Cyberwarfare between the U.S. and China
Image by jurvetson
At the Churchill Club top 10 tech trends debate I disagreed with the propositions that “Cyber Warfare Becomes a Good Thing” and that “US is the Supreme Cyber Security Force in the World and its Primary Force; citizens accept complete observation by the functions of a police state. A devastating electronic attack results in govt. militarization of major gateways and backbones of the Internet.” I have problems with the “goodness” in the first prediction, and while the U.S. may argue that it is the best, I don’t think the trend is toward a sole superpower in cyberspace.
The NSA TAO group that performs the cyber–espionage pulls 2 petabytes per hour from the Internet. The networking infrastructure to support this is staggering. Much of it is distributed among the beige boxes scattered about in plain view, often above ground on urban sidewalks. When President Obama receives his daily intelligence briefing, over 75% of the information comes from government cyberspies. (BusinessWeek)
Cyber-offense may be very different than cyber-defense. Some argue that open disclosure of defense modalities can make them stronger, like open source software. But offensive tactics need to be kept private for them to be effective more than once. This leads to a lack of transparency, even within the chain of command. This leaves open the possibility of rogue actors — or simply bad local judgment — empowered with an ability to hide their activities and continual conditioning that they are “beyond the law” (routinely ignoring the laws of the nations where they operate). We may suspect that rogue hacking is already happening in China, but why should we expect that it wouldn’t naturally arise elsewhere as well?
Since our debate, the Washington Post exposé reported:
“Chinese hackers have compromised the designs of some of America’s most sensitive and advanced weapons systems—including vital parts of the nation’s missile defenses, fighter aircraft and warships… Also compromised were designs for the F/A 18 fighter jet, V-22 Osprey, F-35 Joint Strike Fighter, UH-60 Black Hawk helicopters and the Navy’s new Littoral Combat Ship meant to prowl the coasts.”
And today, a new report from the U.K. Defense Academy, entitled The Global Cyber Game suggests that my mental model may be a bit antiquated.
Shall we play a game?
“When the Internet first appeared, the cultural bias of Western countries was to see it as a wonderful and welcome innovation. The fact that it created security problems somewhat took them by surprise and they have been reluctant to respond.
In contrast, states such as Russia and China saw the Internet as a potential threat from the outset, and looked at the problem in the round from their perspective. They formulated strategy and began to move pre-emptively, which has allowed them to take the initiative and to some extent define the Cyber Game.
As a result, cyberspace is now justifiably seen by Western countries as a new and potentially serious avenue of international attack, which must logically be militarized to protect the nation.
But what if information abundance is so deeply transformative that it is changing not only the old game between nations but the global gameboard itself? In this case, we need a different approach, one that seeks to fully appreciate the new game and gameboard before making recommendations for national security.
The ability of national governments to understand and tame the Global Cyber Game, before it takes on an unwelcome life of its own, may be the crucial test for the effectiveness and even legitimacy of the nation state in the information age.” (p.107)
The China Hypothesis
“It makes extensive state-bankrolled purchases of many critical parts of the local economies and infrastructure under the guise of independent commercial acquisitions. These include contracts for provision of national Internet backbones, and equity stakes in utility companies. These enable it to control ever larger parts of the target economies, to install national-scale wiretaps in domestic networks and, in effect, to place remote off-switches in elements of critical national infrastructure.
Finally, to round off the effort, the ‘competitor’ simultaneously makes a massive effort to build its own domestic knowledge industry, sending students around the world in vast numbers to learn local languages and acquire advanced technical skills. In some cases, these students even manage to obtain funding from the target country educational systems. This effort, which only pays off on long timescales, allows it to consolidate and make full use of the information it has exfiltrated from around the world.
If it is allowed to continue for long enough, the target countries will find that they have lost so much autonomy to the ‘competitor’ country that they are unable to resist a full cultural and economic take-over, which is ultimately accomplished without open hostilities ever being declared, or at least not of a type that would be recognizable as industrial-era conflict.
National geopolitical strategy can be disguised as normal commercial activity and, even if this is noticed, it cannot be challenged within the legal systems of target countries. Thus an international-scale offensive could be mounted without it ever being understood as such.
These difficulties are somewhat reminiscent of the industrial cartelization strategy pursued by Germany in the years running up to the Second World War. This carefully orchestrated form of economic warfare was effectively invisible because it was positioned in the cognitive blind spot of British Empire industrialists. Until war broke out, and the deliberately engineered shortage of materials became apparent, they were unable to see it as anything but apparently profit-seeking industrial strategy on the part of German industry.
What sort of response should be made to a strategy like this… is retaliation of any kind appropriate? Should the Cyber Game be played as a zero-sum game? The essential problem is that the strategy involves IP theft on a grand, indeed global scale. This is real destruction of value for those companies and agencies who have been targeted
Is there any other way of looking at this? Possibly the one thought that trumps Western outrage at the idea of information theft is to recall that it can be stolen without being lost, though it may be devalued. It may not be the knowledge itself but how we create it and use it that is important. In this view, the Cyber Game, being ultimately knowledge-based, is genuinely a non-zero game. Among economic players of the Cyber Game, this understanding is gradually turning into an approach that author Don Tapscott calls ‘radical openness’.
A true knowledge-era strategy may not be stealing information but sharing it, playing the Cyber Game high on the gameboard, as Internet pioneers have been doing all along. Maybe Western democracies should respond to China’s alleged actions in the same way. Dare they choose to reframe in this way?” (pp.52-8.)
“The most likely form of conflict is now civil war in countries with governments referred to as anocracies, neither fully democratic nor fully autocratic.
Income polarization is rising within wealthy countries, as a side effect of globalization, and is hollowing out the middle class. Commentators and researchers have noted this effect particularly in the US. Whether this rising polarization could raise the risk of civil war in wealthy countries is questionable, as long as their governments remain effective. This itself will be a function of how well they adapt to the evolving information environment. If they fail, and a combination of financial, economic and environmental crises threaten the ability of governments to maintain the quality of life, then internal conflict is entirely possible.” (p.74)
And as I try to look farther to the future, the offensive cyber-code and autonomous agents of today are not so different from the bio and then nano-weapons of tomorrow. The cell is but a vessel for the transmission of code.
I think humanity will cut its teeth on cultural norms and responses (police state, cyber-counter-guerillas (beyond governments to posses and bounty hunters), and a societal immune system for the crazy ones) in response to the imminent cyber threats… and then we will face bio threats… and finally nano threats. So there is little reason to focus on the latter until we have solved the former.