It appeared a reasonable suggestion when, two months later, the lower house of Japan’s Diet also fell victim to cyber attacks, reportedly from China.
This Cold War mindset is slowly leading national governments to focus on ‘cyber warfare’ and ‘cyber sovereignty’. In May 2010, for example, the US Cyber Command was formed. And when the White House released its first International Strategy for Cyberspace in May 2011, it was closely followed by the Department of Defense’s Strategy for Operating in Cyberspace. Notably, US Defense Secretary Leon Panetta likened the potential consequences of an all-encompassing cyber attack to the ‘next Pearl Harbor’. Meanwhile, China confirmed for the first time in May 2011 the existence of a cyber-focused Blue Army within the People’s Liberation Army. More recently, Chinese military thinkers also called for an ‘all-society’ approach to cyber-war mobilisation, involving civilian, industrial and military networks.
Is this focus justified? Treating cyberspace as a battlefield confuses the symptom for the cause and misses a larger point: that the roots of cyber attacks lie elsewhere. For one, online crime and espionage can often be economically motivated. China’s cyber espionage, for example, is part of a larger effort to reduce its dependence on foreign technology and to move from ‘made in’ to ‘innovated in’ China. In this context, the US should respond by convincing China that stealing foreign secrets would only lessen the ability and desire of Chinese firms to develop their innovative capabilities. An innovation strategy which fosters a culture of technological entrepreneurship would be more promising.
Cyber attacks can also be politically motivated. For example, Russia launched cyber attacks on the government websites of Georgia in 2008, a move which coincided with military operations in the breakaway province of South Ossetia. Also in 2008, China’s ‘patriotic hackers’ organised attacks against CNN after the network aired reports about China’s suppression of Tibet. Confrontations between Vietnam and China in the South China Sea in June 2011 equally found parallels in cyberspace, when hackers from both countries replaced content on the opposition government’s websites with their own national symbols.
Yet, singling out cyberspace as a new arena for warfare overlooks more fundamental issues, namely mistrust between nations due to historical grievances or geopolitical competition. Putting undue focus on cyber warfare is likely to erect an otherwise non-existent dimension of conflicts, which could only exacerbate existing mistrusts. Cyber security is a complex problem mixed with economic, social and diplomatic issues; one which cannot be solved by adopting a solely military approach.
More importantly, this military-focused approach is inconsistent with the open, global and borderless nature of the internet, factors that have contributed to its rapid development and success over the last decade. Some thinkers in the US military even advocate a ‘cybered Westphalian age’, in which nations would define and defend their virtual borders, similar to the processes by which they come to dominate the international system.
Still, a January 2011 report released by the OECD suggested the threat of cyber war is grossly exaggerated. Catastrophic, full-scale cyber attacks which have the capacity to cause a national or global shock would certainly have major consequences, but they remain completely theoretical. It is true that cyberspace is filled with all sorts of threats, and governments certainly need to make preparations to withstand these risks. But given that cyberspace is a complex environment of actors with specific interests and capacities, this can only be done by creating the correct legal frameworks and incentives, and maintaining dialogue between different groups.
Given the correct incentives, engineers, companies and internet service providers could be motivated to build more resilient systems, and keep a better check on illegal actions. Of course, this will not be enough unless a shared global understanding can be built up, and one that is based on shared vulnerabilities rather than perceived threats, so that states would be more responsible for attacks originating from within their borders.
This consensus is possible as cyberspace is not naturally divided into clear allies and enemies. The internet does not accommodate a bipolar strategic landscape: all countries suffer from online attacks. If we are to have a safer cyberspace, the best approach is to foster better international governance and cooperation, rather than imagining enemies and erecting barriers.
Andy Yee is a policy analyst for Google in Asia Pacific. He has worked at the Political Section of the EU Delegation to China in Beijing.