Cyber ceasefire? US and China square off over Internet espionage claims
The issue of cyber-attacks, accusations of which have marred US-China relations for months, is set to be discussed by the two nations’ leaders at their first informal meeting, scheduled to take place in Sunnylands, California.
The talks have been preceded by months of back-and-forth allegations of cyber-espionage. Washington in particular has repeatedly accused Beijing of perpetrating cyber-warfare, while China has continuously denied the accusations.
The latest round in this blame game saw the US Defense Science Board publish a report saying that nearly 40 Pentagon weapons programs and almost 30 other defense technologies were compromised by Chinese hackers, some allegedly tied to the military or government.
Secretary of Defense Chuck Hagel issued a stern warning to China for its alleged cyber-attacks against the US: “We are also clear-eyed about the challenges in cyber. The United States has expressed our concerns about the growing threat of cyber intrusions, some of which appear to be tied to the Chinese government and military.”
Beijing responded earlier this week, when China’s top Internet security office claimed it amassed huge amounts of data on hacking attacks against the country perpetrated by the United States.
"We have mountains of data, if we wanted to accuse the US, but it's not helpful in solving the problem," said Huang Chengqing, director of CNCERT, China’s cyber-security body.
The simmering US-China cyber-war became particularly acute in early February, when US data company Mandiant reported it tracked 141 cyber-attacks conducted by a single Chinese hacker group since 2006, 115 of which targeted US corporations. US House Intelligence Committee chair Mike Rogers claimed the attacks were sponsored by the Chinese government, and warned that the US was losing its cyber-war with China.
Mandiant also claimed that China carried out a spate of cyber-attacks against the US in May. The security firm said the attacks had subsided for three months following the February accusations.
Some in the US are calling for a clear outlining of the rules for civilized engagement between nations on the Web: “Think of it like the chemical and biological chemicals conventions. Everyone can make those sorts of weapons, but most countries agree not to do so or to use them in conflict. The same is true of cyber, everyone’s got advanced information technology, but we can agree, perhaps, not to attack each other’s infrastructure, or at least not to start doing it,” professor John Arquilla of the US Navy’s postgraduate school said.
This belief is shared by a task force sponsored by Council on Foreign Relations (CFR), an independent US think tank. The task force is chaired by John Negroponte, a former deputy secretary of state and director of national intelligence, who has decried the mutual accusations of cyber-warfare.
“I think I’d open the conversation, rather than boom, we know what you’ve been doing and knock it off and if you don’t, here are the things we’re going to do. You can have that conversation if you want to, but I think you’ve got to think through about whether that is really the best way you’re going to achieve what it is we want to accomplish which is a global, resilient, open and secure Internet,” Negroponte said.
Beijing has vowed to conduct unprecedented military drills, including actions by special IT-focused unit, later this month. At the same time, NATO specialists have drafted preliminary guidelines for cyber-warfare, first published in March – the Tallinn Manual on International Law Applicable to Cyber Warfare.
As Washington accuses China of aggressive behavior in cyberspace, it is simultaneously stepping up its cyber-warfare capabilities. By 2015, the US will have 40 new teams of cyber-agents to protect critical infrastructure from hackers and launch attacks against the country’s adversaries, according to Gen. Keith Alexander, the head of the US Cyber Command.
Washington is also allegedly investing tens of millions of dollars yearly into offensive hacking operations in order to exploit vulnerabilities in the computers of its adversaries, according to a Reuters report published in early May.
“Even as the US government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers,” the report said.
But despite the huge amounts of money it is spending on cyber-warfare, Washington may be losing its formerly dominant edge in this field.
“You have a government with many security holes in it. You have a corporate sector that can’t keep its information secure. You have defense contractors taking contracts from the federal government to provide cyber security and they can’t even provide cyber security for themselves. I’m seeing this as a war in which the United States is not winning no matter the amount of resources it’s putting in or the tough talk. And I see the US taxpayer as being at a real loss here because the money is bleeding from the Treasury to go into this and it’s having no effect,” said Kelley Vlahos, a Washington, DC-based journalist.