Tuesday, September 20, 2016

The Chinese Get Real

I want to point out the coincidence of rising Chinese cyber power is necessarily going to allow them to make concessions, and even reach agreement on acceptable behavior, with the United States, and that in the medium term, China will be an ally of the United States with regards to cyber issues, as opposed to the dire adversary it is currently perceived as.

As a bit of color, the Stern Stewart Summit I attended last week also had a Chinese attendee. Of course, at that high financial level what the Chinese are interested in is ZTE and Huawei, which are essentially blacklisted from the American and many allied markets. As one attendee put it: There are "PR problems", and "problem problems". Huawei and ZTE have a "problem problem". 

In a sense, they are casualties of the old cold war in cyber between the US and China. This was defined by a more aggressive, but more primitive and expansive Chinese effort, and a more subtle but more advanced American effort.

But now, things have changed. The Chinese have reached a technological and capability tipping point and are now putting out top notch public cyber security results, and therefor feel more confident about giving up ubiquitous presence on US networks in exchange for normalizing relations. As another signature: Conferences. It is no accident Qihoo360 bought SyScan, a top notch technical conference in information security, and is now growing it domestically and internationally. (As opposed to the much more cloistered XCon).

Keen Security Lab, QiHoo360 Marvel Team are top notch teams, working in the open like a normal western security research team would. This is a huge and new show of confidence by the Chinese.

A little while ago FireEye posted a graph listing their detection over time of Chinese hackers inside US commercial systems. I annotated it a few times with some ideas of what it could represent.

You can see deterrent actions and the subsequent reductions if you squint right. The horizontal lines delimit the two types of cyber espionage China has been conducting, with strategic espionage (the kind the US does as well) being the floor of activity.

That's one mental model which can help you understand the US-China cyber rapprochement on the economic espionage issue, which the US finds extremely important. The other issue of course is the ongoing ban of ZTE and Huawei, which I think the Chinese thought they could simply avoid. Quotes from the Huawei CEO have indicated he did not think it would have an impact, and yet Huawei and ZTE are nowhere to be seen in the US market, and US partners of theirs are considered laughingstocks at sales conferences.

Here's another possibility for that graph though that just takes into account skillset increases by the Chinese team, something I think is easy to forget about:
Because it is inevitable that the previous model of wide economic espionage was going to get them caught, the C team had outlived their usefulness, and their mission was closed.

To sum up: You don't have to hack EVERYTHING if you can hack ANYTHING, and the Chinese are showing signs that they've moved to that level. This allows them to make alliance with the United States on issues of mutual importance in the cyber arena. 

No comments:

Post a Comment