Washington sweats at China's cyber
threat By Benjamin A Shobert
Monday's Congressional United States-China
Economic and Security Review Commission (USCC)
again turned its attention to what is becoming an
increasing focal point for it: China's
cyber-security practices.
Jason Healey,
the director of the Cyber-Statecraft Initiative
for the Atlantic Council, reflected both the
frustration and the fear of many in America's
policy community when he stated, "The threat of
Chinese espionage is so critical that the
commander of our military cyber-defenses has
called it the 'the biggest transfer of wealth
through theft and piracy in the history of
mankind'. It is so bad, in fact, the United States
may need to regulate the private sector and our
companies need to submit to government
monitoring."
Viewed by many in the China
policy community as unnecessarily provocative and
hostile towards Beijing, the USCC has been one of
a handful of groups within the American government
that have
been researching and
reporting on what they see as a long-standing
problem largely of China's making in this area.
As the USCC and many of those who
testified on Monday believe, China's
cyber-security practices have long been egregious
and now hold the potential not only to continue
facilitating the transfer of intellectual property
that Healey referenced, but also to put America's
strategic interests at risk in the event of
conflict.
As Healey shared on Monday, "The
Defense Science Board report that discussed
hardware and software leakages, intrusions, supply
chain attacks, and risk levels was researched in
1969. And yet we're still struggling."
While it may have only recently come into
fashion to point out China's practices in these
areas, it is worth noting the USCC's long-held
desire to draw attention to this flaw in America's
national security. What has changed since 1969 is
obviously the increasing reliance the world now
places on access to the Chinese information
technology (IT) hardware supply chain, and the
growing sense that China should be viewed less as
a strategic partner and more as a strategic and
ideological threat.
In this way, the
USCC's fears over China's cyber-security hold the
potential to be blown out of proportion: the
interconnectivity bred by globalization has been
largely good so long as trading partners trust one
another. As these formally stable relationships
come under strain, largely due to America's
economic insecurities, it becomes easier to
question whether this inner-connectivity in fact
is safe, healthy or desirable for American
industry or government.
Unlike other parts
of the American government, the USCC is
specifically tasked by congress to look at the
nexus between economic and national security
matters. This overlap makes it all but impossible
for the commission to turn a blind eye towards
China's practices in this area, a reality that
both tends to make the USCC's conclusions more
hostile towards China's actions, and more uniquely
concerned about the extent to which economic
relationships may foster strategic weaknesses.
In peacetime, this investigation can seem
unnecessarily provocative; but in moments of
tension or conflict, the questions they ask and
the policy adjustments they set in motion may be
prescient. The larger question of course is
whether the USCC's emphasis on China as a
potential threat feeds the American Congress'
unhealthy fixation on China at the expense of
other questions that, while more difficult to
think through, would go much further towards
stabilizing US-Sino relations. National security
matters can quickly take the oxygen out of the
room in Washington's loaded political culture,
where simple approaches to complex matters are the
norm.
As several of those who testified on
Monday know, there really is no way to talk about
America's cyber-vulnerabilities without naming the
country from which this threat already comes:
China. Several of Monday's panelists admitted that
the threat coming from China is both diffuse and
specific.
Diffuse in the sense that it
comes from many different parts of China's
government, and in many ways they act in largely
autonomous manners; specific in that without
question they originate from China. As a result of
this, American government has chosen to focus on
companies like Huawei as a focal point that, while
perhaps not entirely dealing with the threat, is
an action within their control that politicians
believe does something to address the threat.
The potential threat from Huawei that has
been trotted out by various senators over the past
several years, that the company could have left
virtual or hardwired "backdoors" in the systems it
has put into service in the United States, has
proven to be a difficult question for Huawei to
answer.
On one hand, China's cyber-spying
makes it imprudent to ignore the very real
possibility that Huawei, an organization with
meaningful ties to Beijing, would have no cause to
place these backdoors. On the other, the fears of
this being done thus far widely outpace the actual
incidents in which the supply chain has been found
to have been compromised in the way the USCC
fears.
Given reports that Symantec has
terminated its joint venture with Huawei, it is
likely the fallout from these fears is only going
to increase for the Chinese company as the year
advances.
Situations like those Huawei
faces are unlikely to be unique as the global
supply chain continues to shift increasingly
towards China as the IT industry matures.
Consequently, experts like Healey are faced with
the question of what to do given the need to
protect American interests without upsetting an
entire industry.
With this in mind, Healey
believes lessons from how China has been
proactively engaged on other conventional matters
might shed some light on how to address American
fears over China's cyber-security policies.
Referencing a recent Georgetown University
discussion over how America engaged China on
conventional and nuclear proliferation matters, it
was suggested America could learn something from
this experience. Specifically, as Healey added,
"These negotiators discovered the Chinese
government was more willing to limit proliferation
to some countries but not others. Sometimes they
discovered a discrete word to the Chinese
leadership would work, while other times public
shaming was needed. They still haven't figured
everything out, of course, but they can point to
progress in influencing Chinese behavior."
The question then begs to be answered:
does this have anything to suggest about how China
could be engaged on cyber-war fears? To Healey,
the answer is yes. As he elaborated during
Monday's hearing, "When asked the same question,
America's cyber-experts answered with a sheepish
look, admitting that we have not yet told the
Chinese leadership, in any similar fashion, that
we are upset with their activities against us. We
have mentioned it to them, but rarely more."
Many in the State Department would beg to
differ with Healey's sweeping generalization, but
his point may well be that whatever has been done
thus far to address these concerns has come up
short when measured against the destructive
potential of what China could do, coupled to the
unpleasant admission of what its cyber-spying has
already been successful accomplishing.
This is likely why the Pentagon has
recently adjusted its policy towards
cyber-intrusions, acknowledging that virtual
intrusions would be treated in much the same way
as conventional ones.
At many of the
interchanges between American and China's economic
relationship lie matters of national security, but
nowhere is this more obvious than in the
cyber-security sphere. Here, globalization's
advance has left America reliant on a
manufacturing capacity outside its borders, yet
deeply entrenched in the most sensitive matters
than connect companies, consumers and government.
While many of the questions raised by this
week's USCC hearing are uncomfortable, they are
also largely questions of America's making. As
such, America will need to choose either to
disentangle its critical IT infrastructure from
China or find a more productive way to have China
address American concerns and remedy bad
behaviors.
Given it is highly unlikely the
private sector would be willing to capitalize such
a relocation of manufacturing from China to the
United States, and given it is equally unlikely
the federal government could get public opinion to
support spending federal money to accomplish the
same thing, it seems America has little choice but
to figure out how to proactively engage China and
shape its behavior in this matter.
American policymakers have the aptitude to
make this sort of nuanced pivot; the question
remains whether American politics has a similar
capability.
Benjamin A Shobert
is the Managing Director of Rubicon Strategy
Group, a consulting firm specialized in strategy
analysis for companies looking to enter emerging
economies. He is the author of the upcoming
book Blame China and can be followed at
www.CrossTheRubiconBlog.com.
(Copyright 2012 Asia Times Online
(Holdings) Ltd. All rights reserved. Please
contact us about sales, syndication and
republishing.)
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
