Language : English 简体 繁體
Foreign Policy

Time to Acknowledge the Facts: U.S.-Chinese Cyber Security Talks

Jul 10 , 2014

The “new model of major power relations” between the United States and China can only be based on real cooperation and acknowledging the facts.

After the disclosures of the whistleblower Edward Snowden, that’s what progress requires in the U.S.-China Strategic Security Dialogue as well. 

The new moral hazards

Dan Steinbock

“A foreign national could impact and destroy a major portion of our financial system” by placing a virus in our computer systems “and literally take down the U.S. economy,” said Keith Alexander, then chief of the National Security Agency and U.S. Cyber Command, on CBS’s 60 Minutes last December.

“We don’t have the defenses, we don’t have government and industry working together, yet,” Alexander added at the Gartner Security and Risk Management Summit last month.

In the first case, the four-star general warned the financial industry. In the second case, he was speaking to the giant banks as the head of his new startup, for the asking price of $1 million a month. Reportedly, the ex-NSA chief leased office space from Promontory Financial Group, which itself faced scrutiny in the Congress in 2013, amid growing unease over its influence and close ties to federal authorities.

It is this public-private double bind of the nation’s vital military leaders and leading regulators that illustrates the new moral hazards in the intelligence activities as well. On the one hand, Alexander’s IronNet Cybersecurity Inc. is just another example of a new generation of private-sector cyber-security startups.

On the other hand, it reflects the massive private outsourcing of the U.S. public-sector cyber-intelligence community.

CIA-backed venture capital

Like James Bond, then-chief George Tenet of the CIA concluded in the 1990s that the nation’s intelligence community could no longer take on its enemies alone. Bond’s secret gun was a fictional MI6 agent who was responsible for his latest technology wizardry. Agent Q also inspired the name of In-Q-Tel (IQT), a CIA-backed technology incubator that was created in 1999 as an independent, not-for-profit organization.

Through the Cold War, strategic general-purpose technologies were still created in the public sector. But times were changing. In the Reagan era, despite the massive rearmament, the focus was on liberalization, privatization, and deregulation. In the Clinton-Gore era, the new mantra became commercial globalization.

As Tenet put it in his memoirs, At the Center of the Storm (2007), the CIA created IQT hoping to use its limited dollars “to leverage technology developed elsewhere. The CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology.”

Initially, IQT catered mainly to the needs of the CIA. Today it supports many of the 17 agencies within the U.S. intelligence community. Unlike traditional venture capital firms that focus on making money, its objectives are strategic. It likes to recruit other top-tier venture capital firms or hedge funds to co-invest in start-ups. It is interested in new enterprises that have developed commercially focused technologies, which can deliver “near-term advantages” within three months.

Recently, the U.S. Justice Department launched a case against Chinese military hackers for allegedly stealing U.S. trade secrets through cyber-espionage. The case relies critically on data by Mandiant, a private-sector firm led by former intelligence executives. Along with numerous other cyber-security startups and more aggressive “cyber Blackwaters,” IQT financed Mandiant only a few years before.

Indeed, IQT has backed startups later acquired by Google, Oracle, IBM, Lockheed, and other leading U.S. technology giants and defense contractors. In late 2005, for instance, IQT sold its shares of Google. These stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite-mapping software today known as Google Earth. Only weeks later, Google launched its Chinese subsidiary.

According to the IRS filings, IQT has received some $50 million to $64 million per year in the past half a decade. Its listed total assets were estimated at $220 million in spring 2012. Over the years, IQT has invested in over 180 portfolio companies and claims to have leveraged more than $3.9 billion in private-sector funds.

“State actors” and “black budgets”

In view of these historical legacies, the Justice Department’s “first-ever charges against a state actor for hacking” open the door to very different interpretations by its counterparts in China, which could replicate a tit-for-tat model for equivalent retaliation. In addition to China, such cases could be launched by other sovereigns that perceive themselves as targets of adverse cyber hacking originating from the U.S.

Historically, the Defense Department’s (DoD) military expenditures in the 1970s and ‘80s contributed to the nation’s technology boom and high growth rate in the 1990s. With the end of the Cold War, however, the wider U.S. intelligence community found itself in a new situation.

In the past, defense-related R&D fueled private-sector markets. During the technology boom in the 1990s, these roles were reversed. Today, it is private sector R&D that drives defense R&D – which is precisely why CIA invested in IQT, in order to stay close to the technology frontier and to leverage strengths from the global cyber marketplace.

It was only after the former NSA contractor Edward Snowden took his flight to Hong Kong over a year ago that observers have gotten a better idea of the reach of the U.S. intelligence community and its $52.6 billion “Black Budget.” These funds are in addition to the congressionally approved budgets of the Armed Forces and the Defense Department of $526.6 billion dollars. Reportedly, the NSA, the Central Intelligence Agency (CIA), and National Reconnaissance Office (NRO) receive nearly three-fifths of the black budget.

In the big picture, the story of the IQT is just a drop in the ocean. After all, its annual budget represents barely 0.1 percent of the “black budget”. Nevertheless, its leverage effect amounts to billions of dollars, according to IQT.

Ever since the privatization of the U.S. intelligence community, the rise of strategic venture capital and covert “black budgets,” the old boundaries have been blurred between the public and the private sector. In the process, the diffusion of innovations – including cyber security – has become faster and more global than any time before in human history.

In the civilian sector, that is a blessing because, as a public good, knowledge can contribute to wellbeing and growth. But in the security sector, it can be a curse because the spread of cyber weapons fuels strategic tension and potential for massive destruction. 

The way out

In 2013, Washington and Beijing established a high-level working group on cyber security as a sub-dialogue of the two countries’ Strategic and Economic Dialogue (S&ED). These talks have been paralyzed for a year, after the stunning revelations of the whistleblower Edward Snowden.

In May, Washington indicted five PLA officers for alleged hacking of U.S. firms, which has contributed to further strategic distrust in Beijing. In June, the Obama Administration’s new cyberspace agenda was launched as a “multi-stakeholder approach to Internet governance.” From the Chinese standpoint, that approach remains predicated on U.S. norms, which differ significantly from those of large emerging nations.

Then, just days before the S&ED talks, the White House expressed its hope that cyber security talks could continue. While Beijing shares the goal, it does not find global mass surveillance or the Justice Department’s actions conducive to strategic trust.

There is a way out from the current bilateral strategic distrust. It is based on the acknowledgement of facts and sincere bilateral efforts to move on. That’s what the “new model of major power relations” is all about. Nobody said that it would be easy. But the alternatives are worse.

Dr. Dan Steinbock is Research Director of International Business at India China and America Institute (U.S.A.) and Visiting Fellow at Shanghai Institutes for International Studies (China) and the EU Center (Singapore). For more see:

You might also like
Back to Top