US & China Are Escalating Their Cyber War

defense-large.jpg

Threet & Response: A Snapshoy of the Cyberwar.

"Admiral, is China an adversary?" On July 30, U.S. Republican Senator Tom Cotton asked that question to Adm. John Richardson, who is President Barack Obama's nominee to be the next chief of naval operations. 
Heretofore, the most common answer in official Washington to that question has been to describe China as a competitor, not an adversary. Richardson avoided a straight answer; he said China was "a complex nation," doing some things that possessed an "adversarial nature." But by declining to give the standard response, Richardson may have signaled a transition in official thinking to the view that China is in fact an adversary.
The Obama administration now faces a critical decision on two flashpoints created by Chinese aggression. The first is how the United States government will respond to the cyber intrusion into the Office of Personnel Management (OPM) database, an attack that resulted in the theft of over 20 million government personnel records. The administration has reached a series of conclusions regarding the OPM hack that represents a significant departure from past practices. 
In the wake of the OPM data breach, establishing cyber deterrence with China will require inflicting punishment on their decision-makers in a way that harms their interests (in order to demonstrate that it is possible to do so), and promising more to come if these decision-makers don't change their behavior. And that will likely require much sterner measures than the diplomatic protests and Justice Department indictments that have thus far had no discernible effect. Critics of retaliation will protest that a response will only result in an escalating cyber war between the two countries, with the United States more exposed to the damage that would bring. 
The second flashpoint is of course Chinese activities in the South China Sea. According to a recent article in Politico, a civil-military dispute is now simmering between Navy officers and officials at US Pacific Command (PACOM) and advisers at the White House. Military officials want a clear demonstration of freedom of navigation near China's outposts in the Spratly Island chain but are meeting resistance from White House advisers, who are seemingly reluctant to create a flare-up in the region, especially in advance of Chinese President Xi Jinping's visit to the United States in September.
US officials refuse to say whether US warships or aircraft have sailed or flown within 12 nautical miles of any of the seven Chinese artificial islands in the Spratlys. According to the United Nations Convention on the Law of the Sea (UNCLOS) (which China has ratified and the United States has not), artificial structures built on submerged features, which describes at least six of China's seven outposts, do not possess the 12 nautical mile territorial right. Querulous Navy and PACOM officials are concerned that a failure to defend the law with a visible demonstration will result in the gradual acceptance of China's territorial claims in the sea.
This is not a new issue but recent events have stepped up the urgency of a response. Having largely completed its dredging and land reclamation at its seven sites in the Spratlys, the next phase for China will be further structural improvements such as more offices, barracks, piers, warehouses, aircraft hangers, and military equipment. 
The United States and its partners will undoubtedly have to reckon some day with Chinese missiles in the Spratlys. But establishing the initial legal precedent of freedom of navigation by sailing and flying within 12 nautical miles of China's sand piles will be an easier decision before those missile are installed.
The upcoming summit between Obama and Xi may be the last chance to prevent China's slide from competitor to adversary. That chance is slim. China seems committed to both its cyber espionage program and its territorial expansion in East Asia on its "blue soil." We can now see in retrospect that America's long-standing, bipartisan policy of forbearance toward China has accelerated the slide and therefore should be seen as totally discredited.
Judging by media reporting, the Obama administration seems to have endorsed the principle of deterrence, enforced through punishment, to protect US interests in cyberspace. What remains unknown is how much punishment, and in what forms, the United States will have to deliver in order to establish deterrence. 
Chinese leaders are likely to presume they possess significant comparative advantages in the cyber domain, which means that retaliation and escalating cyber duels are possible. Applying deterrence theory to the cyber domain presents far more questions than answers. This does not mean that deterrence is not the right approach for the US government to take. But once on this course we should expect some surprising departures from past experiences. Finally, we should not be surprised if "cyber non-combatants" suffer some collateral damage once hostile network packets start flying in all directions.
As with the looming cyber war, such a US demonstration in the South China Sea would be merely the next move in an open-ended game. What will follow are deeper examinations about whether the United States and its partners in the region are prepared to compete in the game, and how policymakers and military leaders on all sides expect to either control escalation or attempt to use escalation to their advantage. A question no one will be asking at that point is whether China is an adversary.
Ein News:  http://bit.ly/1hPOcNG

 

« Cognitive Computing: What Can and Can’t Be Done.
Hit List: ISIS 'hacking division' Releases Details of 1,400 Military & Government Personnel. »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.

CodeShield

CodeShield

CodeShield is a SaaS that helps software developers and security teams secure IAM in the public cloud. With us, you detect IAM privilege escalations easily and achieve least privilege.