Can US complaints stop China from cybersnooping?
WASHINGTON — On stage at an Asian security conference in Singapore last week, Defense Secretary Chuck Hagel minced no words pointing to a “growing threat of cyberintrusions, some of which appear to be tied to the Chinese government and military.”
The statement, which echoed the wording of the Pentagon’s recent report to Congress on China’s military, might be the most high-profile public expression yet of long-simmering frustrations on the part of U.S. officials over what’s seen as a wide-ranging Chinese cyber-espionage campaign aimed at U.S. military and industrial secrets.
Dozens of sensitive weapons systems and programs have been compromised by cyberspying, according to confidential table in a Defense Science Board report released in January, ranging from new aircraft to missile defense technology.
White House officials say those concerns will be aired at the highest possible level Friday, when President Barack Obama meets Chinese president Xi Jinping at a summit in California. A senior administration official speaking on the condition anonymity this week told reporters Obama would let Xi know “there’s an expectation that all of us are working together to protect the infrastructure of the global economy against cyber-intrusion, and that countries need to meet their responsibilities.”
But can American exhortations about cyberspying — even when voiced by the president — have a dramatic effect?
Cyberwarfare experts are divided in their opinions about whether the U.S. can convince Chinese leaders it’s in their nation’s interest to rein in spying and recognize what Hagel last month called “a rules of the road” for cyber.
“I don’t think it’s realistic to expect China to change their behavior simply by appealing to their better nature or by saying we don’t think it’s fair, what you’re doing,” said Ian Wallace, a visiting fellow in cybersecurity at the Brookings Institution, a Washington think tank.
China’s cyber-espionage campaign is a high-tech extension of what countries, including the United States, have engaged in throughout history, and appears to have served Chinese national interests well, said Wallace, a former cybersecurity official for Britain’s Ministry of Defense.
“They feel they are gaining a considerable amount, I imagine, both in leveling the playing field militarily, and in helping keep their economy buoyant while other countries around the world are under pressure,” he said.
U.S. complaints and criticism ultimately won’t constraint China, Wallace said. The U.S. meanwhile doesn’t want to upset a crucial economic relationship with harsh diplomatic measures, and aiming the U.S.’s superior military cyberfirepower at China in response to spying risks a confrontation no one wants, he said.
But rallying other nations to apply diplomatic pressure as China moves toward increased political and economic integration with the rest of the world could result in an eventual turnaround, Wallace said.
“The U.S.’s best hope is to work with like-minded countries to build a coalition that makes the Chinese feel they’re outside of accepted norms,” he said.
But outside pressure may have little effect on Chinese leaders who have continued to deny any involvement in cyber espionage despite a rising chorus of blame, said Martin Libicki, a cyberspace researcher and senior management scientist at the RAND Corporation, a U.S.-based think tank focused on defense policy.
“I’m kind of skeptical,” he said. “If China were one-tenth the size it is and they were still trying to join the country club, we could make them accept what we want. But China’s economy is almost as big as ours.”
For now the onus is on the U.S. government and private corporations improve cyber security, and remove data critical for national security from unclassified computer networks, Libicki said.
China’s attitude could change if Chinese hackers spying on Chinese firms begin damaging its economy, he said.
“It’s quite possible China comes to the point it realizes the disregard of intellectual property is limiting its own growth and begins limiting it internally,” he said. “Once you do that, it becomes more difficult to have state-run hackers there.”
The United States has enough leverage to move China toward a more neighborly approach to cyber security, said a member of the task force that produced the DOD Defense Science Board report that tallied the U.S. systems compromised by cyber intruders.
“I think there is great potential to strike a norms agreement with China — something that says this is acceptable behavior, this is unacceptable behavior,” said Michael Swetnam, chairman and CEO of the Potomac Institute for Policy Studies, a think tank based in Arlington, Va.
China, which frequently complains of cyberattacks coming from the United States, respects U.S. offensive cyberabilities, and might welcome an agreement limiting U.S action. Even if China doesn’t immediately abide by the rules, he said, getting it to agree to a set of standards that forbids stealing secrets is a first step that puts the United States in position to push the Chinese government to rein in cyberspies.