21 September 2015

U.S. Continues to Focus on Diplomacy to Try to Get China to Stop Cyber Attacks

September 17, 2015

U.S., China: Diplomatic Solutions to Cyber Security Problems

Forecast 
The United States will continue relying on foreign policy to guard against industrial espionage carried out through cyber attacks. 
Recognizing the importance of the U.S. private sector in network security matters, China will reach out to U.S. technology companies on the issue — an action that will do nothing to promote the multilateral model of Internet governance that China wants. 
Diplomacy will remain the only tool for the United States to safeguard the private sector against espionage. 

Analysis

At the beginning of September, the White House was reportedly deciding whether to deploy sanctions ahead of Chinese President Xi Jinping’s first state visit to Washington. The sanctions would have targeted Chinese entities involved in industrial espionage, particularly cyber espionage, against U.S. companies. Now, the White House has reportedly decided against plans to impose sanctions before Xi’s arrival in Washington.

The initial plans for sanctions, revealed in leaks to U.S. media outlets, would have made use of U.S. President Barack Obama’s executive order, signed in April, authorizing the Treasury Department to seize the assets of entities engaged in cyberattacks and bar their financial transactions. But it is difficult to ascribe responsibility to particular actors. Because of this, sanctions would do little to stymie the flow of Chinese cyberattacks, whether from the public or private sector. However, sanctions could cause Xi political embarrassment back home as he pushes for reform and tries to deal with economic challenges. They would also, of course, make his visit to the United States a tense one. As a result, high-level U.S. and Chinese security officials reportedly struck an agreement regarding several network security issues during a Sept. 11 high-level meeting in Washington.

Government officials have not disclosed the specific points of the Sept. 11 agreement, but it is unlikely at this point that Beijing or Washington will substantially shift their cybersecurity policies against one another. Nevertheless, the Sept. 11 meeting highlights an important step for the United States, which relies on foreign policy to protect its economic interests from foreign cyberattacks.

The U.S. government currently has few tools outside of foreign policy to defend its private sector from cyberattacks. And China, including its individual citizens and businesses, has significant economic incentive to continue siphoning trade secrets from U.S. businesses in cyberspace. While the United States is among the most technically capable countries in cyberwarfare, these capabilities do not enable the government to guard the private sector against intruders. As a result, Washington is simply unable to stem the flow of cyberattacks without support from Beijing. The United States has more to lose to industrial espionage, and China has more to gain from allowing it to continue.

The White House’s Limited Role

Washington has placed significant emphasis on protecting its interests from China’s economic ambitions and on the critical role cyber espionage plays. In addition to lobbying aggressively for intellectual property rights protections worldwide, the White House has continually sought effective means to protect the U.S. private sector in cyberspace. The White House is not alone in this quest; virtually all countries, including China, are attempting to incorporate network security into domestic and foreign policy.

As with all countries, the United States’ current network security policies are tailored to its economic environment and strategies. Washington requires that its economic interests be guarded against global spying in cyberspace while global economic activity continues on the Internet free from government intervention. The current multi-stakeholder model of global Internet governance that emerged in the United States and guides the global policies and technology standards of the Internet is a cornerstone of the U.S. position — and directly contradicts the “multilateral” model proposed by countries such as Russia and China. The U.S. stance means that the private sector and government should play equal roles in dictating the technology standards and policies that govern Internet activity.

However, this policy also severely restricts the role the U.S. government can play in safeguarding its private sector in cyberspace from foreign economic and political adversaries. The U.S. government has direct control over securing the public sector’s Internet infrastructure, so its own technological solutions are well suited to guard against general espionage activities. The fears of physical sabotage of critical infrastructure, such as electricity grids, via cyberattack are mitigated partly because such acts are more likely to justify a military response. However, the United States’ private sector is largely on its own in defending itself from industrial espionage activities, which typically fall far below the threshold for any kinetic military response.

As a result of the U.S. government’s limited ability to protect its private sector’s interests from China’s intertwined network security policies and economic strategies, the White House has struggled to find an effective foreign policy in deterring cyberattacks. The U.S. desire for Internet governance, largely being pushed by its own private sector, is currently being challenged by other countriesoutside the polarization between the United States and China. Individual countries have been adopting their own national policies that effectively create a fragmented regulatory environment, to the ire of U.S.-based Internet firms.

