The United States has intensified its efforts and taken several important measures to enhance its cybersecurity, especially after the second inauguration of Barack Obama as President. Examples include expanding its cybersecurity force more than five fold from 900 to 4,900 in the coming years, completing a “secret legal review,” which according to the New York Times will authorize the President to “order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad”, approving an Executive Order which seeks to improve information sharing concerning cyber threats to US critical infrastructures, and launching the Administration’s Strategy to Mitigate the Theft of U.S. Trade Secrets that specifies the strategy action items the U.S. will take to protect its trade secrets.
At a time of increasing cyber attacks, it is understandable why the U.S. pays so much attention to cybersecurity. But, it is hard to imagine why the U.S., a state with the most advanced Information and Communications Technology (ICT) and the strongest cyber power in the world, would take such a bold move like launching a “preemptive strike” against other countries given the fact that it is very difficult, if not impossible, to provide hard evidence to attribute a cyber attack to a specific attacker.
New Actions by the U.S.
Intense moves by the U.S. are the newest in its assiduous efforts to strengthen its cyber security and can be explained by several reasons. First of all, in recent years, the number of cyber attacks, including those against the United States, has been increasing, thus alerting the entire world, particularly Americans who maintain that their cyber assets are owned and managed largely by the private sector. This seems to provide an objective ground for the U.S. to take proactive and preemptive measures to enhance and build its cyber security.
Second, as a result of its lead in ICT, the United States is more dependent on the Internet than other states, which also means being more vulnerable to cyber attacks. Therefore, the U.S. attempts to use its technological superiority to deter potential cyber attackers by making public its intention of launching preemptive cyber strikes. Of course, this will not necessarily be a deterrent or yield desirable results. On the contrary, it might launch a cyber arms race and exacerbate cybersecurity concerns, which is not conducive to maintaining cyber stability and peace.
Third, since its first secret talks on cyber war with Russia in Moscow in 1996, the United States has always been opposed to cyber arms control or signing any international treaty on cyberspace. In recent years, the U.S. has endeavored to intensify its cyber security, not only through further building its cyber capabilities, but also through domestic and international cyber legislation, such as the Cybersecurity Act of 2010 and the International Cybercrime Reporting and Cooperation Act (2010). After the failure of the 2012 U.S. Cybersecurity Act, both Democrats and Republicans have continued their efforts to pass cyber legislation in 2013. Moreover, last September, Harold Hongju Koh, legal adviser to the Department of State, clarified the U.S. position that existing international law is applicable to cyberspace. By way of constructing new rules for cyberspace, including rules for cyber warfare, the U.S. could offer a legal ground for its preemptive cyber strikes against others, thus increasing the legitimacy of its provocative cyber activities. However, it is doubtful whether it could achieve this much-needed legitimacy for preemption.
China Acts as a Scapegoat
Once again, China has become the default target for accusation when the U.S. tries to find a scapegoat for the cyber attacks it receives. The U.S. seems to have formed a bad habit of accusing China whenever something unpleasant occurs between the two countries. Case in point is the recent action taken by the U.S., in which both the media and some Internet security companies are actively blaming China for the cyber attacks against the U.S.
However, we have to bear in mind that China is also a major victim of cyber attacks, which have increased dramatically in recent years. The newly updated version of China Cyber Security Situation in 2012 [in Chinese], released by National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) on March 19, 2013, presents a telling story about these attacks. Even so, China seldom publicizes the cyber attacks it suffers as it has embraced a low profile and humble approach to foreign affairs.
China is firmly opposed to hacking and Chinese law prohibits any hacking behavior compromising Internet security. China also advocates and practices an active defense policy. It is neither professional nor responsible to allege that China, its government or army are involved in cyber attacks against the United States. As a matter of fact, numerous cyber attacks come from within the U.S. itself, which is acknowledged by both American officials and cyber security experts.
Cyber Relations at a Critical Moment
Now, cyber relations between China and the U.S. are at a critical moment. U.S. accusations against China are not new, but they could blunt Americans’ thinking while neglecting the essential issues. Moreover, these accusations will poison Sino-U.S. cyber relations. Therefore, the United States should change its way of engaging China as the two countries are faced with common cybersecurity threats.
For instance, though the International Code of Conduct on Information Security, proposed at the UN General Assembly by China and other countries in September 2011, was “largely dismissed by Washington and its Western allies,” Amitai Etzioni, a senior advisor to the Carter administration, said, “if one did not know which nations submitted this proposal, one could easily assume that 95 percent of the draft code was composed by Western nations led by the United States”. In fact, China has always been open-minded and hoped to resolve the cyber differences between the two countries through practical consultation and law enforcement cooperation. To build a safer and more stable cyberspace, new steps and thinking are needed to advance rather than reverse China-U.S. cyber relations.
Xu Longdi is a PhD and Associate Research Fellow at the China Institute of International Studies in Beijing.