US China deal will not end cyber attacks says US spy chief

The top US intelligence official told a hearing on Tuesday he doesn't think a deal between the US and China will protect business from cyber attacks.

The US and China reached an agreement not to conduct or support cyber attacks on businesses during Chinese President Xi Jinping state visit last week.

The US had been considering sanctions against China if it did not take steps to rein in cyber economic espionage.

But James Clapper said sanctions may still be needed.

Mr Clapper, the director of national intelligence, told a Senate hearing on cybersecurity he was not optimistic about the agreement.

Mr Clapper said it was difficult to measure how much cyber espionage was conducted by the Chinese government, and would therefore be subject to the agreement.

The US suspects China of being behind several high profile data breeches, including one at the Office of Personnel Management, which exposed the personal records of 21.5 million government employees and jobseekers.

At a joint press conference announcing what the countries called a "common understanding", both presidents stressed the need to work together to curb cyberattacks. The deal does not include any other provisions to defend companies against cyber threats.

Enforcing this agreement will be difficult.

Eran Kahana, a cybersecurity lawyer at the US firm Maslon, said, "Since not all data breaches are reported and it can be hard to tell where each breach came from, I think it will be years before we know if this [agreement] made a difference."

Mr Kahana also warned companies about relaxing security standards in the wake of this agreement: "To think these attacks will end because there is a deal is false. This may give us more of an enforcement environment, but I don't think much more."

China is not the only country to conduct these types of attacks, though it has acted on a much larger scale. Even some US allies have been known to use cybertheft as a means to help their domestic businesses.

The US itself conducts cyber espionage, though not with the intention of passing information on to local companies.

While many are sceptical about the agreement's ability to curb attacks, in the long run the deal may be significant.