This week Chinese President Xi Jinping is visiting the United States to meet with business and government leaders to discuss trade, economic issues and general points between the two countries. Also on the agenda are allegations that China has been hacking into American companies to steal intellectual property.
President Xi started his trip in Seattle to meet with tech executives to discuss economic expansion and ask them to persuade the Obama administration not to retaliate against China for years of alleged hacking. Xi denied involvement by the Chinese government and pledged to work with the United States to fight cyber crime.
President Obama said he does not plan to impose sanctions immediately against China for state-sponsored support of cyber crime, but the administration has left the door open to future actions. While there may not be a formal agreement, Chinese officials have suggested the possibility of a basic deal against cyber warfare. President Obama announced today that the US and China agreed that nether country would engage in or support cyber theft of intellectual property for any type of economic or other gain.
In March, the Chinese government admitted they have special cyber warfare units focusing on spying and defensive warfare. A few days ago an infected Microsoft Word document that installed software that searched computers for sensitive information was traced to a member of a Chinese military reconnaissance unit. It’s unlikely that the Chinese President will admit that a lot of attacks against US corporations and government agencies are state sponsored, but the mounting evidence suggests otherwise.
So will the Chinese President give lip service to actions intended to stop cyber attacks so the US doesn’t impose harsh penalties? Or will he actually do something about it?
Public and private organizations need to think about the realities of today’s cyber world and realize that very sophisticated people are trying to steal their information. Hackers from China or other well-funded sources want to steal anything valuable that they can sell or use to help jumpstart fledgling businesses. It’s also a way to undermine existing US corporations. Innovating to create global industries takes a long time. Stealing intellectual property is a faster way to jumpstart manufacturing, pharmaceutical, consumer electronics and many other industries. Given that patent law and copyright protections are less than stellar in many emerging markets, using stolen designs or formulas is standard operating procedure.
The best way to stop the hackers in their tracks is to apply strong encryption and persistent security policies to sensitive information. This guarantees that if someone exfiltrates something of value, it is rendered useless to those accessing it. Without specific permission and access rights to the information, it will be a bunch of useless bits. While it is important to protect network and system perimeters from unauthorized access, ultimately the hackers don’t want the computer, they want the data on it.
Protecting intellectual property from state-sponsored hackers or rogue groups should be a top priority for the US government and any business that has valuable data. Government agreements may or may not work, so don’t rely on them to protect your sensitive information. Just like a strong lock will deter a thief from breaking into your house, applying data-centric security to your digital assets will do the same. The thief will try an easier target that left the door wide open. Why work hard when you can work smart? Stop the hackers in their tracks. It may just ruin their day.
Photo credit Thomas Hawk