The U.S. has been hacked on over 700 occasions in just five years on fronts ranging from corporate to private to governmental. Over the past two years, the Office of Personnel Management (OPM) was hacked on two separate occasions; the hack this year was deemed the largest in U.S. history, with 5.6 million fingerprints and over 4 million current or former governmental employees’ classified information stolen. Such a breach raises pointed concerns that such employees may now be easier to recruit for foreign espionage. Despite being less devastating in scale than previous attacks, such a narrative is anything but unique. In 2007, China accused both the United States and Taiwan of hacking into its intranet networks to steal classified information, and has since used Edward Snowden’s National Security Agency (NSA) revelations on the U.S.’s global surveillance programs to highlight American hypocrisy.
Both sides have developed cyberwarfare capabilities that, if utilized, would severely hamper bilateral economic ties and hurt prospects for reaching a historic Bilateral Investment Treaty agreement. Moreover, it would bring environmental cooperation to a halt. Therefore, before the U.S. raises the battle cry of retaliation, it is necessary to consider how the U.S. and China’s cyber strategies conflict before evaluating how to lay the groundwork for mutual progress.
In China’s case, violating its Internet network is akin to violating national sovereignty. Key branches of the Chinese government, most notably the People’s Liberation Army (PLA) — China’s largest employer — have been calling for Chinese control over the worldwide Internet by utilizing more inflammatory rhetoric to brand the Internet as “the primary battlefield for ideological struggle.” More concerning perhaps is the fact that the Chinese government mouthpiece, the PLA Daily, has claimed that Western anti-China forces have already forged alliances with ideological traitors within China with the goal of slandering the Communist Party, and ultimately, destabilizing vital national security interests. Therefore, even such Internet-based exchanges of information and/or damaging opinions are grounds for violation of China’s sovereignty.
Such a violation gives China the green light to utilize not only its Great Firewall — which siphons off China’s access to more politically sensitive parts of the worldwide Internet —but also its Great Cannon, used between March and April of this year. It takes a simple, non-inflammatory search query and interferes with a “denial of service” attack to politically sensitive websites such as GreatFire.org, which hosts software allowing Chinese internet users to duck under the Great Firewall. Although such attacks have ceased for now, this highlights the slippery slope that awaits nearly anyone in the world who uses a Chinese server, regardless of whether or not his or her search queries are politically sensitive to begin with. University researchers at Toronto’s Citizen Lab have essentially confirmed the rhetoric used earlier by the PLA Daily in stating that the use of the Chinese Great Cannon reflects the Chinese desire to stand against what it believes to be U.S. hegemony in cyberspace.
On the U.S. side, there is a growing trend of hawkishness. The Pentagon has, for the first time, prioritized enhanced cyber military capabilities that may be used in conflict situations. The program’s strategic document calls for protection of the Department of Defense networks, of the American homeland from damaging cyber-attacks, and control and management of cyber-conflict, but only dedicates one paragraph to actual dialogue with China. Additionally, top-secret documents leaked in 2014 reveal that the NSA, in partnership with the British GCHQ, has created technological implants designed to capture certain targets’ foreign Internet and phone network usage. Such tools, codenamed TURBINE and QUANTUM, create groups of automated control implants that can either morph themselves into Facebook lookalikes or spam email as ways to directly infiltrate into a computer’s audio or webcam system to obtain data.
With these kinds of cyber capabilities, financial turmoil may ensue if such finger-pointing escalates into full-fledged cyberwar. In response to repeated hacking from China, Obama opened the doors in April for the U.S. to impose sanctions on cybercriminals. At a time when Xi’s state visit has been declared one of the most crucial moments in the sphere of U.S-China relations, outright sanctions are not an advisable course of action. Currently, the U.S. has 42 Bilateral Investment Treaties (BIT) with other nations, but has yet to successfully negotiate one with China. In 2014, due to the U.S.’s open market, Chinese foreign direct investment in the U.S. was $11.9 billion, compared to only $2.7 billion from the U.S. At the close of the 5th Strategic and Economic Dialogue (S&ED) in July, China announced that if it took off, the BIT would encompass transparency to all aspects of investment, eliminate market barriers, and level the playing field for American businesses in China. Two prospects could notably dampen prospects for mutual job growth, investment and innovation. The first is that American businesses may withhold investing in their suspicions that Chinese investment may further push open the doors to cyber-espionage. The second is the Chinese government — which has repeatedly denied responsibility for the OPM hack — would consider such an action not leveling the playing field for Chinese conducting business in the U.S.
Obama is currently intentionally non-specific about creating an organization like the International Atomic Energy Agency (IAEA) – which safeguards peaceful uses of nuclear technology – to deal purely with the issue of global cyber-security. Strategically speaking, this may be a wise time for Obama not to act. China has changed the tide of U.S.-China relations from consistent denial to finally publicly admitting in its updated Science of Military Strategy to sponsorship of cyber-warfare forces. Thus, China may be moving in a positive direction towards acknowledgment and increased willingness to cooperate with the United States. On September 2nd in Seattle, China’s chief Internet controller Lu Wei essentially fully opened the door to such talks by stating: “We are in the same boat. The only choice we have is to cooperate.” President Obama and President Xi also reached an agreement during Xi’s state visit, with Obama stating: “We’ve agreed that neither the US government nor the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property including trade secrets or other confidential business information for commercial advantage.”
This does not mean Obama should leap into talks just yet, however, because the the grounds for agreement regard cyber-attacks, and not cyber-exploitation. It is important to note that even if the countries agreed not to conduct cyber-attacks, the aspect of exploitation or implementation of tools that steal trade secrets and the like typically completely presages attacks. Until Obama can tangibly align an association of nations to agree on specific terms and participate in an IAEA-type surveillance organization, there can only be airy rhetoric and not much else.
At a time when both nations have solidified access to full-fledged cyber-weaponry capable of perpetuating a drawn out and potentially disastrous cyber-war, it is necessary to continue underscoring mutual cooperation as a way of building long-term trust. With the world’s two largest emitters already agreeing to freeze emission growth rates within the next two decades and with China recently agreeing to implement cap and trade by 2017, the next step is to boost U.S.-China business collaboration. At a time when Xi has repeatedly remarked that China needs to shift from export-led growth to spur domestic consumption, U.S.-China partnerships open the door to innovation and increased investment.
The U.S.-China relationship has long been regarded as a bastion of world stability. If the U.S. and China can first build trust through issues such as clean energy, then increase bilateral investment, then it is conceivable that the two nations could act as the spearheads behind a new global cyber framework agreement.