Cyber wrap
1 Jul 2015|

John Kerry

Last week saw the conclusion of a series of high-level meetings in Washington between US and Chinese government officials as a part of the annual Strategic and Economic Dialogue (S&ED). There were a couple of interesting takeaways for the cyber community, namely John Kerry’s comments during a press conference with Chinese Vice Premier Wang Yang. When delivering final remarks, Kerry spoke about how the US and China need to ‘develop and implement a shared understanding of appropriate state behaviour in cyberspace.’ That’s standard State Department fare but his follow on comment—‘I’m pleased to say China agreed that we must work together to complete a code of conduct regarding cyber activities’—was out of left field.

China has been actively working with Russia and others to push for adoption of its ‘International Code of Conduct for Information Security’. Versions of the Chinese code of conduct (both the original and the latest from earlier this year) have been met with widespread disapproval from western democracies. The code seeks to formalise rules for governing cyberspace and cements the primacy of the state in internet governance, as opposed to utilising norms and embracing the multi-stakeholder model preferred by the west. It’ll be interesting to see if the US has indeed come to the table on China’s code or if Kerry simply missed the memo on the baggage attached to the code of conduct terminology.

Regardless of the intention behind the words, China has drawn a line in the sand when it comes to re-starting the stalled US–China cyber working group. During a press conference in Beijing a MFA spokesman said:

China and the United States had previously always had a good dialogue mechanism on issues of Internet security. Because of reasons that everyone knows about, and not because of China, this dialogue has stopped … Resuming these talks probably needs the United States to properly handle the relevant issue to create conditions for dialogue.

If you’re wondering what the ‘relevant issue’ is, look no further.

China’s big three internet companies—Baidu, Alibaba and Tencent—are reportedly throwing their weight around with Chinese authorities. Many of China’s indigenous start-ups have become heavily involved with China’s economy and society. The communist party is said to be struggling to strike the right balance in regulating the increasingly powerful companies. Alibaba alone handles 80% of China’s total e-commerce, which gifts them an influential position in the burgeoning business community. To see their influence in action, check out how the state administration for industry and commerce was recently waved away after challenging Alibaba for selling counterfeit goods on their website.

In the wake of the high-profile Japan Pension Service hack, the Japanese government has announced that it will create two new cyber bodies. The first, an administrative unit, will monitor the security of personal information related to Japan’s new My Number system; the second is a Security Operation Center (SOC) that will ensure the security of connections between local government entities and the federal government. The government also announced that the federal government’s SOC will now cover public corporations and independent administrative agencies handling ‘important data’. The Abe government has also pushed back the launch of its Cyber Security Strategy to better coordinate with other departments in the wake of the leak and more cleanly integrate the resulting initiatives into the strategy.

In Australia the government has put out for comment a draft bill that legally requires telecommunications companies to protect their networks form unauthorised access and interference. The bill would also compel companies to inform the government if they intend to make changes to the management of their networks and systems that could adversely affect their ability to repel cyber intruders. If passed, the bill would give ‘direction and information-gathering powers’ to the Attorney-General’s Department in the form of fines to the tune of $250,000 should companies fail to protect themselves adequately.

And if you’ve ever wondered how INTERPOL’s new high tech crime centre in Singapore goes after the bad guys, check out Kaspersky Lab’s interesting Q&A with Vitaly Kamluk, a member of INTERPOL’s Digital Forensics Lab.