The indictment of
Chinese Cyber-Attacks: Will the US Step Up Its Active Cyber Defense Posture?
Any serious analysis on cyber-espionage has to be caveated with the fact that we have to evaluate evidence based on primarily open source intelligence, which does not provide us with an entirely accurate picture of the China-US cyber competition – much of it is happening in the shadows and outside the public’s view. However, it is evident that the Department of Justice indictment was partially announced to assuage the U.S. private sector and to demonstrate that the United States government is boosting its efforts to stop Chinese cyber attacks. Likewise, we can make a few additional deductions based on the history of China-US cyber relations.
First, the indictment clearly signals that the United States is switching from a more conciliatory stance in the last few months to a more confrontational posture. As I have written in the past, the Pentagon particularly has tried to build trust between the Chinese and U.S. militaries with its unprecedented briefing for senior Chinese military leaders on the U.S. military doctrine for defending against cyber attacks. The Obama White House quickly followed suit with the announcement that it will share more openly intelligence on zero-day vulnerabilities – a symbolic gesture of unilateral cyber disarmament. Both cases were meant to signal China that the United States – aware of its technological superiority in cyberspace – is willing to accommodate Chinese fears and more actively engage in dialogue. To the dismay of the U.S. administration, China has not reciprocated their efforts and according to the 2014 Mandiant Report has even expanded the scope of its cyber operations.
Second, the indictment also signals that the United States government is ready to progress up the escalation ladder from vicariously “naming and shaming” Chinese state-sponsored hackers via the U.S. private sector and media (e.g., the 2013 Mandiant Report), to a more direct approach. According to one expert this indictment was the Department of Justice’s contribution to a White House initiated strategy to contain Chinese cyber attacks. This new more blatant method of “naming and shaming” fits into the escalatory framework of a national cyber deterrence strategy. If the Chinese will continue cyber operations at the current level, step up their cyber-espionage activities, or “name and shame” U.S. hackers and intelligence operatives, the United States will have no choice but to intensify coercive measures vis-à-vis Beijing.
Third, in case the indictment fails to have an impact, the United States government may also step up its active cyber defense posture. According to one scholar: “Active Cyber Defense is direct defensive action taken to destroy, nullify, or reduce the effectiveness of cyber threats against friendly forces and assets.” Any sort of cyber defense contains next active defense components, such as honeypots, intrusion prevention systems (IPSs), and anti-malware systems. Yet, it also includes politically and strategically sensitive counter-attacks on critical information infrastructure of the intruder. Despite the danger of serious political repercussions, various experts have repeatedly advocated such measures in the past; one expert testifying in front of the United States Senate referred to this escalatory step as a strategy “relying on attribution and retribution.” As an additional escalatory factor, active cyber defense can set a precedent for an increase in private sector “cyber vigilantism”, i.e. companies unilaterally engaging in destructive counter-attacks (“hack back”) outside their networks once they have identified the perpetrators, which, in many cases will presumably be on Chinese territory or aimed at Chinese owned critical information infrastructure.
To avoid these escalatory steps, the United States and China have to find ways to have an open and fair dialogue on cyber-espionage and other cybersecurity related issues. This essentially implies an almost schizophrenic, two-layered approach of simultaneously cooperating with each other on one level of cybersecurity, while dissuading one another from excessively engaging in malicious cyber activities at another level. This strategic doublethink dichotomy holds true for both China and the United States. Yet, while there is no indication that the nascent cooperation on the technical level has been suspended between both countries, on the macro level political confrontation appears to be the most likely modus operandi in the near-term future.
Franz-Stefan Gady is a Senior Fellow at the EastWest Institute.