Sunday, September 27, 2015

U.S., China Vow Not to Engage in Economic Cyberespionage

President Obama and Chinese leader Xi Jinping pledged Friday...

that neither of their governments would conduct or condone economic espionage in cyberspace in a deal that sought to address a major source of friction in the bilateral relationship.

But U.S. officials and experts said that it was uncertain whether the accord would lead to concrete action against cybercriminals. more


Question from a reporter...
Without government assistance, what can private sector organizations do to protect themselves more effectively from China stealing their IP?

#1 - Realize that computer hacks are not perpetrated solely by someone sitting at a remote computer exploiting a software glitch they just discovered. A close look at many cases shows other elements of espionage in the path to the hack... social engineering, sloppy security practices, lack of oversight, multiple forms of classic electronic surveillance, blackmail, infiltration of personnel, etc.

The misconception that "this is an IT security problem" has lead to a morphing of corporate information security budgets into a lopsided IT-centric security budget. Thus, pretty much ignoring that most information in their computers was available elsewhere before it was ever converted into data! This situation is like having a building with one bank vault door, while the rest of the entrances are screen doors.

Here is what the private sector can do for themselves...

• View information security holistically. Spread the budget out. Cover all the bases.
   - Provide information security training to all employees.
   - Create stiff internal controls. Enforce them.
   - Conduct independent information security audits quarterly for compliance, discovery of new loopholes. Technical Surveillance Countermeasures (TSCM) is the foundation element of the audit. A TSCM sweep is conducted to discover internal electronic surveillance (audio, video, data), and verify security compliance of wireless LANs (Wi-Fi), etc.