By James Lewis
Conflict and competition in cyberspace is part of a larger shift in the international security environment as power flows away from Europe and as global institutions developed after World War II are challenged by new economic powers. A new, multipolar order is emerging and in the previous four posts we have seen how cyber competition will be part of this change. It will not be narrowly military, but will include a contest to influence and control the structures and rules of global finance and business.
To once again emphasize the themes of this series: first, there is a continuum from cyber crime to espionage and other forms of cyber competition in Asia; second, much of the activity in this sphere is China-centric; and finally, these activities do not constitute war, but cyber competition can add to the risks of conflict.
These risks can better be managed if cyber conflict is put into a framework of shared understandings and with the application of international law. Controlling this risk requires establishing ‘rules of the road’ in cyberspace on state behavior, understanding military intention and cooperation on cyber crime. Asia’s relatively weak institutions for international security cooperation do not bode well for effective discussions on these issues at an inclusive region-wide level.
One alternative would be to await global understanding of cyber conflict to reduce the chance of cyber conflict in Asia. There are several ‘global’ efforts to reconsider cyberspace governance and cyber security already underway, including work in governmental expert committees in the UN and its agency the International Telecommunications Union.
Another alternative would be bilateral discussion between the United States and China. A’G2′ approach has some appeal – cyber security issues were raised at both the 2011 Security and Economic Dialogue and in recent meetings between Barack Obama and Xi Jinping.
The United States also needs to work closely with its regional partners, acting as a proxy for their interests and bearing in mind that any understandings with China will need to ultimately be implemented on a regional and global scale. Serious cooperation on cyber security may have to begin in the three separate bilateral security arrangements the United States has with Australia, Japan and the Republic of Korea. Improving relations with India also offer some scope for collaboration, particularly since India is concerned about Chinese cyber activities.
As with other security issues in Asia, China’s activities have created an implicit commonality of interests among other regional powers. However, Asian nations which negotiate a collective defense in cyberspace would exacerbate Chinese fears of encirclement or containment by the US and its allies.
The most important way to assure China, reduce its suspicions and also restrain its malicious activity in cyberspace is through engagement and confidence building. China asked to include cyber security on the 2011 Strategic and Economic dialogue (S&ED) agenda, an indication of their interest if not concern. The United States and others can engage China over cyber security as was done in the 1990s on nuclear non-proliferation. Military exchanges would also be useful, but these would need to take place outside the US-China relationship as U.S. military defense officials report that the PLA is unwilling to engage them in dialogue on this issue.
Key decisions for China include deciding when the costs and risks of its cyber espionage programs outweigh the benefits, whether the use of proxy forces (which can be difficult to control) increase the risk of conflict, and how to direct internet activities so that the growing political power of China’s netizens does not compromise the Party’s control.
The experience of the Orange Revolution in Ukraine, dissent in Iran, and the more recent Arab Spring reinforce the notion inside China that new technology creates political risks that the US will seek to exploit. One Chinese official stated in private meetings that ‘Twitter is an American plot to destabilize Iran’ (and, by implication, China). It is difficult to see how these ingrained suspicions can be overcome in the near term.
Global information networks connect national economies more closely than ever before. They accelerate research and innovation. But they have also become a source of vulnerability and a new venue for conflict. Given that cyber conflict occurs on a global network, it is hard to ‘regionalize’ it, but just as Asia has become the most dynamic venue for global economic activity, so has it also become the locus of cyber conflict.
Dr. James A. Lewis is Director of the Technology and Public Policy Program at CSIS. Follow him on twitter @James_A_Lewis. Read his latest reports on increasing cybersecurity here and negotiation in cyberspace here.