After a fairly auspicious start to 2011, relations between the United States and China have soured once again over the issue of cybersecurity.
Google’s assertion earlier this month that hackers located in China had been seeking to steal the passwords of hundreds of Gmail account users, including those of senior U.S. officials and Chinese political dissidents, sparked the predictable denials and counter-accusations from Beijing. The fact that the U.S. Federal Bureau of Investigation (FBI) is looking into the allegations lends an additional air of seriousness to the spat, as do the recent statements on the issue by the U.S. secretaries of State and Defense and senior Chinese government spokesmen.
In U.S.-China relations, each decade seems to have its own thorny issue that rises above the others and defines the relationship to a disproportionate degree. In the 1990s, human rights was the major issue of concern (from the U.S. vantage, at least). In the first decade after the turn of the millennium, in the wake of China’s accession into the World Trade Organization, trade became the predominant source of friction. Recent developments suggest that cybersecurity is going to be the U.S.-China issue of this decade – and it just might make the other issues look easy by comparison.
The very term “cybersecurity” embraces a number of different dimensions. Breaches of cybersecurity can range from mere technical glitches; to willful cybermisfeasance – relatively minor acts of cyber-mischief; to cybercrime, such as acts of theft or fraud; to cyberespionage (both commercial and political-military) – the illicit seeking of sensitive economic or national security information of another country; to cyberterrorism and even full-fledged cyberwarfare – violent acts of non-state and state actors, respectively, targeting civilian and critical national assets.
One of the dynamics that tends to complicate U.S.-China relations around the issue of cybersecurity is the propensity of U.S. journalists, and even some experts, to characterize actions that fall within the first several categories of activity noted above, and that were likely perpetrated by private individuals (with no or, in any case, varying degrees of coordination with the central government), as “cyberwarfare.” Like a number of other observers, I believe the utilization of the term “cyberwarfare” by U.S. writers in these lesser contexts is misleading and unhelpful. As I have often said, if we were ever in a state of true cyberwarfare with China (or any other major cyber power, for that matter), we’d certainly know it – and frankly, it would probably be the least of our problems at that point. (I cannot easily envision a scenario in which two nations would be in a full-on cyberwar with each other that would not almost instantly become a full-fledged, total war between them.) The tendency in the United States to cast cyber tensions between the United States and China as manifesting a state of “cyberwar” between the two countries reinforces a general sense, among average Americans, that China is somehow the “enemy.” In turn, China’s invariably shrill responses to charges like those Google recently made only serve to perpetuate the old rhetorical cycle.
I am convinced that somewhere in a newsroom tonight, there is a China affairs or foreign affairs reporter who is already writing the news copy for the next iteration of this story; I doubt he or she will have to edit the piece much when the actual events occur some weeks or months from now. The script is pretty predictable.
Of course, rhetoric is by no means the only aspect of the problem. At the core of U.S.-China cyber tensions is a simple truth: the two countries, like virtually all countries, spy on each other, including via cyber means. As outgoing U.S. Defense Secretary (and former CIA director) Robert Gates himself testified before the U.S. Senate earlier this month: “Most governments lie to each other. …[S]ometimes they send people to spy on us, and they’re our close allies.” If that’s true amongst our “close allies,” then it’s certainly true of countries whose basic ideologies are so antithetical and whose political systems are so profoundly different.
The United States and China will continue to probe each other’s cyber capabilities and defenses for many years to come. That should surprise no one. Still, what is needed is a more substantive and open dialogue between the two governments about cybersecurity.
In sharp contrast to the cases of human rights in the 1990s and trade and economic issues in the 2000s, in which – despite the sharp divergence in perspectives on the issues – there was intensive engagement between the two governments on a nearly daily basis, there is as yet relatively little concrete and sustained engagement between the United States and China on cybersecurity. Indeed, cybersecurity was added to the agenda of the all-encompassing Strategic and Economic Dialogue (S&ED) discussions between the two governments only this year. I was glad to see this development; in a March 2010 op-ed in the Dallas Morning News, I was the first voice in the U.S. media to call for cybersecurity to be added to the S&ED agenda.
The EastWest Institute, a New York-based foreign policy think tank specializing in track 2 diplomacy, has made a concerted and fruitful effort to address the “dialogue deficit” between the United States and China on cybersecurity. We invited senior Chinese officials to address our Worldwide Cybersecurity Summits in Dallas in 2010 and London in 2011 and invited Chinese internet experts, from both the public and private sectors, to play an active, and indeed integral, role in our multilateral efforts to establish international rules of the road in the cybersecurity domain. The EastWest Institute also brought together top-level U.S. and Chinese experts to explore what the two countries could do, on a voluntary basis, to combat the dissemination of spam – and in the process, helped produce the first U.S.-China consensus set of recommendations on a cybersecurity topic. This is a strong foundation on which further cooperation can be built.
The fact is, the cybersecurity challenges we face today are global in nature; they require international collaboration. Both the United States and China, as two of the preeminent cyber powers in the world today, need to be at the table.
As posited above, the news story about the next U.S.-China cyber flap has probably already been written; it’s old news before it has even occurred. Perhaps it’s time to write the next chapter in this important story.
David J. Firestein is vice president of the EastWest Institute. A former U.S. diplomat, he is the author of three books on China, including two China-published best-sellers.