President Obama and Chinese leader Xi Jinping pledged Friday...
that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.
But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more
----
Question from a reporter...
Without government assistance, what can private sector
organizations do to protect themselves more effectively from
China stealing their IP?
Answer...
#1 - Realize that computer hacks are not perpetrated solely by
someone sitting at a remote computer exploiting a software glitch
they just discovered. A close look at many cases shows other
elements of espionage in the path to the hack... social engineering,
sloppy security practices, lack of oversight, multiple forms of
classic electronic surveillance, blackmail, infiltration of
personnel, etc.
The misconception that "this is an IT security problem" has lead to a
morphing of corporate information security budgets into a lopsided
IT-centric security budget. Thus, pretty much ignoring that most
information in their computers was available elsewhere before it was
ever converted into data! This situation is like having a building
with one bank vault door, while the rest of the entrances are screen
doors.
Here is what the private sector can do for themselves...
• View information security holistically. Spread the budget out.
Cover all the bases.
- Provide information security training to all employees.
- Create stiff internal controls. Enforce them.
- Conduct independent information security audits quarterly for
compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM
sweep is conducted to discover internal electronic surveillance
(audio, video, data), and verify security compliance of wireless
LANs (Wi-Fi), etc.
~Kevin