shutterstock_196161578 copy 2

Cybersecurity Agreement with China

Cybersecurity has been been a hot topic in Washington recently. The Cybersecurity Information Sharing Act (CISA) has been introduced to Congress and has passed the Senate Intelligence Committee on March 12th, 2015.

Additionally several government agencies have experienced security breaches, including the Office of Personnel Management. The OPM’s breach is said to have affected 21.5 million people.

Some believe that China is behind many of these attacks on government’s systems and of U.S. commercial organizations.

Crowdstrike CEO, George Kurtz, told USA Today that his staff can tell when they are dealing with attacks from China. For example, the attacks occur during China’s business hours and they target “intellectual property the Chinese are known to be deficient in.”

China’s President, President Xi Jinping recently visited the United States and met with President Obama. The two Presidents came to the agreement that neither country will commit “cyber economic espionage”.

During a joint press conference, President Obama said, “I raised, once again, our very serious concerns about growing cyberthreats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on a way forward.”

While the agreement has been reached, President Obama also expressed some hesitation. He said, “The question now is: Are words followed by actions?”

The President is not alone in his hesitation; many others have also expressed concern.shutterstock_196161578 copy 2

Joseph Steinberg, CEO of SecureMySocial wrote a list of “10 Issues With the China-US Cybersecurity Agreement” for Inc.

Some of the issues that Steinberg highlights are:

  • The agreement still allows hacking for “government on government spying”.
  • No standards are defined or clarified in the agreement. Steinberg writes, “What is considered hacking, and what is considered acceptable activity?”
  • Hacking can still occur on individuals and businesses as long as it is not for commercial gain.
  • There is nothing enforcing either country to stick to the agreement.

Despite people’s concerns, many agree this agreement is a step in the right direction for cybersecurity in the United States.