In September, China’s President Xi Jinping and Obama reached an agreement pledging that they wouldn’t condone hacking to steal commercial secrets. Carlin cited a report this month from FireEye Inc that showed attacks from known Chinese hacking groups with a connection to state interests have dropped more than 80 per cent since August.

Current cyber threats are “blended”, with hackers who might act on behalf of a group but also for their own profit, Carlin said. There also hackers with links to a state but not carrying out “a state action,” he said.

“Be it in Russia or China or other countries,” Carlin said, someone who has access to hacking tools for their daily work can “use those tools corruptly during nighttime hours to do a hack.”

That has raised questions about whether China is effectively farming out hacking to harder-to-track contractors who provide a level of deniability to the government, according to people involved in the investigation of incidents involving China.

US investigators have improved on their ability to attribute the identities of hackers, but finding out their motives will be a “growing challenge,” Carlin said.

The government still needs to work on better sharing cybersecurity threats with the private sector and vice versa, Carlin said.

“There’s still a mentality of ‘blame the victim’ when it comes to a hack,” Carlin said. “Internally, companies wrestle with, ‘How much damage am I going to do to my shareholders or stock price if I come forward, because then I have this public humiliation of having been a victim.’”