Report Stresses Importance of Agreement to Avoid Cyber Conflict

Video

Who Is Xi Jinping?

President Xi Jinping of China arrived in the United States on Tuesday for a state visit at a crucial crossroads in the Sino-American relationship.

By JONAH M. KESSEL on Publish Date September 21, 2015. Photo by Wu Hong/European Pressphoto Agency.

As China president Xi Jinping begins a trip to the United States that could include the first arms control accord for cyberspace between the United States and China, a new RAND report that rates the cyber warfare capabilities of the world’s two largest economies shows how important such an agreement could be.

The report, which rates the capabilities of both militaries over the course of two situations, a conflict over Taiwan and one over the Spratly Islands, dedicates an entire chapter to the respective cyber capabilities of both sides.

As it maps out the potential conflicts, and in turn the potential ways each country could attack the other’s network, it becomes apparent why a first agreement between President Obama and Mr. Xi might focus on the rules of the road for attacks on core infrastructure instead of on better publicized Chinese attacks aimed at gaining advantages and intellectual property for companies.

In particular, it argues unclassified networks for key infrastructure are more vulnerable than those of the military, and that broad attacks have a huge potential to cause unanticipated escalations.

Even so, it says that the United States would probably do better than might be expected given the high-profile media coverage of Chinese cyberattacks.

The Chinese military “has been heavily involved in large-scale cyber espionage since the mid-2000s, which has made it the subject of much media attention. Because the most common targets of these attacks have been lightly defended corporate and unclassified government systems, this activity may have created an exaggerated sense of the capabilities that China might bring to bear in an operational military context,” it concludes.

Still, it adds that China’s cyberattack capabilities have continued to improve, and judges that it has gained ground on the United States in recent years, downgrading the country from having a “major advantage” to having simply an “advantage” as of 2010.

Citing a 2013 document distributed throughout China’s People’s Liberation Army called “The Science of Military Strategy,” the report adds that the Chinese army recognizes the major advantages to being aggressive in cyberwar.

One danger of that, and also more broadly of employing cyberattacks in a situation of escalating conflict, is that of unintentional escalation. Using several hypothetical situations, the report shows how a cyberattack could deepen a conflict. For example, it points out that if China were to make a move for Taiwan, a cyberattack aimed at hurting the potential for the United States to intercede, could contradictorily force the U.S. to come into the conflict.

Likewise it argues that in the case of some kind of regional conflict, United States attacks on Chinese infrastructure that in peace-time would be deemed mainly of civilian importance could take on deeper military implications.

“Weighed against their likely impact, cyber attacks against dual-use targets raise escalatory concerns. To be sure, this is true of many other forms of warfare, but there is particular danger in cyberwar, with its inchoate rules of engagement, lack of international consensus on the legitimacy of different types of targets, and lack of meaningful experience to underpin the understanding of collateral effects,” the authors write in the report.

Even so, there are plenty of reasons that China and the U.S. would be unlikely to carry out a major attack aimed broadly at civilian populations. In particular, the report points out that close economic relations could mean an unintentional business fallout at home while the interconnectedness of the Internet makes the effects of broad attacks unpredictable (for example, Chinese data stored abroad could be inadvertently disrupted).

Also likely to be on the front of Beijing’s mind, the report argues, are a few larger concerns. In particular, during wartime issues surrounding control of potentially destabilizing information within China and tracking of dissident activity are also likely to “loom large.”

Another issue, according to the report, is the fact that a huge proportion of China’s computers run pirated versions of Windows that are likely to be vulnerable to attacks. Adding to that concern is overwhelming dominance by American companies in software.

Many in the Chinese government believe “that the United States has the ability to corrupt or disrupt the functioning of any device with U.S.-made software. Their appetite for a full-fledged cyberwar may be proportionately limited, and their receptivity to U.S. hints that it could unleash such a cyberwar itself may be heightened,” the report added.

Even if the United States continues to have an advantage, the uncertainties that come with a cyber confrontation are high, in particular if either side would resort to “strategic cyberwarfare,” a term it uses to describe broad attacks designed to impact the opposition’s will to fight.

“In view of the potential for escalation, it is uncertain whether either side will resort to strategic cyberwarfare,” the report said. “If they do, results may be highly unpredictable. The outcome will depend not only on each side’s competence but also on chance factors (e.g., cascading affects), the defensive posture and resiliency of each side’s organizations and infrastructure, how each side’s public reacts, how political leaders factor public opinion into their strategic calculus, and whether and how one side or the other escalates as a result.”