Canada and China have agreed to an industrial espionage pact that neither country will mount a government-backed cyber attack to steal corporate secrets. That still means they can spy against each others’ government networks.

The agreement came after a meeting last Thursday between senior officials where “the two sides agreed that neither country’s government would conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

Meanwhile since the revelation of the email hack at the U.S. Democratic Party a year ago there’s been no shortage of alleged nation state attacks — or at least publicly reported attacks — on governments around the world. The latest is the sustained brute force attack on the email system used by British parliamentarians and staff which managed to get access to about 90 accounts.

Some news reports quote an unnamed senior security source saying the attack, which apparently tried to apply stolen email credentials to see if any were being re-used, “appears to have been state sponsored.”

After a public consultation last fall Public Safety Minister Ralph Goodale is pondering how to upgrade Canada’s cyber security strategy. Until that is released we can ponder the thoughts of Savaram Ravindra,  a senior security engineer at Tekslate.com and Mindmajix.com, who on the weekend penned a column on how a country should respond to a global cybersecurity threat. 

“Every country must leverage the forces of the market by motivating the private sector to make the sort of dynamic and continual investment required to secure companies’ diverse networks,” he writes.

“A nation needs a comprehensive set of policies if it wants to take an active role in combating espionage and cybercrime. It must increase and continue co-ordination and co-operation with its friends and allies. Taking it one step further, it should lead the international efforts to persuade nations that utilizing cyberspace for malicious purposes either against their own people or other nations to change their policies is wrong.”

That’s easier said than done. International spying dates back at least to the Bible; to some degree it’s accepted today as long as adversaries use it only to gain information rather than cause physical harm (which would be an act of war). A number of government and corporate leaders have called for international agreement on limiting nation state cyber attacks.

Over the weekend there were reports that Canada and China have agreed to an industrial espionage pact that neither country will mount a government-backed cyber attack to steal corporate secrets. That still means they can spy against each others’ government networks.

The agreement came after a meeting last Thursday between senior officials where “the two sides agreed that neither country’s government would conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

But Ravindra suggests national governments also be more assertive by doing things like supporting the development of accountability standards, which would encourage a cyber insurance industry. Insurers would be able to better judge corporate risk and pressure the private sector to invest more in cybersecurity or be punished with high premiums. Better that, Ravindra argues, that government regulation.

Other suggestions include the creation of a non-governmental organization to evaluate industrial supply chains, and a heavy national investment in security awareness training.

So we await Goodale’s cyber strategy with interest. Nothing likely will be announced during Parliament’s summer break. But remember, October is the annual cyber security awareness month.

Read the full column here