U.S. Cyber Deal With China Is Reducing Hacking, Official Says
By-
Carlin says there’s debate over whether change is long-lasting
-
Justice Department expanding Silicon Valley outreach, he says
President Barack Obama’s agreement with China over cyber espionage seems to be making a dent in hacking attacks from the country, according to a top Justice Department official.
Government agencies and cybersecurity companies are actively assessing Chinese hacking attacks, and "it seems like generally people have seen a change in activity," Assistant Attorney General John Carlin, who oversees the Justice Department’s national security division, said on Tuesday.
“There’s a debate as to how long-lasting that might be, but there has been a change,” Carlin said in a speech at the Center for Strategic and International Studies in Washington.
In September, China’s President Xi Jinping and Obama reached an agreement pledging that they wouldn’t condone hacking to steal commercial secrets. Carlin cited a report this month from FireEye Inc. that showed attacks from known Chinese hacking groups with a connection to state interests have dropped more than 80 percent since August.
Current cyber threats are "blended," with hackers who might act on behalf of a group but also for their own profit, Carlin said. There also hackers with links to a state but not carrying out "a state action," he said.
‘Nighttime Hours’
"Be it in Russia or China or other countries,” Carlin said, someone who has access to hacking tools for their daily work can “use those tools corruptly during nighttime hours to do a hack."
That has raised questions about whether China is effectively farming out hacking to harder-to-track contractors who provide a level of deniability to the government, according to people involved in the investigation of incidents involving China.
U.S. investigators have improved on their ability to attribute the identities of hackers, but finding out their motives will be a "growing challenge," Carlin said.
The government still needs to work on better sharing cybersecurity threats with the private sector and vice versa, Carlin said.
"There’s still a mentality of ‘blame the victim’ when it comes to a hack," Carlin said. "Internally, companies wrestle with, ‘How much damage am I going to do to my shareholders or stock price if I come forward, because then I have this public humiliation of having been a victim.’"
Carlin said he regularly visits Silicon Valley, speaking with technology companies. That effort comes amid tensions between the Federal Bureau of Investigation and Apple Inc. over access to encrypted iPhones.
Ahead of the "internet of things" era, when devices from cars to appliances are connected through wireless and mobile networks, “we have a responsibility in government to educate on how we think the bad guys -- the terrorists, the spies, the criminals -- are going to take advantage of this transition,” Carlin said.
Security measures should be built in "from the front-end" so that the government doesn’t have to "play catch-up" when products are released, he said.
To continue reading this article you must be a Bloomberg Professional Service Subscriber.
Read this article on the Terminal Request a demo to learn more
If you believe that you may have received this message in error please let us know.
- Electric Buses Are Hurting the Oil Industry
- Why High-Flying U.S. Home Prices Seen Getting Another Jolt
- Stocks Push Higher; Dollar Reaches 3-Month Peak: Markets Wrap
- Stocks Sink as Caterpillar, 3% Yields Rattle Bulls: Markets Wrap
- American Cities Are Fighting Big Business Over Wireless Internet, and They’re Losing