US & China Are Escalating Their Cyber War

defense-large.jpg

Threet & Response: A Snapshoy of the Cyberwar.

"Admiral, is China an adversary?" On July 30, U.S. Republican Senator Tom Cotton asked that question to Adm. John Richardson, who is President Barack Obama's nominee to be the next chief of naval operations. 
Heretofore, the most common answer in official Washington to that question has been to describe China as a competitor, not an adversary. Richardson avoided a straight answer; he said China was "a complex nation," doing some things that possessed an "adversarial nature." But by declining to give the standard response, Richardson may have signaled a transition in official thinking to the view that China is in fact an adversary.
The Obama administration now faces a critical decision on two flashpoints created by Chinese aggression. The first is how the United States government will respond to the cyber intrusion into the Office of Personnel Management (OPM) database, an attack that resulted in the theft of over 20 million government personnel records. The administration has reached a series of conclusions regarding the OPM hack that represents a significant departure from past practices. 
In the wake of the OPM data breach, establishing cyber deterrence with China will require inflicting punishment on their decision-makers in a way that harms their interests (in order to demonstrate that it is possible to do so), and promising more to come if these decision-makers don't change their behavior. And that will likely require much sterner measures than the diplomatic protests and Justice Department indictments that have thus far had no discernible effect. Critics of retaliation will protest that a response will only result in an escalating cyber war between the two countries, with the United States more exposed to the damage that would bring. 
The second flashpoint is of course Chinese activities in the South China Sea. According to a recent article in Politico, a civil-military dispute is now simmering between Navy officers and officials at US Pacific Command (PACOM) and advisers at the White House. Military officials want a clear demonstration of freedom of navigation near China's outposts in the Spratly Island chain but are meeting resistance from White House advisers, who are seemingly reluctant to create a flare-up in the region, especially in advance of Chinese President Xi Jinping's visit to the United States in September.
US officials refuse to say whether US warships or aircraft have sailed or flown within 12 nautical miles of any of the seven Chinese artificial islands in the Spratlys. According to the United Nations Convention on the Law of the Sea (UNCLOS) (which China has ratified and the United States has not), artificial structures built on submerged features, which describes at least six of China's seven outposts, do not possess the 12 nautical mile territorial right. Querulous Navy and PACOM officials are concerned that a failure to defend the law with a visible demonstration will result in the gradual acceptance of China's territorial claims in the sea.
This is not a new issue but recent events have stepped up the urgency of a response. Having largely completed its dredging and land reclamation at its seven sites in the Spratlys, the next phase for China will be further structural improvements such as more offices, barracks, piers, warehouses, aircraft hangers, and military equipment. 
The United States and its partners will undoubtedly have to reckon some day with Chinese missiles in the Spratlys. But establishing the initial legal precedent of freedom of navigation by sailing and flying within 12 nautical miles of China's sand piles will be an easier decision before those missile are installed.
The upcoming summit between Obama and Xi may be the last chance to prevent China's slide from competitor to adversary. That chance is slim. China seems committed to both its cyber espionage program and its territorial expansion in East Asia on its "blue soil." We can now see in retrospect that America's long-standing, bipartisan policy of forbearance toward China has accelerated the slide and therefore should be seen as totally discredited.
Judging by media reporting, the Obama administration seems to have endorsed the principle of deterrence, enforced through punishment, to protect US interests in cyberspace. What remains unknown is how much punishment, and in what forms, the United States will have to deliver in order to establish deterrence. 
Chinese leaders are likely to presume they possess significant comparative advantages in the cyber domain, which means that retaliation and escalating cyber duels are possible. Applying deterrence theory to the cyber domain presents far more questions than answers. This does not mean that deterrence is not the right approach for the US government to take. But once on this course we should expect some surprising departures from past experiences. Finally, we should not be surprised if "cyber non-combatants" suffer some collateral damage once hostile network packets start flying in all directions.
As with the looming cyber war, such a US demonstration in the South China Sea would be merely the next move in an open-ended game. What will follow are deeper examinations about whether the United States and its partners in the region are prepared to compete in the game, and how policymakers and military leaders on all sides expect to either control escalation or attempt to use escalation to their advantage. A question no one will be asking at that point is whether China is an adversary.
Ein News:  http://bit.ly/1hPOcNG

 

« Cognitive Computing: What Can and Can’t Be Done.
Hit List: ISIS 'hacking division' Releases Details of 1,400 Military & Government Personnel. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

CloudDNA

CloudDNA

cloudDNA is the only dedicated Citrix NetScaler consultancy in EMEA. We can help your migration to NetScaler secure networking solutions.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

InfoArmor

InfoArmor

InfoArmor delivers information protection solutions, intelligence and investigative services to help businesses fight evolving online threats.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Our IT Department

Our IT Department

Our IT Department Limited is a leading IT services organisation that was founded to provide premium IT support services and the latest technology solutions.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.