How to Build U.S.-China Cyber-TrustBlazing the Trail from Hacking to Cooperation
A 2010 survey of IT security experts stunned many by naming the United States, not China, as the most feared nation in cyberspace.
When the Center for Strategic and International Studies issued that survey, the "most feared nation" view of the U.S. may have been fueled by media coverage of America's preparation for cyber-warfare, said Stewart Baker, who oversaw the survey. "I'm not sure that's entirely a realistic view of the landscape, but it is an accurate reflection of the opinions provided to us in the report," said Baker, the onetime Department of Homeland Security assistant secretary for policy (see Which Nation is Most Feared in Cyberspace?).
I don't think we'll ever completely solve the problem, but we can change the pace of the deterioration.
Today, with the insight of a Monday morning quarterback, we see that those fears may have been justified, given the steady flow of leaks from top-secret U.S. government documents pilfered by former National Security Agency Edward Snowden.
Yet, even with the Snowden revelations, a strong argument could be made that China should be seen as the greater threat in cyberspace, based on reports earlier this year from the security firm Mandiant and the Defense Department about cyber-espionage China has conducted against businesses, the government and military (see Mandiant on Nation-State Threat and DoD Outlines China's Spying on U.S. IT).
But the question shouldn't be about which nation is the most feared in cyberspace, but rather what to do about it. The place to start is for the U.S. and China to build trust between themselves. Although attempts have been made - Presidents Obama and Xi Jinping of China addressed cybersecurity at a summit earlier this year (see Expecations Set Low on Obama-Xi Summit) - rhetoric emanating from both sides recently isn't encouraging.
"If meaningful action is not taken now, this behavior will undermine the economic relationship that benefits both our nations," National Security Adviser Susan Rice warned China last month about its hacking of U.S. companies to steal intellectual property and trade secrets.
And last month's report from the U.S.-China Economic and Security Review Commission called on Congress to stiffen federal laws that would allow the government and business to defend against cyber-espionage (see Shaming China to Stop Hacks Doesn't Work). "The Chinese government is directing and executing a large scale cyber-espionage campaign that poses a major threat to U.S. industry, critical infrastructure, military operations, personnel, equipment and readiness," commission member Larry Wortzel told the Voice of America, calling for U.S. lawmakers to respond to China's action.
Chinese Foreign Ministry spokesman Hong Lei accused the commission of having a "Cold War" mentality, saying the panel has been releasing reports "brimming with ideological prejudice" for years, according to the VOA.
Co-DependenceKarl Rauscher, a distinguished fellow and chief technology officer of the global think tank EastWest Institute, says this distrust comes at a time when both nations are "incredibly, pervasively dependent" on one another.
"There are accusations made from both sides about how one is taking advantage of the other and not behaving in a way that is trusted," he said in an interview with me. "I don't assume that any of the bad stuff that has been said is not true. It's probably all true. I think it could be a lot worse."
Rauscher sees four paths that the U.S. and China can take:
- The situation worsens, accelerating the deterioration of relations between both nations;
- Maintain status quo, which would increase instability and distrust, albeit at a slower pace;
- Each nation acknowledge the concerns of the other, which could slow the rate of decline in the U.S.-China relationship;
- Work to fix the problem, which should produce more trust.
The EastWest Institute last month issued a roadmap, Frank Communication and Sensible Cooperation to Stem Harmful Hacking, which offers 10 recommendations that Rauscher contends would establish practical conversations and relationships that can slow the rate of destabilization and with continued application could reverse the trend's direction to one that is favorable.
At the heart of the plan is implementation of a Total Trust Management system that assures a reliable assessment. With this system in place, according to the report, genuine trust can thrive and each party can have confidence in their assessment.
Rauscher says the Total Trust Management system also will detect when either party is demonstrating behavior that is not trustworthy, and likewise enable a party to have confidence in its judgment that there is insufficient evidence that their interests are being protected.
"I don't think we'll ever completely solve the problem, but we can change the pace of the deterioration, which could be a significant accomplishment," he said.
And, he says, if the U.S. and China can develop more trust in cyberspace, it would lead the way for other nations to cooperate to reduce the cyber-risks all nations face.
"If you're going to do a study on hacking, the one to do is the one on the two largest economies in history," he said. "This is the place to start. If you can solve this problem, you can probably solve the other ones."
Only the most optimistic can envision the U.S. and China tearing down that wall of distrust anytime soon. But it's worth a try, and perhaps one day neither will be feared in cyberspace. That day can't come soon enough.