CFR Presents

Asia Unbound

CFR experts give their take on the cutting-edge issues emerging in Asia today.

Print Print Email Email Share Share Cite Cite
Style: MLA APA Chicago Close

loading...

U.S. and China in Cyberspace: Uneasy Next Steps

by Adam Segal
June 18, 2012

U.S. Under Secretary of Defense for Policy, Flournoy, chats with China'sDeputy Chief of General Staff of the PLA, Ma, during a bilateral meeting in Beijing on December 7, 2011. (Andy Wong/Courtesy Reuters) U.S. Under Secretary of Defense for Policy, Flournoy, chats with China's Deputy Chief of General Staff of the PLA, Ma, during a bilateral meeting in Beijing on December 7, 2011. (Andy Wong/Courtesy Reuters)

I was in China last week for a cyber dialogue sponsored by the China Institutes of Contemporary International Relations (CICIR) and the Center for Strategic and International Studies (CSIS). The good news is the two sides are continuing to talk. The not so good news is mistrust is high and the next steps will not be easy or quick.

In diplomatic speak, the talks were candid and constructive. Both sides acknowledged the mistrust that characterizes the relationship. The Chinese felt their contributions to global cybersecurity, especially by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), were not adequately acknowledged. Both sides believe their respective governments have a strong desire for cooperation. But there was little clarity on what concretely the two sides could actually do to build trust (except for the obvious but seemingly unattainable: for the United States, China should stop stealing so much intellectual property; and for China, the U.S. should stop trying to maintain its hegemony in cyberspace, contain Beijing, and militarize cyberspace). Calls for greater transparency were met from the Chinese with the habitual protest that this was difficult for the weaker side. When pressed for areas where China and the United States might cooperate, Chinese analysts pointed to protecting critical infrastructure and fighting crime, but also noted that cyber cooperation was a work in progress and the conditions might not be right for moving forward.

To be sure, I’m not privy to what happens behind closed-door meetings, but the Chinese response to the New York Times‘ reporting about Stuxnet was more indirect than I expected. The Chinese seemed more direct and aggrieved in their critique of what they saw as the U.S. refusal to engage the International Code of Conduct for Information Security, the norms of behavior in cyberspace that China—along with Russia, Tajikistan, and Uzbekistan—has circulated at the United Nations. Their basic line? “In your International Strategy for Cyberspace you said the United States would work collaboratively to develop norms. We suggested some, not insisting that they were for everyone, and since then silence. Isn’t there anything in the International Code that you like?”

The mistrust has been worsened by both sides inability to signal intentions. This is of course difficult in cyberspace; governments can say that they have nothing to do with attacks but the attribution problem makes it difficult to verify those statements. Moreover, the United States has repeatedly stated that the primary mission of Cyber Command is the defense of U.S. networks, not offensive operations. Not surprisingly, the Chinese are weighing capabilities as much as, if not more than, expressed intent.

The signaling problem has been exacerbated by what one Chinese academic called the “hype of the media”—breathless reporting about cyberwar and digital espionage. You could see the negative effects of this, as at least one Chinese analyst seemed to accept everything in U.S. newspapers as not only true, but also as the official U.S. government position. For example, the story of Secretary Clinton admitting that the State Department hacked al-Qaeda websites in Yemen, later clarified as the purchase of advertisements, was used as evidence of American attacks.

The big takeaway from the meeting was the need for more communication and the development of official points of contact and crisis communication procedures. There was some worrying confusion over how many hotlines exist between the two countries (at least two) and how effective they are (basically, from the U.S. perspective, not at all). It is a cliche that cyber events can occur in hours, if not minutes, but the two sides need to prepare for the almost inevitable crisis. Summoning the other side’s ambassador for an explanation may have worked in the past, but it will be too slow today. People and procedures need to be prepositioned. Sino-U.S. cyber cooperation is a work in progress, but let’s hope this is one area where the conditions allow for progress.

Post a Comment 1 Comment

  • Posted by bystander

    I’m very skeptical that the Chinese have anything like centralized authority over the cyberattacks that originate on their soil. That’s true in the US too, if you include rogue hackers operating within the US, but it’s a very different situation in China where the government and private sector are one big soup, with government officials sitting on boards of all the major companies, and having the ability to commission cyber attacks as well as to divert the loot to the appropriate company, all out of the purview of whatever central authority is nominally responsible for cybersecurity. I guess what I’m saying is that you have to wonder what the Chinese side can realistically offer at the negotiating table. My impression in the US is that the really high-powered capabilities are concentrated in the intelligence agencies, and those capabilities aren’t casually available for anyone and everyone to take advantage of for private gain. Pretty different set of circumstances on the two sides.

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required

Pingbacks