Skip to main content

President Obama Redefines Cyber Espionage

Charlie Rose recently interviewed President Obama regarding his latest discussions with Chinese leaders around cyber espionage: what is acceptable espionage and what is out-of-bounds.

BARACK OBAMA: Every country in the world, large and small, engages in intelligence gathering and that is an occasional source of tension but is generally practiced within bounds. There is a big difference between China wanting to figure out how can they find out what my talking points are when I’m meeting with the Japanese which is standard fare …There’s a big difference between that and a hacker directly connected with the Chinese government or the Chinese military breaking into Apple’s software systems to see if they can obtain the designs for the latest Apple product. That’s theft. And we can’t tolerate that [1][2].

This is really a thin slice of distinction. Philosophically, I understand the argument but I find it leaves a bad taste in my mouth when I try to think about how it will apply to the U.S. and the world when all of us try to apply it to everyday business. Does that add an eighth link in the Kill Chain [4]? After we notice the Chinese exfiltrating documents from our networks, do we have to assess whether or not the documents are talking points (which are OK as being in-bounds) or Intellectual Property (which is not OK because it is theft)? 

As we all know, espionage between countries has been going on since man figured out how to make governments. From the beginning, it has been something that a country does as a matter of course and something that a country expects its enemies and allies to do against them. But it has never been tolerated. If spies are discovered, their fate is normally not good. At the least, they are summarily banned from the country. At the worst, they are tortured and killed [3].

The Internet has made it possible to conduct espionage operations from a relatively safe distance. Countries still have to do that up close and personal stuff, but Cyber Espionage has really opened the door to almost-safe espionage. Until now, there has been no threat to a country that conducts these operations; no banishment of cyber spies and no torture or assassination. But if President Obama draws the line between intellectual property theft and other kinds of information stealing, you have to ask yourself what he is willing to do if somebody crosses the line.

The good news here is that World Leadership is starting to have the conversation. Five years ago, that would have been unthinkable. Besides this discussion, President Obama also agreed to share Threat Indicator information with the Russians and to establish a Cyber “Hot-Line” between the US cyber-security coordinator and the deputy secretary of the Russian Security Council [5]. Ironically, the greediness of the Chinese Cyber Espionage effort drove the attention of other world leaders to this topic. If the Chinese would have throttled back a bit on their voluminous cyber intelligence gathering machine, this topic might have stayed underwater for a long time. I have to believe though that having these discussions at a very high level can only result in a better world-cyber-security environment. This is just the beginning and we have a long way to go. Time will tell.

In the meantime, we have a new line. It is acceptable for a government to conduct traditional espionage via a cyber-tradecraft, but it is not acceptable to use that same cyber-tradecraft to steal intellectual property. I am still trying to get my head around that.


[1] "President Obama Is Right On US-China Hacking," by Richard Bejtlich, TaoSecurity, 18 June 2013, Last Visited 27 June 2013

[2] "Obama: Blunt Conversation With China on Hacking," by Bloomberg TV, 18 June 2013, Last Visited 27 June 2013

[3] "Espionage and Covert Operations: A Global History," by Professor Vejas Gabriel Liulevicius, University of Tennessee, Last Visited 27 June 2013

[4] “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," by Hutchins, Cloppert, Amin, Lockheed Martin, October 2011, Last Visited 6 June 2013

[5] "US, Russia to Share Cyber-Security Data to Defend Critical Systems, Avoid Cyber-War," by Fahmida Y. Rashid, PC Magazine, 19 June 2013, Last Visited 27 June 2013

Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary

This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful.


The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, authors put their …