Wednesday, June 17, 2015

Cybersecurity and US-China International Relations

In light of the supposedly catastrophic OPM hack, I went back to the Winter issue of International Security to read Professor Jon Lindsay's lead article, "The Impact of China on Cybersecurity: Fiction and Friction" (in PDF here).

A great piece, non-alarmist, with a fabulous 4x4 typology on the nature of international cyber threat narratives.

Fortunately, Lindsay has a beautiful summary of the article at the Huffington Post, "Inflated Cybersecurity Threat Escalates US-China Mistrust":

The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated.

Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage.

One U.S. member of Congress has asserted that China has "laced the U.S. infrastructure with logic bombs." Chinese critics, meanwhile, denounce Western allegations of Chinese espionage and decry National Security Agency (NSA) activities revealed by Edward Snowden.

The People's Daily newspaper has described the United States as "a thief crying 'stop thief.'" Chinese commentators increasingly call for the exclusion of U.S. internet firms from the Chinese market, citing concerns about collusion with the NSA, and argue that the institutions of internet governance give the United States an unfair advantage.

Chinese cyber operators face underappreciated organizational challenges, including information overload and bureaucratic compartmentalization, which hinder the weaponization of cyberspace or absorption of stolen intellectual property.

More important, both the United States and China have strong incentives to moderate the intensity of their cyber exploitation to preserve profitable interconnections and avoid costly punishment. The policy backlash against U.S. firms and liberal internet governance by China and others is ultimately more worrisome for U.S. competitiveness than espionage; ironically, it is also counterproductive for Chinese growth.

The United States is unlikely to experience either a so-called digital Pearl Harbor through cyber warfare or death by a thousand cuts through industrial espionage. There is, however, some danger of crisis miscalculation when states field cyberweapons.

The secrecy of cyberweapons' capabilities and the uncertainties about their effects and collateral damage are as likely to confuse friendly militaries as they are to muddy signals to an adversary.

Unsuccessful preemptive cyberattacks could reveal hostile intent and thereby encourage retaliation with more traditional (and reliable) weapons. Conversely, preemptive escalation spurred by fears of cyberattack could encourage the target to use its cyberweapons before it loses the opportunity to do so. Bilateral dialogue is essential for reducing the risks of misperception between the United States and China in the event of a crisis.
Keep reading.


0 comments: