Skip to main content

US and China reportedly working on cybersecurity peace treaty

Not only has the Web fundamentally changed how we interact with each other on a personal level — letting you Skype Grandma any time of the day from anywhere in the world — it’s also caused a major shift in the way nations do business with each other. Many battles are now fought out of sight on the servers of the Internet, and The New York Times reports that the U.S. and China are working on a cyberspace peace treaty.

Under the terms of the agreement, the NYT says, the two countries will not “use cyberweapons to cripple the other’s critical infrastructure during peacetime.” That covers the big hacking attacks, but it looks like the first version of the deal won’t affect the kind of lower-level raids we’ve seen in recent years — like the one suffered by the US Office of Personnel Management we reported on in June.

Sources speaking to the NYT say the aim is to have a digital arms control accord in place by this Thursday, when Chinese President Xi Jinping is visiting Washington — however, any deal might only be hinted at in public. U.S. President Barack Obama suggested earlier this week that cyberattacks would be high on the agenda when the two leaders met.

With most nations of the world — even those that are friendly with each other — keen to keep a surreptitious eye on what the others are up to, defining boundaries is going to be difficult. Although the tools and practices have changed, spying agencies are unlikely to be out of business any time soon, which is why this proposed agreement focuses on power stations, banking systems, hospitals, cellphone networks and the like.

And it’s not just the United States and China moving towards a cybersecurity truce. A working group at the United Nations recently adopted a set of guidelines covering cyberattacks, ruling that no state should engage in activity that “intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.”

[Image courtesy of hamburg_berlin/]

Editors' Recommendations

David Nield
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
New DHS cybersecurity command aims to protect U.S. from cyberattacks
Homeland Security booth

Homeland Security is leading the charge on Apex. (Image: Modev)

In an effort to prevent and thwart cyberattacks, United States Department of Homeland Security (DHS) Secretary Kirstjen Nielsen announced the creation of a new National Risk Management Center to help protect the nation's critical infrastructure. The center's goal of protecting the banking, communications, and energy sectors was outlined at the National Cybersecurity Summit in New York.

Read more
Pay-n-pray cybersecurity isn’t working. What if we just paid when it works?
Woman pulling out credit card in front of laptop.

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Like home security, people would often rather not think about cybersecurity once they’ve paid for it. They’d rather pay and pray.

Read more
AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
AMD Ryzen 5 2400G & Ryzen 3 2200G Review fingers

AMD is now developing and staging the deployment of fixes for the vulnerabilities recently discovered in the company's processors. The news arrives by way of Senior Vice President and Chief Technology Officer Mark Papermaster, who also notes that in order to take advantage of the vulnerabilities, an attacker needs administrative access to the affected PC. At that point, they could use any attack vector to infiltrate the device beyond what was discovered in AMD's processors. 
According to the schedule, AMD will release a firmware patch through a BIOS update for the MasterKey vulnerability on an unspecified date along with an update to the related secure processor in the "coming weeks." AMD lists the same schedule for the Ryzenfall and Fallout vulnerabilities along with the associated secure processors. As for the Chimera issue, AMD is currently working with the Promontory chipset manufacturer to release mitigating patches through a BIOS update. 
"The security issues identified by the third-party researchers are not related to the AMD 'Zen' CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018," Papermaster states. "Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors." 
Security researchers recently uncovered a stand-alone set of critical processor vulnerabilities just months after another set of researchers disclosed the Meltdown and Spectre flaws to the public. This time Intel owners could breathe easy, as these exploits were unique to AMD's processors, including its latest Ryzen chips. 
"The Ryzen chipset, a core system component that AMD outsourced to a Taiwanese chip manufacturer, ASMedia, is currently being shipped with exploitable manufacturer backdoors inside," reads the whitepaper put out by CTS Labs, the company that discovered the vulnerabilities. "CTS has been researching the security of AMD’s latest Zen processors for the past six months, including EPYC, Ryzen, Ryzen Pro and Ryzen Mobile, and has made concerning discoveries."

CTS Labs released a letter clarifying some of the technical details of the exploits, in response to some criticism that has been leveled at the security firm regarding the plausibility that these exploits could even be put to use by a malicious actor.

Read more