On September 25th, President Obama met with Chinese President Xi Jinping to discuss cyber theft — specifically economic cyber espionage — plaguing US-Chinese relations. The two have pledged to crackdown on cyber espionage between nations, but many critics believe it’s an impossible task. The cyber summit comes in wake of multiple attacks targeting American companies and government agencies, most notably the Office of Personnel Management. In June, 18 million records were stolen from agency servers, and the United States believes Chinese cyber criminals were behind the breach. U.S. officials have widely accused China of probing American databases for valuable IP addresses and sensitive records, going as far as linking the Chinese government to the attacks.
Chinese delegation spokesman Lu Kang warned Americans not to be overzealous in blaming Beijing over lost trade secrets and identity theft; Chinese IP addresses linked to anonymous cyber hackers does not prove culpability. Indeed, in the cyber world attribution is incredibly difficult. While Xi denies any connection to the recent cyber attacks, he agrees that cybercrime is a pertinent issue worth discussing. However, the U.S. and China have historically displayed diverging views on cyberspace ethics and what constitutes ‘fair game,’ making negotiations difficult. America, at least in terms of official policy, condemns economic cyber espionage in times of peace. China, on the other hand, has a more relaxed view, claiming that organizations should take proper steps to protect themselves if they wish to outwit attackers.
While both leaders admit that progress will take time — and compromise — Obama and Xi are both committed to enforcing cyber espionage laws and punishing criminals. “We have agreed that neither the U.S. nor the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property,” stated President Obama. Although the White House deemed the summit a success, critics are skeptical, claiming that negotiations between figureheads won’t make an impact until the U.S. builds a framework to guide its cyberspace policies. Moving forward, there must be a concrete set of guidelines — definitions, laws, and protocols — by which to approach the oftentimes murky waters of cyber espionage and 21st-century national defense.
Fearing attack, American corporations have doubled down on security measures in hopes of avoiding damaging data breaches at the hands of cyber attackers — both foreign and domestic. Interestingly enough, many infosec leaders have begun turning their efforts toward securing their organization’s social media presence, a facet largely overlooked by traditional defense programs. Seemingly benign, even employee accounts associated with a company pose a threat to network security, as criminals harvest sensitive information from unsuspecting, loose-lipped staff members. Cisco’s 2015 Midyear Security Report identified Facebook as the No. 1 access point for online cyber attacks, a statistic many executives interpret as a change in the security landscape. As new network threats unravel, infosec teams are left forecasting emerging issues amidst a turbulent security climate. Cybersecurity and cyber espionage are still in their formative years, and the decisions and policies that these leaders enact will affect corporate security — and national defense — for generations to come.