China's Cyber Weakness
Writing for The Global Journal, EWI's Greg Austin discusses tensions in the U.S.-China relationship surrounding cybersecurity concerns.
The last two months have seen unprecedented friction between the United States and China over allegations of attacks by the latter on the computer networks and sensitive information of American business and government. The public commentary in the United States has frequently painted China as an enemy -- as if there were no other context. There has been almost no attention paid to the underlying asymmetry in cyber power between the two countries. This imbalance of power has helped to fuel insecurity for both countries and to drive the aberrant behavior.
Here is a brief chronology of recent diplomacy. On 12 February, United States President Barack Obama, without naming China, alluded to it as an enemy of the United States for seeking to occupy its critical infrastructure through cyber operations. The remarks came two days after leaks from a U.S. intelligence estimate named China – again – as the most serious menace in the cyber domain. On 11 March, National Security Adviser Thomas Donilon issued three demands on China, which responded the next day saying it was prepared to talk. The next day, the Director of National Intelligence identified cyber threats to the United States as the number one threat, and talked of a “soft war” against the United States in this domain. On March 14, Obama raised the issue with President Xi Jinping in their first telephone call as heads of state. On March 18, China’s Prime Minister surprisingly called on both China and the United States to stop making “groundless accusations” about cyber attacks against each other. On March 19, U.S. Treasury Secretary Jack Lew discussed the issue when he met Xi in Beijing. One week later, President Obama signed a bill that will exclude the purchase of IT products by U.S. government agencies if any part of them is made by a Chinese corporation.
The United States has never mounted such a robust diplomatic campaign against China in this field, nor has it ever appeared to stake so much of the entire U.S/China relationship on cyber issues. A disinterested bystander could be forgiven for believing that China’s cyber power and actions are a serious threat to United States national security and that a confrontation between the two countries is inevitable unless China changes course.
Yet in overall capability, China’s armed forces remain weak relative to those of the United States. In the cyber domain, in spite of successes in peacetime espionage, China is simply not competitive with the United States for the full range of cyber combat operations during wartime. That is what is what China’s leaders think. And it is what the United States government and the best-informed American analysts (from the intelligence community) think.
The analysts say fairly uniformly that the United States has an unmatched military cyber power for several reasons. First, it has been able to build off its pre-eminence in the civilian information technology sector. Second China lacks the necessary testing ground for strong military cyber capabilities, especially the capacity for integrated command and control of joint operations. The analysts cite in the U.S. case a strong tradition of such operations refined in combat around the globe for at least 25 years. Third, and most importantly, the United States has unmatched human and technical intelligence collection capabilities needed for effective cyber offensive operations against military targets.
It is China’s weakness relative to the United States that determines its military strategy of disabling some critical information infrastructure in the United States in the event that a war with it seemed imminent.
If both countries want stability, and an end to current cyber practices, the over-arching policy question then becomes one of comparing insecurities and vulnerabilities, and later eventually addressing them. The two countries appear to need a strategy for managing a very big asymmetry of military power in cyber space. There is little hint of that consideration in the bilateral diplomacy so far. A heavier emphasis on how concepts of common security can be applied in the bilateral cyber relationship may be needed.
Greg Austin is a professorial fellow at the EastWest Institute. He leads the institute's Policy Innovation Unit.