Little change expected in the wake of US-China cyber deal

The cyber-security announcement made by presidents Obama and Xi on 25 September is being met with a healthy dose of scepticism, with industry insiders indicating the agreement will lead to little, if any, real change.

US President Obama and Chinese President Xi on Sept. 25 (Whitehouse.gov)
US President Obama and Chinese President Xi on Sept. 25 (Whitehouse.gov)

The cyber-security announcement made by US President Obama and Chinese President Xi on 25 September is being met with a healthy dose of scepticism, with industry leaders indicating the agreement will lead to little, if any, material change regarding cyber issues going forward.

The U.S. and China agreed to behave toward each other when it comes to cyber activities, with the two nations saying each will avoid conducting cyber theft of intellectual property for commercial gain. 

This outcome to the negotiations was predicted last week by Thomas Rid, the department of War Studies at Kings College London, who described the agreement as “symbolic”.

Prior to Obama and Xi issuing their statement, Xi had stated in Seattle to a group of business leaders that China did not conduct, nor condoned illegal cyber activities.

“China has always denied involvement in data theft by its government, or encouraging Chinese companies from espionage practices, so I don't think we will see a major difference here,” said Stewart Draper, Securonix's director of insider threat, told SCMagazine.com in a Monday email.

Left out of the Obama-Xi statement last week was any mention of more traditional espionage activities directed against government offices.

“The agreement looks to limit espionage only when it applies to economic realms, but that leaves out every juicy government target in both the US and China. That means the world's two giants can still strike a lot of blows without being outside the terms,” Jonathan Sander, vice president of product strategy for Lieberman Software, told SCMagazine.com in a Monday email.

Even with a glass half-empty viewpoint some good regarding limiting cyberespionage should come out of the meeting between the two leaders, although this may simply push intelligence gathering efforts in another, non-technical, direction.

“At best, I would expect it to result in a decrease in the digital intrusion pressure applied by Chinese military and intelligence forces against American companies. The Chinese would likely continue pursuing their strategic goals by changing tactics at the human level and operations and the merger and acquisition level,” wrote Richard Bejtlich, nonresident senior fellow, foreign policy, Center for 21st Century Security and Intelligence at the Brookings Institute.

Sander added that while this is a start, it is still to early in the game to draw any additional conclusions.

It's good that there is a starting point, but no one should feel like it's anything but setting the pieces on the board – not even the first pawn has moved in this game," he said.