Despite Intrusions, Chances Of U.S.-China Cyber War Are Small

SAN FRANCISCO – A panel of security and policy experts said that, despite dire warnings about the information warfare capabilities of China and other developing nations, the risk of an all-out cyber war is remote, and that the U.S. still holds many of the cards.

SAN FRANCISCO – A panel of security and policy experts said that, despite dire warnings about the information warfare capabilities of China and other developing nations, the risk of an all-out cyber war is remote, and that the U.S. still holds many of the cards.

Despite widespread portrayals of China as a cyber aggressor, the country’s civilian and military leaders are seeking input from U.S. policy experts as they weigh the role that cyber offense and defense will play in their country’s foreign policy and defense, the panel told attendees at the RSA Security Conference in San Francisco on Wednesday.

The cadre of top cyber security policy experts took part in a panel titlried Cyber Battlefield: The Future of Conflict on Wednesday. Panel members offered differing opinions about the dimensions of the cyber threat, but a consensus on the need for using tried and true methods in the new realm of cyber conflict. International diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyber actions and a strong offensive deterrent were a must, experts said.

“With China, multi lateral efforts are particularly important,” said Adam Segal, A Senior Fellow for Counter Terrorism and National Security Studies at the Council on Foreign Relations. “If we can get India, Brazil, South Africa and other countries join with us, we’ll have a lot better chance of getting the Chinese to see things our way.”

Old fashioned diplomatic horse trading will also be a critical tool for avoiding conflict and stemming the kinds of economic and military espionage that have become common in recent years.

“We have our list of priorities and the Chinese have theirs,” said Dmitri Alperovitch of the firm CrowdStrike. “There has to be some sort of diplomatic transfer where we there’s a trade off.”

The U.S. also has to start building up its allies by sharing its native cybersecurity expertise .

“There’s a huge need for capacity building in these countries where the security expertise is thin on the ground,” Segal said. “If we’re not in there, then (Mainland networking technology firm) Huawei and the Chinese will be, and you’ll end up with different norms about information flow and control.”

Finally, deterrance will play an imporant role in avoiding conflict, as it did in the Cold War with Russia.

The Chinese military appreciates that both it and the U.S. have cyber offensive capabilities and defensive vulnerabilities – “big stones, and plate glass windows,” said Lewis. “We’re back to mutually assured destruction.”

Others said that the military shouldn’t look any differently at hostile cyber actions than it would at physical attacks or efforts to undermine U.S. soverignty.

“The U.S. posture has always been that ‘if you annoy us,’ we’ll do bad things,’ said Martin Libicki, a Senior Scientist at RAND. “We don’t need to be more specific than that.”

Still, panel members said that the People’s Republic and People’s Liberation Army are still unsure about the proper role of cyber offensive capabilities in their own plans, despite the country’s image as a finely oiled cyber warfare machine.

“The Chinese have not thought about cyber war as politics by other m eans,” Libicki said. He added that the Chinese military may have probed critical infrastructure such as electrical grids of the U.S. and its allies, but “there’s a big difference between doing reconnaissance and understanding how systems fail. Going into systems doesn’t necessarily give you that.”

In fact,  the country’s leaders are anxious to hear the opinions of U.S. policy experts on what an effective cyber war doctrine and policy should look like.

“Many of us up here are being asked to meet with the Chinese in advanced seminars,” said James Lewis, a Senior Fellow at the Center for Strategic and International Studies. Beyond that, many of the country’s articulated policies on the role that cyber capabilities will play in national defense appear to closely resemble published U.S. position papers and doctrine, said Eric Rosenbach, a Deputy Assistant Secretary of Defense for Cyber Policy at the Department of Defense. 

The panel went on to discuss the proper role of the U.S. Government in securing private infrastructure domestically, and in concert with its allies. The U.S. needs to continue building its cyber capabilities, in the same way as it has built other warfighting capabilities (think: pilots in World War II) when the need arose. 

More government efforts to promote software security and to protect critical infrastructure from attack are needed. Uncle Sam could also put m ore research and development dollars behind research into new security technology and look for ways to ensure the continuation of critical supply chains in the event of a hot war – cyber or otherwise.

Panel members were divided on the question of whether information gleaned through military or intelligence operations should be shared with private sector firms to protect the nation’s economic interests. Still, all those options – and more – are clearly on the table within policy circles in Washington D.C.

“We as a nation know what steps we need to take to reduce our risk in cyber space,” said Lewis of CSIS. “We may not want to, politically, but we know what those steps are.” 

A hot topic of conversation now within policy circles, cyber war is likely to end up as just another weapon in the arsenal of the U.S., China and other advanced nations, said Lewis. “People will figure out how to use it.”

Suggested articles

Discussion

  • Anonymous on

    First sentence - dryespite

  • Anonymous on

    lol

  • Anonymous on

    So the point is the Chinese government won't engage in all out cyber war, because "we will do something bad?"  So what is hacking a key peice of the security infrastructure for the entire United States goverment (RSA), and using the knowledge to penetrate every system they can get our hands on considered?  Being frisky?

    Somehow this behaviour doesn't indicate to me that the groups behind this are trembling in fear over the possibility of "something bad" happening.

    "The Chinese have not thought about cyber war as politics by other means," is a preposterous statement, how do you explain hacking the Dali Lama?  RSA got caught with their pants down, and now they are trying to cover their bare bottom by playing philosopher by parading a bunch of wonks that have convinced themselves that theres a nebulous policy reason behind what is pure, textbook asymetric warefare.

  • Anonymous on

    China gets away with it for years, but anonymous is the real threat so we will go after them instead. Nation state stealing everything they can get to VS. punk asses defacing sites and doing stupid crap around the net??? Lets get our priorities straight about what the real risks are to the country and American business. 

  • Anonymous on

    How about having copies of our own drones and Joint Strike Fighters keeping watch over those Carriers?  China knows that we're not gonna do Jack Schitt...at least with our current pr3s in office.  "Hey Iran, can we pretty-please have our drone back?"

  • David Swan on

    A disappointing panel.

    1. There was no awareness of the Chinese mind-set. They do not 'have' to see things any way but theirs. The Chinese believe they are the Middle Kingdom. Their vantage point is from that perspective.Diplomacy has never been successful in changing the Chinese.

    2. The United States perspective on the Internet is different than almost the entire rest of the world. The concept of free knowledge available on-line is at its source an American idea. Europe is more security aware and has different legislative and practical priorities. "Getting the allies together" is a huge task.

    3. The Peoples Liberation Army is VERY sure of their role in Cyberwarfare. How do I know? They have published much of their core teachings. I can point you at specific references if required.

    4. "We know what steps we need to take". Really? A review of the challenges facing network administrators on a professional site such as Tech Republic will document the underfunding, and general lack of support provided to this first line of defence.

    Cyberwarfare won't go away because you want it to. It is here. It has happened. It will happen again.

    David Swan

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.