![\"Image](\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/06\/3436779560_0320a9f9fd_z.jpg\")
<\/p>\n<\/p>\n
The second annual Sino\u2013US High-Level Dialogue on Cybercrime and Related Issues was held last Wednesday in Beijing<\/span><\/a>. According to a Department of Homeland Security press release the<\/span> ministerial-level meeting agreed on several new initiatives including<\/span><\/a> a second cybercrime table top exercise and \u00a0implementation of the \u2018US\u2013China Cybercrime and Related Issues Hotline Mechanism\u2019 before September 2016. The US and China also agreed to increase bilateral exchange of cybercrime information and further cooperation in several areas including the misuse of technology and communications for terrorist activities. In <\/span>The Diplomat<\/span><\/i> \u00a0Franz-Stefan Gady noted that<\/span><\/a> the countries\u2019 cooperation on terrorism is particularly \u2018striking\u2019, given their very different understandings of what might be classified as terrorism.<\/span><\/p>\n Talks such as this are one part of the<\/span> US strategy<\/span><\/a> to address cyber incidents linked to China, a strategy\u00a0<\/span>that not all parts of the US establishment<\/span><\/a> agree is effective. However, a new report from<\/span> FireEye seems to indicate that something is working<\/span><\/a>, as the activity of Chinese-linked Advanced Persistent Threats (APT) observed by FireEye s has declined significantly since 2013.<\/span> FireEye believes that there are several probable causes<\/span><\/a> including its own<\/span> \u2018APT1\u2019<\/span><\/a> report, US legal action against<\/span> PLA hackers<\/span><\/a>, and reports that the US was<\/span> considering sanctions against China<\/span><\/a> before the visit of Xi Jinping in September 2015. In that time there has also been a<\/span> complete reorganisation of China\u2019s military<\/span><\/a>, which included the establishment of the Strategic Support Force incorporating the PLA\u2019s cyber personnel. This doesn\u2019t mean China is no longer a threat, and the report notes China\u2019s cyber operations have become \u2018more focused, calculated, and still successful in compromising corporate networks\u2019.<\/span><\/p>\n Russian cyber capability is also under an increasingly bright spotlight this week, as NATO considers its response to Russia\u2019s increasing use of<\/span> \u2018grey zone\u2019 strategies such as cyber operations<\/span><\/a> before its summit in<\/span> Warsaw next month<\/span><\/a>. In<\/span> The New York Times<\/span><\/i>,<\/span><\/a> David Sanger has critically reviewed NATO\u2019s approach to cyberspace, specifically its passive approach to cyber threats and the hesitance of the US and UK to share cyber capability with other members. Sanger quotes RAND\u2019s Martin Libicki who said that Russia\u2019s cyber activities are part of a broader Russian strategy to spread misinformation to keep NATO partners off-balance and intimidate the smaller members of the alliance.<\/span><\/p>\n Over at<\/span> DefenseOne<\/span><\/i><\/a> \u00a0Jarno Limnell from Finland has also called for a stronger response to Russian cyber activity. Limnell emphasises the threat the complexity of Russian cyber operations poses to security and the muted response of the west so far noting that, \u2018Russia is at the forefront of the global move toward a greater strategic use of cyber capabilities to persuade adversaries to change their behaviour\u2019. That goes some way towards explaining the news in<\/span> Der Spiegel <\/span><\/i>this week<\/span><\/a> that German security agencies have concluded that Daesh\u2019s \u2018Cyber Caliphate\u2019 is more likely a Russian enterprise with no connection to Daesh. Russia\u2019s cyber expertise extends to the criminal sphere also, with<\/span> Kaspersky Lab researchers releasing information this week on a Russian cybercrime forum<\/span><\/a> that sells access to compromised servers, pre-loaded with all the software required for a plethora of malicious cyber activities for as low as AU$8.<\/span><\/p>\n In the UK, the Parliamentary Inquiry by the Culture, Media and Sport Committee<\/span> into last year\u2019s hack at telco TalkTalk<\/span><\/a> has produced its<\/span> first report<\/span><\/a>. The report made 17 recommendations to improve cyber security practice and protection of personal data. Among the recommendations was the suggestion that \u2018CEO compensation should be linked to effective cybersecurity\u2019 and<\/span> that companies be fined for cyber security breaches<\/span><\/a>. It was also proposed that fines increase in severity if the breach is the result of the exploitation of well-known vulnerabilities. The Committee noted its surprise that developers of major new major new IT systems and applications aren\u2019t required to incorporate security considerations, and recommended that \u2018security by design\u2019 become a core principle for new systems.<\/span><\/p>\n Export controls for cyber security and encryption products are on the agenda at the next round of<\/span> Wassenaar Arrangement<\/span><\/a> talks in Vienna this week. The<\/span> US is seeking to reverse the previously agreed restrictions<\/span><\/a> that it believes restricts the export of legitimate cyber security software and technology. The restrictions<\/span>\u2014<\/span>which Australia has incorporated into its<\/span> Defence and Strategic Goods List<\/span><\/a> of export controlled items<\/span>\u2014<\/span>are intended to prevent technology such as cyber intrusion software being<\/span> provided to authoritarian regimes<\/span><\/a>. Meanwhile, major cyber security exporter<\/span> Israel has just finalised a review of its cyber export requirements<\/span><\/a> to try and balance the Wassenaar requirements and the health of its cyber security industry. Israel\u2019s National Cyber Directorate and Ministry of Economy will establish a new agency to manage the export of cyber technologies. This does, however, exclude the technologies being supplied to security agencies and military users, which will remain under the oversight of the Defence Ministry\u2019s Defence Export Controls Agency.<\/span><\/p>\n