Can the U.S. & China Make Peace in Cyberspace?

A ChinaFile Conversation

Chinese President Xi Jinping arrives in the United States today on his first state visit. Xi will address a group of American business leadersin Seattle. High on their list of concerns about trade with China is cyber hacking, cyber espionage and intellectual property theft; not to mention a broader fear about the possibility of cyber warfare on key infrastructure such the power grid.  Over the weekend, The New York Times reported that the Xi and Obama administrations were negotiating a deal that might result in some sort of a cyber detente or framework for global Internet conduct. — The Editors


The most that will come out of this meeting is the start of a discussion about how to set up a nonproliferation agreement on cyber warfare. But it will likely be a long time before we ever see anything concrete put in place.

One of the difficulties in hammering out an agreement is defining which attacks should be considered as “cyber attacks.” However, the bigger semantics question is whether or not the Chinese authorities consider the great firewall to be “critical infrastructure” and thus protected under any “peace” agreement. They likely will argue that it is, and that attacks on the great firewall should be protected under any truce.

China demands respect for its desire to maintain cyber sovereignty and, in March of this year, unleashed a cyber weapon, the Great Cannon, in an effort to disrupt overseas websites that were delivering uncensored and stability-threatening information into China, including ours.

China and the U.S. are at opposite ends on the issue of freedom of speech. Earlier this month, The New York Times published a story claiming that the Obama administration would consider countering Chinese cyber attacks by dismantling the great firewall. It’s clear that the U.S. government (USG) does not consider censorship to be critical infrastructure, and rightly so.

If the USG plays its cards right during Xi’s visit, it could secure China’s promise in working together to deter cyber attacks while finally making the decision to ramp up their efforts to tear down the great firewall. The USG has invested in many Internet freedom projects—now is the time to make sure they have what they need to bring down the world’s most sophisticated censorship apparatus. Beat online censorship in China and you can beat it anywhere. As an added benefit, the USG would also open the market for the thousands of global Internet and media companies who have seen their websites blocked by the Chinese authorities.

The USG should take the opportunity of what will be an unamenable Xi delegation to put in action a plan to achieve Internet freedom in China. This could include:

  • Pledging continued financial support for the development of circumvention tools.
  • Putting pressure on U.S. companies to reverse their decisions to complicity cooperate with the censorship demands of the Chinese authorities. The first meetings should be with executives from Apple and LinkedIn.
  • Developing a defense mechanism to protect against DDoS attacks (like the Great Cannon) which try to induce self-censorship.
  • Putting pressure on Chinese companies operating in the U.S. (or listed on stock exchanges in the U.S.) to limit their censorship of users outside of China.

These actions, which, arguably, would lie beyond the parameters of a cybersecurity agreement, would send the right “signal” to the Chinese authorities, and would be a far more effective deterrent for future cyber attacks than a last-minute, coddled together Memorandum Of Understanding. Ultimately, this course of action also would bring freedom of access to information to hundreds of millions of people around the world.

Will peace in cyberspace between the U.S. and China be maintained? The good news is that we will most likely not see devastating cyber assaults with spill-overs into the kinetic realm between both nations. The probability that China switches off the lights in New York City or the U.S. in Shanghai is negligible. The reported talks on a sort of agreement about proliferation in the cyber realm demonstrates that there is a recognition on both sides that there are worst case solutions [scenarios?] that must be avoided. However, the importance of this agreement must not be overstated: neither side currently has an interest in causing serious bilateral conflict. In that sense, the agreement is an empty gesture: a promise not to do something neither side was planning anyway, without strong implementation and monitoring measures.

And this brings us to the bad news, which is that irritation and tensions will continue to persist in the relationship.

Some American voices have accused China of tone-deafness to U.S. concerns on cybersecurity. Yet, a close read of authoritative Party media shows that the well-known allegations of economic cyber-espionage are, at least, mentioned. However, they are always connected to the claim that the U.S. is equally tone-deaf to China’s worries and insecurities. Some of these are existential: the Chinese policy sphere is rife with writings about the regime-changing intentions of “foreign hostile forces”. Moreover, in Chinese policy circles, it is claimed the Snowden revelations have amply demonstrated that the United States merely use their views and values as an insincere pretext to pursue narrow self-interest. The result is that China has adopted a consistent defensive strategy that is closely matched to its actual capabilities, making for a relatively strong bargaining hand. Exacerbating this problem is the fact that the United States rarely has followed through on its stated intentions, creating an image of weakness.

But perhaps most problematically, it seems that— beyond wanting an end to economic espionage—the U.S. government doesn’t have a plausible and realistic scenario for where it wants the cyber relationship to go, and how to get there. Most importantly, it is necessary to consider what actually can be achieved. Many aspects of Chinese Internet governance are unlikely to change any time soon, regardless of any U.S. input. There are few incentives to relax policy on online speech, or change Beijing’s stance on China’s cyber sovereignty. Political capital spent in these areas will strengthen the agenda of hawks in Beijing, without any significant progress on the ground. Rather, priority should be given to interests that are mutually significant and immediately relevant, as well as to developing better structured channels for consultation and negotiation. Lastly, the U.S. will need to bear in mind that, as its leadership in cyberspace is considerably less dominant than in the past, it will face the argument that other countries are equally entitled to conduct similar actions.

Before answering the question regarding the China-U.S. cyber issues, I want to raise another question: Is it possible that China and the U.S. engage in warfare? I think it is highly possible that your answer would be "not a chance". Why?

Fundamentally, because China has nuclear weapons; because China is on an equal footing with the United States in terms of nuclear destructive power. Without nuclear weapons, China's peace cannot be guaranteed.

Let's go back to the question posed in the first place: Can the U.S. and China make peace in cyberspace? I believe the same principle applies.

Stable, long-term peace in cyberspace between the two powers can ultimately be realized only if China manages to raise its game in cyberspace to a level on par with that of the United States. Without an equal balance of cyber power between China and the U.S., any agreement on cyber security will merely be a temporary treatment for the problem.

Signing agreements may be an effective tool in resolving conflicts in some areas, but it cannot be the ultimate solution, especially in the cyber security area. It is constructive to ink deals for cyber cooperation, say, a pact prohibiting from conducting cyber attacks on each other's information sector. But the question is: Is such an agreement a safe bet that intellectual property theft won't happen again?

Probably not. At the current stage, China won't even know it if the U.S. hackers break into its information systems and steal information, because China is not on an equal footing with the United States in terms of cyber power.

To sum up, I believe a balanced, stable and peaceful cyber relationship can be made after China beefs up its cybersecurity arsenal to the same level of the United States.