The role of cyber security in US-China relations

Author: Adam Segal, CFR

Less than three weeks after US Secretary of State Hillary Clinton and three other cabinet members announced the International Strategy for Cyberspace, another incident has occurred between the United States and China.

In this instance, Google claims that hackers based in Jinan stole the passwords of the email accounts of senior government officials in the United States and Asia, as well as Chinese political activists. The Chinese response followed the standard script: deny the claims, point out illegality of hacking in China, note that China is also a victim, and question the motivations of Google and the United States. Foreign Ministry spokesperson Hong Lei said, ‘Allegations that the Chinese government supports hacker attacks are completely unfounded and made with ulterior motives’.

While this flare up is likely to be short lived, the two sides involved hold fundamentally incompatible views on cyberspace, which means it is almost inevitable that there will be another incident sometime in the near future. The International Strategy states that the US will promote a digital infrastructure that is ‘open, interoperable, secure, and reliable’ while supporting international commerce, strengthening security, and fostering free expression. At best, China shares interest in two of these goals — global commerce and security — and even in those cases it has a different conception of how they should be defined.

The most visible difference is over the use of the internet and other communications technologies to ensure the free flow of information. Like the Russians, the Chinese are more likely to speak of ‘information security’, which includes concerns about content, rather than ‘cyber security’, which is primarily focused on the protection of communication and other critical infrastructure networks. A July 2010 report from the Chinese Academy of Social Sciences, ‘Development of China’s New Media’, accuses the United States of using Twitter, Facebook, and other social media sites to foster instability. As Jack Goldsmith has noted, Washington provides support for ‘hacktivists’ and others to circumvent the content filters and other technologies that make up the Great Firewall of China and it views this behaviour as benign. The Chinese on the other hand, consider all this to be ‘on a par with the Google hack’. In any discussion about norms in cyberspace, Beijing is likely to demand that the United States limit its support for digital activists, a requirement Washington is unlikely to meet.

As Chinese technology firms expand abroad, they will have a growing stake in a digital infrastructure that is global, interoperable, and secure. But in the near term the Chinese government has used competing national technology and security standards to promote indigenous innovation. The Multi-Level Protection Scheme, for example, requires that banks, government offices, and other critical industries use security technology provided by Chinese firms. If foreign companies want to remain in the market, they must partner with Chinese firms and possibly transfer technology to them.

The more dependent the Chinese economy becomes on the internet, the more vulnerable China becomes, and thus the more likely it becomes that the United States and China can reach some agreement about limits on the development and use of cyber weapons. But for now, Chinese defence analysts clearly believe that America possesses superior capabilities in conventional weapons and that the American military is more dependent on the internet than the People’s Liberation Army. As a result, open source writings are filled with discussions about how cyber attacks can limit US power projection.

It is also worth noting that Chinese officials see a high degree of hypocrisy in US positions. While American policy makers talk about maintaining freedom of movement, Chinese policy makers see a strategy focused on dominance, control, and on limiting China’s ability to act. The list of complaints is long: American companies dominate the hardware and software industries, Internet Corporation for Assigned Networks Names (ICANN) is beholden to the US government, nine of the 12 auxiliary root servers are located in the United States, and US Cyber Command was established in order to conduct offensive operations.

Given these divergent views, US policy makers need to have a realistic sense of what can be accomplished with China in cyberspace. Patience and cool-headedness will be in high demand as the next dispute breaks out. Washington must engage Beijing in discussions about the rules of the road, but more important will be efforts to work with allies and close friends in defining international norms of behaviour.

Adam Segal is the Council on Foreign Relation’s Ira A Lipman senior fellow for counter-terrorism and national security.