Navigant's Cyber Risk and Information Security PracticeLearn More


Can the U.S. and China Cooperate on Cyber Security Initiatives?07 September 2016

Academia, Employee Training, Events, IT Security, Risk Management

This past July, I was invited to meet with a delegation of visitors from China, including several members who were influential in bringing China into the Internet Age. I knew it was a unique opportunity and thought very carefully about what I could say that would resonate with both the Chinese delegates and my United States counterparts in attendance. I decided to focus on identifying common ground that the U.S. and China share in the cyber security arena in hopes of building the foundation of something constructive.

Ultimately, my message was extremely well-received by our Chinese guests; in fact, they even asked for a transcript of my comments and referred to the heart of my statement as the “Six-Point Plan.” I was very encouraged by their reactions and continue to hope that my message will somehow make its way to the key decision-makers in China, as well as in the United States, so that something good will come of it.

Following is the transcript of my remarks. Feel free to comment and also share this with your colleagues. It is my hope that these very preliminary ideas are seeds from which meaningful change will emerge in the arena of Chinese-American cyber security cooperation.

The 1960s and ‘70s saw the advent of DARPANET, a misnomer for ARPANET (Advanced Research Projects Agency [ARPA]), which subsequently became what we know today as the Internet. At the time, its inventors could have foreseen neither the enormous scale, nor the vast scope of applications (including controlling critical infrastructure and providing access to sensitive information), nor, particularly, the incalculable complexity of its constituent software.

Given human nature, it was only a matter of time before criminal elements began to exploit the Internet’s ease of access and security vulnerabilities for personal profit, or to promote political or ideological causes, gain attention, or simply be disruptive.

These so-called “bad actors” presently include a rogue’s gallery of technologically knowledgeable individuals, members of organized crime, political extremists, and, in some cases, simply misguided young people seduced by the apparent power of manipulating networks and computers around the globe, and then reading about it in the press.

Even with the heightened awareness of cyber security, criminal elements continue to access financial resources and vast amounts of data on a daily basis. It’s simply not possible to overstate the magnitude of the cyber security crisis at the present time.

Therefore, I hope that today we can agree that the countries of China and the United States, as well as the rest of the world, share the common and critical interest in accelerating the ways in which these criminal elements can be permanently neutralized — by international cooperation on legal enforcement, developing methods to defend our worldwide Internet infrastructure, and creating sound design and implementation methodologies for networks and endpoints that greatly reduce the incidence of security vulnerabilities.

After all, I see no difference between the malicious effects of a hacker bringing down the computer network of a hospital in China or in the United States. The extensive damage to individuals whose personal information is stolen and their identity compromised is arguably no different in China than it is in the U.S. The unthinkable consequences of a downed power grid or even a compromised nuclear power plant to the population of China or the U.S., sadly, are virtually the same.

Are there ways in which China and the United States can marshal their vast collective resources to halt the momentum of cyber-criminals? Following are some ideas:

  1. Develop large-scale joint research and development efforts between China and the U.S. on important cyber security topics, such as network defense; advance cryptographic techniques and protocols; critical infrastructure protection; secure digital currency; and emerging technologies, such as secure driverless vehicles, the Internet of Things, and so on.
  1. Create a joint cyber-response and command center to monitor, contain, and defend against cyber attacks in China, in the United States, and around the world.
  1. Design effective programs for information-sharing and analysis in critical sectors, such as power, finance, transportation, etc.
  1. Continue to accelerate cyber security workforce development and training in both countries — from elementary school education and up.
  1. Promote educational exchange programs for cyber security engineers and technicians.
  1. Develop cyber security awareness programs for all citizens of both countries.

In 2016, China and the United States are the two countries best-positioned to lead the world into the new era of the Internet — an Internet that is no longer hindered by criminal cyber attacks. It is in the best interest of each country to earn the trust of the other and, thus, gain the mutual trust necessary to create a powerful team capable of thwarting the badly behaving minority, which is limiting the ability of the vast majority to take advantage of this powerful technology through peaceful and legal means.

In my view, these rogues are exploiting the divisions that exist between our two nations for their own advantage. It is difficult to envision how this situation will change in the foreseeable future, as long as we try to go it alone.

On the other hand, how brilliant does the future look if China and the United States take the unprecedented step of uniting in purpose to defeat our most formidable and largely unseen common enemy — the cyber-criminal? Our ultimate goal needs to be to effectively liberate one of mankind’s greatest technological achievements — the Internet — and propel our global society into the 21st century in a way that truly unlocks our potential and is no longer limited by a nefarious minority.

Whether it be an international conundrum or a part of your organization’s risk management plan, cyber security is pervasive. To learn more about today’s cyber security threats or to talk about your specific situation, contact COMPASS.

Work With Us Learn How