related in times of war, which is probably why the two political and economic giants didn't go there.
Instead, they travelled down a similar but different road: the two agreed that 'cyber economic crime' must stop.
While both countries adopt a ludicrous position of 'I didn't do it' when it comes to launching any kind of cyber attacks against the other, be that industrial espionage or more traditional information spying raids, both also say the other must stop or there will be sanctions.
Obama spoke of a common understanding between the US and China that neither country would "conduct or knowingly support cyber-enabled theft of intellectual property", after warning that Chinese cyber attacks are not acceptable, and Xi Jinping happily agreed that "confrontation and friction are not the right choice for both sides" and insisted both countries would abide by "norms of behaviour."
To which my response is a big fat SO WHAT?
That response gets even more obese when you throw in the small detail that this 'deal' does cover the theft of trade secrets but not the taking of national security information. So it looks like state-sponsored removal of data as we almost certainly saw in both the US Office of Personnel Management (OPM)and Anthem breaches is set to continue.
Look, deals are only of any import if both sides stick to them, but the chances of that happening are pretty remote in the real world sense. No matter how much they deny it, the fact remains that both nations are hacking the bejesus out of each other. Cyber-spying is rife, and commercial espionage is par for the course.
China, if I were to risk a comment on who is being most successful, is looking like the undoubted winner right now. President Xi Jinping may say that the two powerhouse countries "share common concerns on cyber security" and that he is "ready to strengthen cooperation with the US side" but it means diddly-squat while Unit 61398 (Google it) of the People's Liberation Army's 3rd Department continues to attack US commercial and governmental concerns.
There is strong suspicion that it was behind the massive intelligence grab from OPMrecently, and the Anthem data breach, both of which were hugely successful in collecting personal information, health records, and even fingerprints of US government employees. Looking back, the PLA 3rd Department Unit 61398 is thought to have also targeted companies with an interest in CNI operations including power transmission lines, oil pipelines and power generation facilities to name but a few.
For President Xi Jinping to state that hacking and cyber-espionage are both illegal and that the Chinese government doesn't engage in the theft of commercial secrets or encourage others so to do is, frankly, laughable. It's hard to reach any conclusion other than no matter what is said, no matter what is signed, the truth of the matter is that the hacking will go on and security will continue to be tested in the most strenuous of ways.
That's what I'll be taking away from this particular state visit, and I have a funny feeling that whatever documents are signed I will feel pretty empty soon after. Anyone who says that such an 'accord' will make any difference whatsoever to the state-sponsored threatscape is, frankly, guilty of blowing smoke out of their ass...
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now