The Internet is now a battlefield. China is not only militarising cyberspace it is also deploying its cyber warriors against the United States and other countries to conduct corporate espionage, hack think tanks, and engage in retaliatory harassment of news organisations.
Cyberspace attacks are another dimension of the ongoing strategic competition between the United States and China a competition playing out in the waters of the East and South China seas, in Iran and Syria, across the Taiwan Strait, and in outer space. With a number of recent high-profile attacks in cyberspace traced to the Chinese Government, the cyber competition seems particularly pressing. It is time for Washington to develop a clear, concerted strategy to deter cyber war, theft of intellectual property, espionage, and digital harassment. Simply put, the United States must make China pay for conducting these activities, in addition to defending cyber networks and critical infrastructure such as power stations and cell towers. The U.S. Government needs to go on the offensive and enact a set of diplomatic, security, and legal measures designed to impose serious costs on China for its flagrant violations of the law and to deter a conflict in the cyber sphere.
Fashioning an adequate response to this challenge requires understanding that China places clear value on the cyber military capability. During the wars of the last two decades, China was terrified by the U.S. military’s joint, highly networked capabilities. The People’s Liberation Army (PLA) began paying attention to the role of command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) assets in the conduct of war. But the PLA also concluded that the seeds of weakness were planted within this new way of war that allowed the United States to find, fix, and kill targets quickly and precisely an overdependence on information networks.
Consider what might happen in a broader U.S.-China conflict. The PLA could conduct major efforts to disable critical U.S. military information systems (it already demonstrates these capabilities for purposes of deterrence). Even more ominously, PLA cyber warriors could turn their attention to strategic attacks on critical infrastructure in America. This may be a highly risky option, but the PLA may view cyber-escalation as justified if, for example, the United States struck military targets on Chinese soil.
China is, of course, using attacks in cyberspace to achieve other strategic goals as well, from stealing trade secrets to advance its wish for a more innovative economy to harassing organisations and individuals who criticise its officials or policies.
Barack Obama’s administration has begun to fight back. On February 20, the White House announced enhanced efforts to fight the theft of American trade secrets through several initiatives: building a program of cooperative diplomacy with like-minded nations to press leaders of “countries of concern,” enhancing domestic investigation and prosecution of theft, promoting intelligence sharing, and improving current legislation that would enable these initiatives. These largely defensive measures are important but should be paired with more initiatives that start to play offense.
Offensive measures may be gaining some steam. The U.S. Justice Department, in creating the National Security Cyber Specialists’ Network (NSCS) last year, recognises the need for such an approach. The NSCS consisting of almost 100 prosecutors from U.S. attorneys’ offices working in partnership with cyber-experts from the Justice Department’s National Security Division and the Criminal Division’s Computer Crime and Intellectual Property Section — is tasked with “exploring investigations and prosecutions as viable options for deterrence and disruption” of cyberattacks, including indictments of Governments or individuals working on the Government’s behalf. It’s a good first step, but Congress could also consider passing laws forbidding individuals and entities from doing business in the United States if there is clear evidence of involvement in cyber attacks.
Congress could also create a cyber attack exception to the Foreign Sovereign Immunities Act, which currently precludes civil suits against a foreign Government or entity acting on its behalf in the cyber-realm. There is precedent: In the case of terrorism, Congress enacted an exception to immunity for states and their agents that sponsor terrorism, allowing individuals to sue them.
Enterprising companies and intelligence personnel are already able to trace attacks with an increasing degree of accuracy. For example, the U.S. security company Mandiant traced numerous incidents going back several years to the Shanghai-based Unit 61398 of the PLA, which was first identified publicly by the Project 2049 Institute, a Virginia-based think tank. Scholars Jeremy and Ariel Rabkin have identified another way to initiate non-Governmental legal action: rekindling the 19th-century legal practice of issuing “letters of marque” the act of commissioning privateers to attack enemy ships on behalf of the state — to selectively and cautiously legitimise retaliation by private U.S. actors against hacking and cyber-espionage. This would allow the U.S. Government to effectively employ its own cyber militia. Creating new laws or using current ones would force the Chinese Government and the entities that support its cyber strategy to consider the reputational and financial costs of their actions. Of course, if the United States retaliates by committing similar acts of harassment and hacking, it risks Chinese legal action. But America has a key advantage in that its legal system is respected and trusted; China’s is not.
Diplomatic action should bolster these efforts. The Obama administration’s suggestions for pressuring China and other countries are a good start, but U.S. diplomacy must be tougher. In presenting Chinese leaders with overwhelming evidence of cyber-misdeeds (but without giving away too many details), Washington should communicate how it could respond. To control escalation, the administration should explain what it views as proportionate reprisals to different kinds of attacks. (For instance, an attack on critical infrastructure that led to deaths would merit a different response than harassment of the New York Times.)
