On September 25, the leaders of two of the world’s most powerful countries met to reach an agreement over what many see as an escalating cyber war.
U.S. President Barack Obama and Chinese President Xi Jinping made the announcement together, essentially stating that both sides would work together to fight against the theft of intellectual property and confidential business information through cyber attacks. The agreement can certainly be seen as a momentous occasion, perhaps even historic in certain contexts, but many are skeptical about how effective it will end up being. To openly acknowledge what has been transpiring between the U.S. and China is a significant step, but a lot of distrust still exists, and a lot of work remains if the fight against cyber attacks is to be a successful one.
Many inside the Beltway are hopeful that this agreement will lead to the easing of tensions between both countries. After all, the number of cyber attacks being launched has increased dramatically in just the past few years. One document from the NSA uncovered earlier this year estimates that roughly 600 successful attacks have been made by Chinese hackers against U.S. government and corporate networks. These attacks include targeting aviation companies to steal military project information along with DDoS attacks against certain organizations that are banned in China.
Most egregious was the attack launched against the U.S. Office of Personnel Management (OPM), where the sensitive data of more than 20 million federal employees was stolen. As time goes on, the OPM hack only seems to be getting worse, as it was recently reported that more than 5.5 million federal workers had their fingerprint information stolen. While no official announcement has been made regarding China’s culpability with this attack, most signs and statements from government officials indicate they believe China was behind it.
That’s what makes the ongoing cyber war so concerning: China’s embrace of cyber espionage. The Chinese government hasn’t exactly been shy about engaging in high-tech forms of espionage, but even outright attacks can be done by shadow groups with the backing of the Chinese government.
The U.S. has tried to respond to these attacks through sterner measures. While at first focusing on defense, the U.S. government has gone to greater lengths to punish those responsible, such as charging five Chinese military officials for their roles in recent hackings. The U.S. has also indicated it is ready to issue sanctions against Chinese companies found guilty of espionage. While these responses show more willingness on the part of the U.S. to tackle the problem, many don’t believe it will do enough to deter further attacks.
The real question is whether China is serious about combating cyber threats and stopping cyber espionage. As a Washington Post editorial notes, right now the agreement reached by President Obama and President Xi is just words. If China follows through on the promises made in the announcement, it will be a radical departure from earlier policies and the agreement will be seen as a major turning point in the fight against cyber criminals.
However, many simply don’t believe China will actually hold true to the agreement. With their rampant use of shadow organizations, China’s government can disavow any involvement in future cyber attacks while still orchestrating things from behind the scenes. Cooperation in cyber threat investigations will be tough to enforce, and verifying whether China is holding up its end of the bargain will remain a challenge, to put it lightly.
It all comes down to actions. The U.S. is in a tough position as a target of China’s cyber espionage. As many private companies have learned, preventing security breaches is an extremely difficult task, one which requires constant updates to IT systems, hyper converged infrastructure, and corporate networks.
Even so, the U.S. better have a plan in place for dealing with further cyber threats should the agreement prove to be hollow. With the number of threats rising, and China only just starting to show willingness to back down, there may be more breaches ahead.