Modern field guide to security and privacy

Opinion: Restraint is the best weapon against Chinese hacks

When Chinese President Xi visits the US this month, President Obama has a rare chance to forge a strategic deal with China to ease the growing cyberconflict between Washington and Beijing.

Wang Zhao/Reuters
Chinese President Xi Jinping prepares to review the People's Liberation Army during a military parade in Tiananmen Square on Sept. 3. REUTERS/Wang Zhao/Pool

Shock over the Office of Personnel Management hack will have hardly subsided by the time Chinese President Xi Jinping arrives in Washington later this month to meet President Obama. 

Since China is the leading suspect in the breach that compromised the most intimate details on more than 20 million people, this may not seem like the best time for President Xi's first state visit. But when it comes to deescalating a growing cyberconflict between Beijing and Washington, the visit comes at a critical moment. 

If the Obama administration practices some smart diplomacy – and ignores US hardliners calling for blood – it's possible to reach a concord to reduce tensions and dramatically increase stability between the two nations. If the US looks to “retaliate against” or “punish” China, as security hawks are advocating, then the situation may escalate out of control.

Legitimately or not, China appears to feel that its own digital spying practices are reciprocal to US actions. From its point of view, China is as much a victim as an aggressor when it comes to cyberattacks. After all, former National Security Agency contractor Edward Snowden leaked documents in 2013 that appear to confirm China is a top target of US clandestine cyberoperations. Those revelations emerged nearly simultaneously with the first Xi-Obama summit.

So, instead of sanctioning Chinese entities suspected of cyberattacks or any other kind of retaliation over the OPM hack, Obama should use the Chinese visit to broker a strategic deal with Xi.

First, Obama can highlight the exceptional restraint of US cyberoperations, stressing that those campaigns are conducted under tight command, control, and legal review; carried out according to approved requirements; and subject to independent oversight by other government branches. Significant disruptive attacks require the president’s personal approval. 

The US has recently proposed cyberoperation norms that include not attacking computer emergency response teams or critical infrastructure out of wartime. Regardless of any Chinese actions, Obama should emphasize that the US will abide by these norms: It's simply what great powers do.

Second, the president could offer other areas where the US will exercise restraint such as cyberattacks on nuclear power plants or electrical transmission and distribution systems – all of which are incredibly escalatory. The only reason to intrude into such systems is to take them down during wartime. Going after Chinese financial targets is perhaps similarly unwise (though surely tempting).

As some in Washington argue, perhaps the OPM hack was so aggressive that it exceeds acceptable norms when it comes to retaliation over cyberattacks. Still, for Beijing to suppress these kinds of intrusions, the US may need to agree to dampen its own offensive cyberoperations aimed at China. Without international laws governing espionage, informal agreements can exist to maintain stability between nations. 

During the cold war, the Soviet Union and the US agreed not to kill the other side's spies. Violations were met with swift reciprocation. These are the "unwritten practice of civilized relations between special services," as expressed by one (Russian) participant.

To some US hardliners, these options may seem like naïveté or surrender. With our national manliness challenged, they say now is the time to attack, not show restraint.

Unfortunately, the history of cyberconflict shows that such aggression worsens national security. There are few examples of nations backing down after an attack. Rather, adversaries improve capabilities and counterattack. But in this case, if Washington tries to coerce Beijing with threats or punishment, expect China to respond in kind, continuing the escalatory spiraling of a classic security dilemma.  

Obama should work to reduce digital tensions. If that fails, then both Xi and the international community will recognize that the US retaliated only after seeking the peaceful option.

The US has far more interests in common with China today than it did with the Soviet Union during the cold war. The two presidents may never have a better opportunity to find comity to improve stability in cyberspace and decrease the chances of escalation in the interests of both nations.

Jason Healey is senior research scholar at Columbia University’s School of International and Public Affairs and senior fellow at the Atlantic Council. Follow him on Twitter @Jason_Healey.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.