As the administration’s report suggests, the United States is not the only victim and should engage in cooperative diplomacy. The United States should set up a center for cyber defense that would bring together the best minds from allied countries to develop countermeasures and conduct offensive activities. One such center could be Taiwan, as its understanding of Chinese language, culture, business networks, and political landscape make it invaluable in the fight against cyber attacks. Of course, centers could be placed elsewhere and still utilise Taiwan’s knowledge, but even the threat of placing a cyber defense center just across the strait would be very embarrassing for China’s leaders, as Taiwan is viewed as a renegade province. The point is not to be gratuitously provocative, but rather to demonstrate that the United States options that China would not favor.
The U.S. military’s cyber-efforts presumably already include it own probes, penetrations, and demonstrations of capability. While the leaks claiming the U.S. Government’s involvement in the Stuxnet operation — the computer worm that disabled centrifuges in the Iranian nuclear program — may have damaged U.S. national security, at least China knows that Washington is quite capable of carrying out strategic cyber attacks. To enhance deterrence, the U.S. Government needs to demonstrate these sorts of capabilities more regularly, perhaps through cyber-exercises modeled after military exercises. For example, the U.S. military could set up an allied public training exercise in which it conducted cyber attacks against a “Country X” to disable its military infrastructure such as radars, satellites, and computer-based command-and-control systems.
To use the tools at America’s disposal in the fight for cyber security will require a high degree of interagency coordination, a much-maligned process. But Washington has made all the levers of power work together previously. The successful use of unified legal, law enforcement, financial, intelligence, and military deterrence against the Kim regime of North Korea during a short period of George W. Bush’s administration met the strategic goals of imposing serious costs on a dangerous Government. China is not North Korea it is far more responsible and less totalitarian. But America must target those acting irresponsibly in cyberspace. By taking the offensive, the United States can start to impose, rather than simply incur, costs in this element of strategic competition with China. Sitting by idly, however, presents a much greater likelihood that China’s dangerous cyber strategy could spark a wider conflict.
Source : Foreign Policy Magazine
China Crack Down on Internet Freedom
Though it might sound unexpected, the Chinese government came under scrutiny last year as a result of some online missteps. As a communist country, China works to control what is published about its Government and political figures. However, if we’ve learned anything during the last five years in America, it’s that news travels fast and unencumbered via Twitter. The same can be said of China’s own microblogging service, Weibo.
In December last year, a hole opened up in what’s known as the great firewall of China, allowing users across the country to search through posts which would have normally been censored. This opened up the Government and its politicians to plenty of criticism, ranging from serious to silly. Now, it seems Chinese officials have made up their mind and will begin making moves to crack down on internet censorship once more, according to the Wall Street Journal. Senior members of china’s national people’s congress began looking into a new bill that would require all Chinese internet users to list their real name. According to the news source Xinhua, the new bill was designed to protect personal information.
That the bill is being discussed at this level of the Chinese government means that it is likely to be set into action once it moves through the system. In addition to forcing its citizens to use their real names on the internet, the new law could also prevent foreign companies from publishing anything on the Chinese internet. As reported by Cnet Asia, these rules are already in place, but regulators have been hesitant to enforce them. This new law, however, could give them all the motivation they need. Speaking to the Wall Street Journal, David Wolf of Wolf Group Asia has said the new bill seems to be the direct result of the number of scandals involving Chinese politicians which have recently been uncovered and shared via Weibo.
“The recent measures appear to be steps taken in a bid to ensure the primacy of the party’s messages to online audiences in the same way it has accomplished that with traditional media,” said Wolf.
Some of these scandals involve affairs and the misuse of Government money. for example, Lei Zhengfu, an official from the city of Chongqing, was videotaped having sex with a “much younger” woman. This videotape was then later leaked online, leading to Zhengfu’s dismissal from his post. Zhegnfu denied he had been the one in the video, claiming it had been edited with photoshop to make it appear as if he were having sex with the young woman.
The Wall Street Journal also mentions another case where officials were asked to step down after activists discovered that they owned luxury items, like expensive watches and large homes that their Government salary could not afford them.“The question is whether they’re really protecting personal information, or whether it goes beyond that,” asked David Bandurski, a researcher at Hong Kong University’s China Media Project, speaking to the journal. Though they wish to control what news is spread in China, Bandurski also warns that such measures could greatly inhibit the rise of development in the internet sector.
Source: Michael Harper for redorbit.com your universe online