Author: Zach Montague, Delma Institute
China and the US are entering a new and troubling phase of cybersecurity. The recent crash of North Korea’s internet network reveals just how inexperienced world leaders are in dealing with cyber conflict. It shows how one reckless act in the cyber realm can quickly devolve into a bigger international crisis. The confusion and ambiguity surrounding this sequence of events has left the US and China entangled in a high profile cybersecurity standoff.
An American comedy film, The Interview, allegedly provoked North Korea into hacking the Sony Entertainment Network, drawing attention from the FBI, the UN Security Council, the White House, and top officials in South Korea and Japan. Soon after, an FBI report formally implicated North Korea in the attack. While President Obama promised to ‘respond proportionally’, North Korea’s entire internet network suddenly went offline.
The FBI has stood by its accusation that Pyongyang was responsible but few outside experts are convinced. There is growing speculation that North Korea’s internet blackout was caused by a sophisticated cyber attack engineered by the US.
As leading experts on cybersecurity have pointed out, one of the biggest challenges with cyber attacks is attribution. Both state and non-state actors can launch attacks with intricately disguised origins, which can introduce uncertainty into the response process. It is hard and sometimes even impossible to respond appropriately when a major cyber attack takes place. The inherent uncertainty in US–China relations already makes for volatility. But with some of the world’s most sophisticated cyber war capabilities, conflict could escalate quickly over faulty intelligence.
The cause of North Korea’s internet outage may never be known. But what will matter more in the long term is what policymakers believe happened. This will inform future decisions regarding cybersecurity.
If Chinese and North Korean leaders believe that the US brought down an entire country’s internet network in response to an attack on one of its corporations, it will carry serious implications for international relations. The US has blamed Chinese and Russian hackers for targeting American companies on several occasions before. And the North Korean crash could be taken as a warning that the US is more willing to retaliate against attacks on private organisations.
But if it appears that the US retaliated impulsively based on false information, or worse yet, used the Sony hack as a pretext to showcase its cyber capabilities, this is guaranteed to put foreign leaders on edge.
This incident has dragged the US and China toward a potentially serious political standoff and rekindled North Korea and China’s historical partnership. Since North Korea’s internet is wired through China, the possibility of a US cyber strike may have felt too close for comfort for Beijing. The Chinese government has even started censoring coverage of the story and announced its own independent investigation challenging the FBI report. Meanwhile, a minor breach in the computer network of a South Korean nuclear plant caused brief panic that North Korea might actually be retaliating with a more serious act of cyber terrorism against a US ally, putting the entire region on high alert.
This is not the first time the US and China have taken different sides over a hacking incident. Both countries have been exposed conducting advanced cyber espionage against the other. And they have failed to reach an agreement that would define and limit cyber warfare. But the recent events are a remarkable reminder of how quickly cyber confrontations can escalate and the hugely destabilising effect this could have on US–China relations in the future.
In the absence of an international treaty regulating cyber war, norms and standards for its use are developing through precedent. When deciding what is fair game, policymakers will naturally consider what others have done — or appear to have done — in similar situations.
New precedents have been established after the attack on Sony and the apparent follow-up attack on North Korea’s internet network. Conventional wisdom has been revised on what the US will tolerate and how it will respond to an attack it deems unconscionable.
Instead of using this experience as a chance to open a dialogue, leaders have been secretive and disingenuous about what happened, leaving greater uncertainty about how future incidents will play out, what targets (if any) are off limits, and how state-sanctioned hacking can be distinguished from third party attacks. The Sony hack and North Korea internet crash should be scrutinised as an important study in conflict escalation. It should be the starting point for much-needed negotiations on controlling the use of hacking as a weapon in international disputes.
Zach Montague is a researcher at the Delma Institute, specialising in China and East Asian affairs. Follow him on Twitter @zjmontague.