Cybersecurity experts from Tripwire, Securonix and Lieberman Software are starting to react to news of a China-US cybersecurity agreement coming this week out of Washington.
[su_note note_color=”#ffffcc” text_color=”#00000″]Stewart Draper, Director of Insider Threat for Securonix :
“China has always denied involvement in data theft by its government, or encouraging Chinese companies from espionage practices, so I don’t think we will see a major difference here. I think we could see positive impacts in a reduction of APT’s that are easily identified as Chinese groups. I doubt that Chinese companies interested in intellectual property would necessarily follow the governments lead.
I think this agreement is a cautious step in the right direction. Actions speak louder than words!”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Sander, VP of product strategy for Lieberman Software :
“The US is trying to contain a dragon with a paper tiger with the deal it reached on cybersecurity with China. The agreement looks to limit espionage only when it applies to economic realms, but that leaves out every juicy government target in both the US and China. That means the world’s two giants can still strike a lot of blows without being outside the terms. It also doesn’t make clear what obligations China would have in terms of restraining its privately run organizations nor how it will be forced to prove it’s doing anything at any level to comply.
It’s good that there is a starting point, but no one should feel like it’s anything but setting the pieces on the board – not even the first pawn has moved in this game.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Senior Security Analyst with Tripwire :
“There will be no cybersecurity deal, due to a number of factors. The key one being that in order to even agree not to attack critical infrastructure they would have to admit they have the capability to do so, as well as possibly disclose some of those capabilities. This process could reveal attacks and reconnaissance already conducted, which is a particular challenge for China as they have taken a stance of complete innocence when it comes to cyber war and espionage to the point of claiming naivety. It is sort of like having two parties agree to not hit each other in the face and the other person saying they can’t agree to that because they don’t have the ability to punch.
It has been quoted that China has 300,000 hackers at their disposal, however this number reflects what I believe is a ‘Terracotta cyberarmy’ comprised of low level hackers and loose associates of cyber mercenary groups. Cyberwar is asymmetrical as it gets, the number of hackers is irrelevant when compared to the skill level, tools, techniques and infrastructure at the group’s disposal.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Marc Gaffan, at Incapsula :
“We would hope that this historic agreement also decommissions the Great Cannon – China’s cyber weapon that is used take websites offline with massive denial of service attacks,” said Marc Gaffan, General Manager of the Incapsula business at Imperva. “While the weapon cannot be used to steal intellectual property directly, it does have a significant, negative economic impact in brining down service businesses, as we saw with GitHub earlier this year.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.