Foreign Affairs and Brookings have published long pieces on US-China cyber relations in the last few days.
In Chinese Computer Games–Foreign Affairs, Adam Segal writes that:
Both China and the United States consider operations in cyberspace a valuable tool, and China currently has little interest in cracking down on hackers, who pose a constant threat to its economic and military rivals. This doesn’t mean that there is nothing Washington can do, however. Instead of engaging in a futile effort to achieve some equivalent in cyberspace to nuclear détente, the U.S. government should pursue a wide-ranging approach to protecting American interests that includes working closely with other Internet powers and raising the costs of hacking. Cyberattacks are less like on-off switches and more like dials. The goal of U.S. policy should be to turn them down…
Assembling an international consensus on norms about cyberspace, however, is a strategy that will probably take a long time to pay off, if it ever does. There is little the United States can do to alter China’s conception of cyberspace, a vision it is actively promoting abroad. With a growing population of 500 million Internet users, it is easy to see why the Chinese believe that the future of cyberspace belongs to them. In the meantime, the most pressing tasks for the United States are to raise the costs incurred by Chinese hackers and to improve the security of networks at home. Yet U.S. officials should be realistic: Chinese-based cyberattacks will not disappear anytime soon.
In the Brookings Institution’s Cybersecurity and U.S.-China Relations, Kenneth Lieberthal and Peter Singer argue that:
No one should expect the issues to be resolved any time soon. Any discussions in the cyber realm must take account of the relative newness of this issue (even terminology concerning key concepts is not fully standardized), the dearth of effective coordinating mechanisms within both national polities, and the high level of mutual suspicion that already exists concerning motives and activities in this space. The potential of cyber space for espionage is so overwhelming that it is unrealistic to seek cooperative agreements to govern this part of the problem. The same is likely true of issues in which there are serious disagreements over values, such as the extent to which citizens should be free to voice views that the government considers harmful to stability. But the fact that the arena has so many daunting characteristics does not in any way reduce the importance of working to build greater understanding and cooperation in this space. Instead, it should make the ongoing failure to develop cooperative approaches and common norms all the more disturbing.
Both are worth reading in their entirety.
It is naive to expect China to curtail cyber espionage activities, just as it is unreasonable to expect the US to halt its own efforts. US institutions and companies with data to protect need to be much more aggressive about protecting their networks and sensitive data, and administrators of institutions and executives of firms that are negligent with their data security should be held accountable.
Meanwhile, bigger budgets and expanded powers are likely in the NSA’s future. Today’s Wall Street Journal reports that:
The National Security Agency director and other intelligence officials have been making the case within the Obama administration that the NSA should play a bigger role in protecting computer networks in the U.S., according to current and former U.S. officials.
The proposals from Army Gen. Keith Alexander and others would expand the NSA’s authority to allow it to block or pre-empt cyberattacks targeting entities within the U.S. and to scan for cyber threats but not monitor the content of communications, these officials said…
NSA technology currently used to defend military networks would allow it to scan large volumes of Internet traffic and block incoming cyberattacks. Some of that technology grew out of a program launched years ago, called Tutelage, which detects incoming cyberattacks and allows NSA to block the threat or manipulate the attack code, according to people familiar with the program.