Mattis, Jamestown Foundation China Program fellow, 2015
Download 0.59 Mb.
|
Cyber AdvantageStatus Quo Deal FailsThe status quo cyber arrangement lacks any benchmark-means it can’t be enforced.Steinberg, Secure My Social CEO, 2015 (Joseph, “10 Issues With the China-US Cybersecurity Agreement”, 9-27, http://www.inc.com/joseph-steinberg/why-the-china-us-cybersecurity-agreement-will-fail.html) 6. In order to verify that the parties are honoring their commitments, the US and China are supposed to "establish a high-level joint dialogue mechanism on fighting cybercrime and related issues" and "this mechanism will be used to review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side" In other words, the determination of whether the Chinese are adhering to the agreement will be a subjective decision based on conversations and communications; no objective metrics have been established by the agreement. This deficiency in the agreement is serious--as one of the arguments that has been made for supporting an agreement with China, as noted by Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs and Senior Fellow at the Atlantic Council, has been that if China violates the agreement the United States "will be in a much stronger position to respond to Beijing over its commercial espionage" (perhaps by levying sanctions and/or gaining international support for sanctions). If there is no objective way to measure compliance, why would anyone support a US contention that China has violated the agreement? Measuring the number of arrests made by China at the request of the US, and calculating how much cooperation was received when aid was requested, are also poor methods to determine compliance; the US's primary need is not for China to arrest hackers, but to curtail the hacking. Under this agreement China can arrest hackers who are identified by the United States, and appear to be compliant, but simultaneously continue to tolerate or actively carry out attacks through other parties. Also, keep in mind that the most dangerous and damaging attacks are often those that have not been identified, and, therefore, for which no requests for assistance or arrests have been made.
(Brinda, “Is The U.S.-China Cyber Security War Ending?”, 11-2, http://www.valuewalk.com/2015/11/is-the-u-s-china-cyber-security-war-ending/) Even as the Sino-American cyber security arrangement is welcomed as a much-needed step forward, experts caution against excessive optimism: the arrangement faces several challenges, the bulk of which arise out of the anonymous nature of cyberspace. Conclusively tracking a sophisticated cyber attack to its source is believed to be virtually impossible- a fact that has made it difficult for states to corroborate their allegations against one another. Advanced hacking technologies and skills allow malicious parties to ‘bounce off’ their cyber activities off several servers situated in several countries. This makes narrowing down the origins of the attack to a single place nearly impossible. When the number of actors involved in a particular cyber attack is increased, it makes triangulating the source that much harder. As such, most states ultimately fall back on preventing cyber attacks by investing in advanced cyber security defense systems instead of actively fighting them. Even if a cyber attack is successfully traced back to a particular computer, determining the complicity of the state in the attack can prove to be both difficult and fraught with political risks. Most governments choose not to publicly accuse one another of cyber security breaches because of the ensuing diplomatic crises and political hostilities that are sure to follow in the wake of unverified claims. And so, the second challenge that the China-U.S. cyber security agreement faces is the fact that even if the governments possess a genuine aim to cooperate, they cannot guarantee the compliance of their people; if a private citizen is to direct a cyber security attack against the other country, its people or businesses, separating the home government from the independently-acting individual may prove to be challenging. Too many loopholesGady, Diplomat associate editor, 2015 (Franz-Stefan, “What Does the Future Hold for China-US Relations in Cyberspace?”, 10-16, http://thediplomat.com/2015/10/what-does-the-future-hold-for-china-us-relations-in-cyberspace/) Conversely, it is important to understand that the agreements reached are only a starting point and need to be followed up by more concrete and more clearly defined documents specifically addressing issues that have plagued Sino-U.S. bilateral relations in cyberspace from the start—issues such as questions over verification, terminology, and norms. Without this, real progress will not be likely. The most talked about section of the joint statement outlines that both countries will refrain from engaging or “knowingly” supporting “cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” This is an important diplomatic breakthrough. Curtailing Chinese state-sponsored cyber espionage activities has been the top priority of the Obama administration in the Sino-U.S. bilateral relationship in cyberspace for some time. Overall, in the past year, the U.S. assumed a tougher stance on alleged Chinese state-sponsored cyberespionage activities. For example, in April 2015, U.S. President Barack Obama signed an executive order establishing the first-ever sanctions program specifically designed to deter state-sponsored malicious activities in cyberspace on a strategic scale, declaring such activities a “national emergency.” In a separate analysis a few weeks back, I noted that by threatening sanctions, the Obama White House intends to elevate the subject of cyber espionage to a more strategic level between the two sides during bilateral discussions. Thus, the Chinese concession to agree to a joint statement on this subject can be construed as a diplomatic victory for the Obama administration. However, in order to yield more concrete results, the Xi-Obama statement needs to be immediately followed up by a more comprehensive agreement. For one thing, Chinese President Xi Jinping still maintains that his state is not collecting commercial intelligence and does not engage in cyber espionage. Therefore, it is fair to assume that Xi could claim that the agreement does not apply to ongoing Chinese state-sponsored activities in cyberspace. Thus, it is easy for Beijing to support a new norm that the Chinese government insists it is following already. Moreover, the statement contains the loophole that both sides only refrain from “knowingly” supporting the collection of commercial intelligence—a position that both countries had already agreed to in past meetings. This provision permits plausible deniability for both sides when caught: commercial espionage is often outsourced to quasi-independent (“patriotic”) hackers over which both governments can claim that they have no control. Lastly, the agreement only talks about refraining from collecting trade secrets rather than curtailing the passing on of intelligence to third parties (private companies) in order for them to gain a competitive advantage. However, practically every state in the world, including the United States, is engaged in collecting commercial intelligence and there is no agreed upon international norm against it. This could potentially undermine the larger legal principle behind the agreement to abstain from cyber-enabled intellectual property theft as outlined in the White House Fact Sheet. Yes EscalationChina’s military strategy guarantees cyber escalation.VornDick, US Navy lieutenant commander, 2013 (Wilson, “The Real U.S.