China Reaches Out to the Private Sector

Beijing is aware of the White House’s limited role in network security regarding industrial espionage. As a result, Beijing understands that the U.S. private sector is a necessary player both in diffusing tension between the two countries over cyber espionage and in Beijing’s attempts to promote its multilateral view of global Internet governance. Shortly after initial media reports of possible sanctions against Chinese entities emerged, Xi reportedly decided to visit Seattle, Wash., on Sept. 23 before arriving in Washington, D.C., to meet with Obama.

Xi’s visit to Washington state will coincide with an annual technology forum in Seattle that is cohosted by Beijing. The forum will include executives from top Chinese and U.S. technology firms as well as China’s top minister overseeing cyberspace, Lu Wei. Xi reportedly is scheduled to meet with Microsoft’s founder and former CEO, Bill Gates, at Gates’ home. Along with a few other U.S. technology companies, Microsoft has had particular issues both with China’s network security policies and with rampant intellectual property theft in China. Issues for Microsoft in China were compounded when documents leaked by former National Security Agency contractor Edward Snowden specified that Microsoft allowed U.S. intelligence services backdoor access to encrypted communications in its Outlook.com service.

Some of the U.S. companies whose top executives reportedly will attend the Sept. 23 forum include Apple, Microsoft, Uber, IBM and Google. Most of these companies have had tensions with China related to intellectual property rights violations, China’s obstructive cybersecurity policies and cyberattacks. Still, U.S. tech companies cannot turn away from opportunities to expand in China’s massive domestic market. The size of its market gives China significant leverage in formulating its cybersecurity policies to bolster its own domestic high-tech industries against those of the West.

The decision for Xi to travel to Seattle prior to his Washington, D.C., visit and his attendance at the U.N. General Assembly, along with Lu’s participation in the technology forum, highlight the importance Beijing sees in the U.S. private sector, not just for economic cooperation but also for discussing high-level issues between the two countries regarding cyberspace. Meanwhile, Washington state’s particular economic reliance on exporting goods to China will create a more welcoming environment for Xi.

In addition to Xi’s visit to Seattle during the technology forum, China’s official press agency, Xinhua, reported Sept. 15 that Beijing would host an international security conference on Sept. 29 in which cybersecurity firms from both the United States and China would meet. Most notably, however, the former head of both the U.S. Cyber Command and the NSA, Gen. Keith B. Alexander, is reportedly going to speak at the event — a development likely tied to the results of the Sept. 11 high-level meeting about the growing tension between Beijing and Washington over cyber espionage.

For China, including the U.S. private sector in discussions of cybersecurity goes against its ideal view of Internet governance. However, given the contention between Washington and Beijing, and the White House’s limited role in network security, the private sector is a necessary player in China’s diplomatic exchanges with the United States.

Still No Solution Except Diplomacy

Beijing’s diplomatic moves during September will not further its efforts to push its multilateral Internet governance model. And despite China’s economic leverage, Beijing will not push its economic and cybersecurity policies to the point of damaging ties with Western tech industries, given China’s continued dependence on foreign technologies. However, the United States, even after the Sept. 11 meeting, will still be challenged in protecting its economic interests from Chinese cyber espionage.

Acts of industrial espionage are particularly difficult for a national government to counter when the actors are located on foreign soil. Moreover, the nature of cyber espionage can obfuscate its origins — a major issue, since Beijing’s involvement is not needed for Chinese businesses and citizens to commit such acts. Thus, despite Washington’s option to impose sanctions, Beijing knows the White House would be challenged to continually pursue individual actors. Furthermore, the U.S. government’s limited role in safeguarding its private sector’s network infrastructure means it must continually use foreign policy to get Beijing to cooperate in limiting China’s role in cyber espionage.

So far this month, the United States and China have sent a great number of signals to each other about cyber espionage. Although U.S. concern about Chinese cyber espionage is not likely to wane in the short term, Xi’s visits to Washington and Washington, D.C., as well as the Sept. 11 meeting on cybersecurity, highlight significant steps for the White House toward building a diplomatic solution with China.

No comments: