A little less than two weeks after the China Youth Daily published a piece explaining why China might have to fight a cyberwar, the People’s Liberation Army Daily has called for the military to defend national networks and improve combat capabilities in cyberspace. Both articles spend a great deal of time going through a long litany of complaints about the United States: it is trying to dominate cyberspace; was the first to militarize the Internet by setting up U.S. Cyber Command; and uses Twitter, Facebook, and other networking tools to undermine governments it does not like.
While the identity of the attackers in the hacks of RSA, Lockheed Martin, and the IMF remains uncertain, suspicion about China is high and so the discussion about what the United States should do about attacks from China has gotten louder. Several strategies have been aired recently:
- Rules of the road: Former Secretary of State Henry Kissinger and former ambassador to China Jon Huntsman recently told Reuters that the two sides needed to reach an agreement restricting some types of attacks and designating some areas off limits (I made the same argument in Cyberspace Governance: The Next Step).
- Confidence building measures: The idea is, pick something that is a threat to both sides but is not politically or militarily sensitive, like the recent agreement on addressing spam announced by the EastWest Institute.
- Naming and shaming: Calling out China for its alleged crimes with the idea that you can embarrass the government so it either stops hacking or stops the nonstate actors that are responsible. Recent examples include Google’s recent announcement that passwords had been compromised and the State Department’s mentioning of an attack on Change.org, which had posted a petition is support of jailed artist and activist Ai Weiwei, at a meeting with the Foreign Ministry.
- Deterrence: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” So the Wall Street Journal quoted one DoD official.
The United States currently is pursuing all four of these strategies. All, however, have significant weaknesses and the differences between the two sides remain deep and wide. So the real question is, will these be enough, and if not, what else should we be doing?