Tuesday, September 27, 2016

Canada, China to discuss accord on cybersecurity

Such a dialogue has profound implications for Canada’s business community, given that Chinese government hackers are frequently seen as adversaries.

Canada, China to discuss accord on cybersecurity

Prime Minister Justin Trudeau has directed his top security officials to discuss a cyber accord with China to help protect Canadian corporations from hackers.
The Prime Minister’s national-security adviser, Daniel Jean, was sent to China earlier this month to co-chair the first in a series of meetings between the two countries’ public-safety officials. These talks have become the focus of controversy because they include a possible extradition treaty.
Now The Globe and Mail has learned the discussions will also be a forum for Canada and China to iron out their differences on cybersecurity.
“The U.S. and U.K. recently concluded agreements with China not to engage in, or support, the theft of intellectual property and trade secrets to gain economic advantage,” said Scott Bardsley, a spokesman for Public Safety Minister Ralph Goodale. “A similar agreement is a possible outcome.”
Such a dialogue has profound implications for Canada’s business community, given that Chinese government hackers are frequently seen as adversaries with a voracious appetite for corporate intellectual property as well as state secrets. Past victims of Chinese hacking campaigns include the federal government’s National Research Council and, allegedly, the former telecom giant Nortel Networks.
The new security talks are a “forum for both countries to frankly discuss issues that need to be resolved,” Mr. Bardsley said.
In September, 2015, U.S. President Barack Obama and Chinese President Xi Jinping announced a cyberaccord. Former British prime minister David Cameron unveiled a similar agreement when he met Mr. Xi one month later.
In April, a U.S. private-sector cybersecurity expert noted “a material downtick in what can be considered cyberespionage” after the U.S.-China accord. But U.S. government security officials have said they are unsure China is complying.
The president of the Business Council of Canada recently told The Globe that Canadian corporations are increasingly concerned about data theft of all kinds. “Many of the CEOs who are members of our council consider it their No. 1 risk factor,” said John Manley, a former Liberal cabinet minister. “And they lose sleep over it.”
Experts say diplomatic discussion of cybersecurity is a pressing need. Globally, recent months have shown that state-sponsored hackers and their proxies are becoming increasingly powerful in their bids to make mischief, steal secrets or engage in campaigns to sabotage utilities.
“If there is a general feeling, an assessment on the part of some hackers, there are no rules, that this is the law of the jungle, then that is a very destabilizing thing,” Michael Walma, a senior Government Affairs Canada official, said during a conference last week.
Billed as Ottawa’s “cyber foreign policy co-ordinator,” he was one of several high-level civil servants who spoke at the Canadian Association of Security and Intelligence Studies (CASIS) symposium. Last Friday’s discussion focused on cybersecurity and took place at Ottawa’s War Museum.
Calling the discussion “timely,” Mr. Walma told the gathering that Canadian diplomats are joining their counterparts in trying to iron out cybersecurity issues in bilateral and multilateral forums.
He specifically mentioned the U.S.-China accord as an example of what dialogue can achieve. But, he added, diplomatic agreements need to be backed up with deterrents, and pointed out that the United States is targeting state-sponsored hackers with criminal prosecutions, travel bans and financial sanctions.
“They are starting to equip themselves with a toolbox that allows them to respond with something between a diplomatic note and a nuclear strike,” Mr. Walma quipped. “I think that kind of points to the way we should all be working.”
In the summer of 2014, the U.S. government charged five officers of China’s People’s Liberation Army with hacking U.S. solar, steel and manufacturing companies. Shortly after, the United States launched a separate case against Vancouver-based Chinese national Su Bin, accusing him of helping PLA-affiliated hackers target aviation companies.
At that time, Canada’s Conservative government publicly called out China for hacking into the computer networks of the National Research Council, the federal government’s repository of secrets about emerging technology.
Whether “naming and shaming” foreign hackers accomplishes much was debated at the CASIS conference. “If you are going to call out an action by another country, there has to be actually something that’s going to be a follow-up of some consequence,” said Melissa Hathaway, a U.S. consultant who has advised two American presidents on cybersecurity.
She explained that any country that publicly accuses an autocratic country of hacking could expose its own expatriate citizens and corporate branch plants to countermeasures, given that such states react unpredictably when challenged.
Canada is not without some cybercapabilities. It is a member of the “signals intelligence” collective known as The Five Eyes, the world’s most formidable electronic-spying alliance.
The Five Eyes’ partners – agencies in Canada, the United States, Britain, Australia and New Zealand – are highly secretive, yet members publicly insist they do not spy on foreign corporations for the commercial gain of their countries’ firms.
This was somewhat undercut in 2013, when Edward Snowden, a former U.S. government contractor, leaked documents that showed the Five Eyes frequently targeted the Chinese telecom giant Huawei Corp., among other foreign corporations.
The cyberaccords between the United States and Britain and China are primarily about stopping countries from spying on businesses. These accords sidestep state-on-state espionage – a prerogative governments have basically exercised since antiquity.