The realm of cybersecurity and cyber foreign relations is still a relatively new domain and one that is often poorly understood by many policymakers. It is usually treated as a highly specialised area of policy, despite the huge role it already plays in most aspects of everyday life.
Cybersecurity also has a large impact on world affairs. Recalling a choice term from an earlier era of combative international relations, it is no exaggeration to say that détente in cyberspace is vital to stability and safety. This term is very much apropos, not least because the command and control of nuclear armed missiles depends in part on a “securable” cyberspace.
A shorter version of this article appeared in the Sunday, August 30, edition of the “Ideas” section of the Boston Globe.
And while the core détente pairing back then was between the US and Russia, with Europe playing a constructive intermediary role at the time, today’s “détente” pairing is between the US and China.
Both powers say they want dialogue and co-operative behaviour on cyberspace issues – but something is keeping them apart. Recent news headlines – in particular the theft of personal data of more than 20 million US citizens in the records of the federal government’s Office of Personnel Management (OPM)– make it appear that the frosty relations on cyber issues are all China’s fault.
As the US government reports credibly, China is engaged in an unceasing and highly successful cyber espionage campaign against the US. Yet to manage the threat from China, there has to be effective diplomacy. To get to that point, we need to answer two rather intriguing questions: Could poor cyber relations with China also be the fault of the Americans? Or maybe both sides are fuelling each other’s dangerous behaviour?
For starters, in the diplomatic realm there is no other relationship on cyber issues like it. China and the EU get along quite well on cyber issues, including joint research through OpenChina ICT.
Certainly, there is less acrimony and less overt suspicion between these two powers. Russia and China, for their part, have signed an agreement to limit hacking against each other. This is quite surprising, given that Russia trusts China less than it trusts the US on cyberspace issues. Beyond Russia, China’s relations with India and Japan are not so bad either.
All of which demands an answer to this question: If China has been able to keep business-like relations with all other partners on cyber issues, in spite of its rampant cyber espionage against them, then why is its cyber relationship with the US worse than with other major powers?
At one level, the present state of affairs can be explained easily and positively for the US. It can (afford to) be more strident in its diplomacy than any other Western country because it is more powerful.
In addition, relative to most countries that are getting along better with China in cyber affairs, the US also puts more stock in certain issues of principle, such as human rights protections in cyberspace or theft of intellectual property.
Washington also believes that it has to stand up to China on such issues, not least because of the way in which China’s power is disturbing American allies in the Pacific.
At another level, the style and tone of US cyber diplomacy toward China looks surprisingly messy. This is unexpected because US diplomacy toward China under President Barack Obama has generally been organised and thought through.
The best way to understand the situation is to point to several negative factors which, in their sum total, undermine the coherence of US cyber diplomacy. They include:
* A misplaced US sense of moral outrage which, in turn, arises from the mistaken belief that there are unambiguous norms in cyberspace that China is violating.
* Failure to appreciate China’s deep insecurity in cyberspace (its internal and external security dilemmas).
* Lack of knowledge of the detail of US cyber espionage and cyber military operations against China (the “need to know” principle keeps the detail totally concealed). In addition, there is no net assessment readily available.
* Unresolved inter-departmental turf disputes (for example, the Pentagon or NSA skewing the cyber debate for institutional interests).
* Inflation of the threat from China’s theft of intellectual property (as argued by Jon Lindsay and myself.
* A failure to give due weight to the consideration that most cyber systems are inherently vulnerable and cannot be secured against a determined cyber adversary.
* The emergence of the US cyber security industry as a lobby group that is alert to all of the above and plays it for commercial gain (for example, the Mandiant report).
* A lack of understanding of how dependent China is on US and Allied supply of communications and information technology.
* An almost hysterical relationship between the two major political parties inside the US on national security issues.
* A mass media environment that is all too receptive to cyberspace dramas and anti-China stories.
This Democratic Administration is particularly susceptible to some of those traps. On the economic front at home, it needs an anti-China argument to help buttress its defences in the face of mass social dislocation arising from the erosion, resurgence and restructuring of the US manufacturing industry.
Then there is the eternal Washington “logic” of bureaucratic politics. Consider this. On the one hand, security chiefs across the US have staggeringly large budgets and resources at their disposal. On the other hand, it is difficult for them to admit that their technical skills and technologies have not been good enough in most cases to stop China’s cyber thievery.
Would it be surprising therefore for all of them to fall unconsciously into finding a common public scapegoat, a strategy that downplays other bad cyber actors, such as Russia, Israel, France and even Iran. Enter the China blame game. This is not to say by any means that China is without fault. But what is equally undeniable is that the impact of the China cyber threat relative to other threats is exaggerated by the US cybersecurity community.
The other side of that same coin is that the US capabilities and reach into Chinese networks is conveniently belittled – and strategically obscured.
What is particularly ironic is the deep integration of the cyber industry sectors of the two countries. What is to be done?
The challenge from here on out is to begin to unravel this entanglement of influences and to base US cyber diplomacy on a more sophisticated notion of everything that is actually playing out.
The détente experience of Soviet-US relations in the Cold War era suggests less outrage about espionage and a more nuanced appreciation of its limited impacts relative to the larger military threats could lead to better – more realistic – relations.
As the EastWest Institute, Henry Kissinger and Jon Huntsman have argued, cyber détente with China is possible. If America’s European Allies, Japan, India and Russia can do it, why does the US policy toward China on this issue have to look – and feel – so very different?
* Greg Austin is a Professorial Fellow at the EastWest Institute and author of the book, Cyber Policy in China (Polity 2014).This article initially appeared on The Globalist. Follow The Globalist on Twitter: @Globalist
** The views expressed here are not necessarily those of Independent Media