-Chinese Cyber Problem”, 7-30, http://nationalinterest.org/commentary/the-real-us-chinese-cyber-problem-8796?page=3) Cyber in China’s Recent Defense White Paper These pronouncements come at the heels of China’s recently published defense white paper that publicly promulgates its military’s intentions. “Cyber” is mentioned only twice in the entire paper. China did recognize however, that “changes in the form of war from mechanization to informationization are accelerating,” while “major powers are vigorously developing new and more sophisticated military technologies so as to ensure that they can maintain strategic superiorities in international competition in such areas as . . . cyber space.” China also unequivocally stated in the document that it would “counterattack” if attacked. Troubling Prospects for U.S.-Chinese Cyber Operations This is particularly troubling for Chinese and American authorities because it is unclear whether or not they could manage their cyber responses in a measured and proportional way if an unofficial or official outbreak of digital force, intentional or not, were to occur. The severity of this issue is intensified by the lack of official Chinese pronouncements or transparency on their cyber operations. Clandestine cyber units, such as the PLA-sponsored Unit 61398 in Shanghai, operate with destructive global reach, adding a layer of uncertainty to an illicit cyber response. After a thorough analysis of the defense white paper, it is clear that the Chinese leadership is reticent to articulate their intentions in cyber warfare. For defense purposes, this is troublesome for Washington. There is a variety of political and military reasons for this course of action. Perhaps this Chinese reluctance in setting the guidelines of response stems from the lack of pressure from the United States and other nations. In any case, it is doubtful that the leadership would state a different course of action than its professed desire to conduct only defensive and nonaggressive operations. Despite this, there is a distinct possibility that if push came to shove, Chinese leadership may be ill-equipped to bring its digital forces to bear or reign in these forces in a responsive, proportional manner once they are released. This is precisely because the Chinese lack LOAC doctrine, training and first-hand experience. The Chinese leadership could make a disastrous miscalculation if it were to mismatch capability or response with the objective or threat at hand, thus risking more confusion and escalation. The recent summit in June may be step toward some sort of digital détente or cyberwar norm. The two states should work to form one sooner rather than later, lest they push each other over the digital edge.
The plan’s offer is a good starting point even if it doesn’t address everything.Harold, RAND Center for Asia Pacific Policy associate director, 2016 (Scott, “Getting to Yes with China in Cyberspace”, http://www.rand.org/pubs/research_reports/RR1335.html) Were such a three-part agreement—including a norm of not targeting or intruding into each side’s critical infrastructure—combined with an offer to help China improve its attribution capabilities in exchange for a deal to actually follow through on, investigate, and maybe even prosecute cyber intrusions originating in China (or the United States) come into existence, it might change the nature of the two sides’ relations in cyberspace across an important swath of issues. To be sure, the two countries would still disagree strongly over such issues as freedom of access to information (United States) versus information control and cyber sovereignty (PRC), efficiency and effectiveness of the current international backbone architecture of the Internet (United States) versus cyber hegemony (PRC), whether both would still engage in cyber-enabled national security espionage, and differences over a host of other issues in cyberspace and beyond. But such a deal, if it could be credibly committed to and followed through on in practice, would represent a substantial improvement of the U.S.-China relationship in cyberspace, for which reason we argue it is worth consideration and additional research. In conclusion, Chinese and U.S. views of cybersecurity overlap only on a few points, and even where they do, the two sides will find it difficult to make progress on such issues as avoiding targeting of critical infrastructure if the two sides struggle to maintain the progress hinted at in the September 2015 summit agreement on cyberspace. With respect to reaching a broad, meaningful, and lasting agreement on norms about legitimate targets in cyberspace, much work remains to be done, and it is unclear that such a result will indeed be possible. Perhaps the most promising area where we might see some prospect of negotiating a set of norms in the years ahead lies in avoiding targeting or carrying out espionage on critical infrastructure. This could be supported by efforts to create common standards of evidence, define how attribution is to be done, and prosecute those who commit such actions. Directory: wp-content -> uploads -> sites sites -> 587 Return function, r i(X) r i(0) r i(1) r i(2) r i(3) 1 0 2 4 6 Thermal Station, I 2 0 1 5 6 3 0 3 5 6 10 sites -> Medical Radiography Program sites -> Background on the Haitian Earthquake sites -> Desk review yemen sites -> Safe Transitions for the Elderly Patient (step) sites -> District profile Haripur Introduction sites -> Germanie VanTrease and Tyler Tetzloff sites -> For more information sites -> To be completed by the cerf secretariat. Type of submission sites -> Sponsor Content Above the Clutter with Pete Krainik Download 0.59 Mb. Share with your friends:
|