It has grown fashionable to blame China for each newly revealed cyber attack and register alarm about a looming new kind of Cold War. It is perhaps less modish, but definitely more interesting, to state that in the cyber realm, far more unites U.S. and Chinese interests than divides us, and the time is right for cooperation. Each has too much at stake in the global economy.
Only the naïve are shocked, shocked! to hear news of robust cyber espionage activity by China and the United States. Militarists acknowledge cyberspace as the "fifth domain" of warfare alongside land, sea, air, and outer space. For centuries, all capable nations have spied on rivals and allies alike. Of course they exploit this new sphere.
There are differences in the Chinese operating style that disquiet U.S. critics. Whereas U.S. intelligence agencies are prohibited from fishing overseas for new-car plans to enrich General Motors, Beijing views industrial interests as inextricable from national interests. The People's Liberation Army draws on maddeningly amorphous relationships with corps of volunteer "patriotic" hackers like Honker Union and Red Hacker Alliance,[i] while relations between Washington and Silicon Valley are less seamless and dutiful. Then again, some top Chinese thinkers have complained that seemingly benign American cultural imports - Spider-Man and Superman among them - are insidious "knockout blows" in cyberspace engineered to "destroy Chinese moral models."[ii]
But as mutually dependent trading partners, we are destined to rise above cyber skirmishes and forge joint defenses against more iniquitous villains. The sad alternative is a perpetually suboptimal, at-risk Internet that fails to inspire user trust or fulfill its potential.}
The U.S. and the USSR were the preeminent nuclear superpowers; now the U.S. and China are preeminent economic superpowers. Perhaps because the Cold War is so recent and profound a memory, with the current temperature of U.S.-Russian relations leading some to predict a sequel, it is tempting to oversimplify the U.S.-China cyber contest as a simple two-character, white-hat, black-hat drama. "It is a fight raging across the Internet in a proxy for the old spy versus spy games of the Cold War: except that it drops honey traps and prisoner exchanges at Checkpoint Charlie in favour of the planting of malware, beating firewalls and hijacking servers," fretted Britain's Guardian newspaper last year.[iii]
Actually, the old template doesn't fit the cyber era. Chinese human rights activist Wei Jingcheng emphasized this point: "Information warfare is entirely different from the conventional concept of aiming at a target and annihilating it with bullets... The multidimensional, interconnected networks on the ground, in the air (or outer space), and under water, as well as terminals, modems, and software, are not only instruments, but also weapons. A people's war under such conditions would be complicated, broad-spectrum, and changeable, with higher degrees of uncertainty and probability, which requires full preparation and circumspect organization."[iv] Cyber conflict is naturally multilateral. China and the United States must both defend their respective Internet infrastructures, particularly banking and financial systems, from an alarming, shadowy crowd of hacktivists, anarchists, and terrorists, many lacking any state allegiance.
Such cyber interventions must be recognized internationally as unlawful and detrimental to international peace and security. And we have to reach a cross-border understanding of what kind of cyber offensive should be regarded as the equivalent of an armed attack, precipitating an injured state's right of self-defense. As former U.S. Deputy Secretary of Defense William J. Lynn said, "There's no agreed-on definition of what constitutes a cyber attack."[v]}
Some strategists say one reason no nation-state has launched a full-on cyber assault on an adversary's infrastructure is uncertainty over ripple and boomerang effects. This restraint is unlikely to last indefinitely. We would be more secure if China and the U.S. led the establishment of firm boundaries for state action in cyberspace.
The U.S. and the Soviets maintained a so-called "balance of terror," with a doctrine of "mutual assured destruction." But we eventually recognized the futility and waste of our nuclear doctrines, finding the trust and diplomatic toeholds to step back from the brink. With a U.S.-China trade relationship worth $536 billion in 2012 - levels second only to Canada's business with the U.S.[vi] -- our fates are, if anything, more closely intertwined. The U.S.-Chinese economic relationship affects more wage earners in both nations than the Cold War ever did, with ripple effects around the globe.
The same pragmatic imperatives of the 20th century that propelled the United States and Soviet Union towards nuclear arms treaties - from economic benefits to improved security - should now spur the United States and China to strike up a kind of cyber détente. But this time private interests should have an appropriate role next to politicians and diplomats at the bargaining table. Much of the task of operating and protecting critical networks falls to private concerns. The assets under threat from cyber attacks are not just government and military systems but electric grids, ATM and e-commerce networks, transport infrastructure, and more. They are the critical vertebrae in the digital spinal columns of all developed nations. Their defense is a shared public-private responsibility.
"The likeliest scenario for an escalation to cyberwar starts with hackers," says intelligence analyst and CIA alumnus William Brooke Stallsmith. "Even actions by independent hackers could set off escalation."[vii] The Chinese are as selfishly interested as the United States in neutralizing such threats. It would be a great leap forward, as it were, for both U.S.-Chinese relations and global cyber security if private security interests were to join policymakers and diplomats in a new initiative to promote the common good, working across borders toward cooperation among civilized nations to protect global cyber infrastructure.
The historic arc of U.S.-Soviet relations shows that even bitter rivals can collaborate and innovate, when their interests coincide, to make the world a better place. We can and should pursue such a course with China now on cyber security.
Dr. Catherine Lotrionte is the Director of the CyberProject at the School of Foreign Service at Georgetown University.
[i] DefenseTech.com, Ward Carroll, "China's Cyber Forces," 8 May 2008: http://defensetech.org/2008/05/08/chinas-cyber-forces/
[ii] The New York Times, Amy Qin, "Undermining China One Knockout Blow at a Time," 17 July 2014: http://sinosphere.blogs.nytimes.com/2014/07/17/undermining-china-one-knockout-at-a-time/
[iii] UK Guardian, Paul Harris, "Chinese Army Hackers are the Tip of the Cyberwarfare Iceberg," 23 February2013: http://www.theguardian.com/technology/2013/feb/23/mandiant-unit-61398-china-hacking
[iv] Liberation Army Daily, Wei Jincheng,"Information War: A New Form of People's War," June 25, 1996, http://www.fas.org/irp/ world/china/docs/iw_wei.htm; quoted by Col. Jayson M. Spade, U.S. Army War College, "Information as Power: China's Cyber Power and American's National Security," published May 2012: http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB424/docs/Cyber-072.pdf
[vi] US Census Bureau, 2012 statistics: http://www.census.gov/foreign-trade/statistics/highlights/top/top1212yr.html#2012
[vii] RealClearDefense.com, William Brooke Stallsmith, 22 July 2014: "It's Time to Get Ready for Cyberwar": http://www.realcleardefense.com/articles/2014/07/22/its_time_to_get_ready_for_cyberwar_107321-3.html