In the words of Defense Secretary Ashton Carter, the new Pentagon cyber strategy document, released on April 23 2015, is intended as a powerful mobilizing tool to “guide the development of DoD’s cyber forces and strengthen our cyber defense and cyber deterrence posture”. It addresses international strategic issues as essential context, especially the North Korean attack on Sony Pictures and China’s cyber espionage, but the document assigns the diplomacy of national defense a secondary place. It recognizes correctly that these have been addressed elsewhere and says that the new strategy has to be read in conjunction with other policy documents: “the 2011 United States International Strategy for Cyberspace, in the Department of Defense Cyberspace Policy Report to Congress of 2011, and through public statements by the President and the Secretary of Defense”.
As powerful and as well written as it is, allowing for diplomatic goals of alliance building and consultation with potential adversaries in Asia, it lacks nuance and the degree of sophistication that the United States and its allies in Asia badly need to deal with the developing strategic situation. The strategy document is written as if cyber space were a separate domain of warfare, with little reference to its impact on overall strategic calculations of potential adversaries. It lists five strategic goals: the first is about building powerful cyber military capabilities, the last is about strategic stability. The document, like U.S. policy in general, makes no linkage between the U.S. building of powerful cyber forces and possible negative impacts on strategic stability. The idea of the security dilemma, that building one state’s security can create insecurity for another state, has long been recognized in U.S. strategic policy, especially on military nuclear issues, but seems to get no place in public discussion of the U.S. race for the technological frontier in cyberspace.
The United States armed forces enjoy clear cyber superiority over the armed forces of China. By building its cyber alliances in Asia, as arguably it must, the United States must also more publicly recognize that it is further entrenching China’s sense of insecurity. China does not see cyberspace as an isolated domain of warfare any more or less than the United States. Both countries see the information domain at the strategic level (C4ISTAR – Command, Control, Communications, Computers, Information/Intelligence, Surveillance, Targeting Acquisition and Reconnaissance) as a major determinant of the military power of a country and a measure of its overall defense readiness.
China is building its cyber military power for a number of reasons, and the trends in U.S. policy and capability are only one determinant, but the security dilemma, whether it be Chinese, American, Korean, Japanese or Australian, is the main determinant of strategic stability in Asia. If the United States wants strategic stability in Asia, including in cyberspace, it must temper its race for the technological frontier in military uses of cyber space (supported by outer space assets) with a much stronger emphasis on what constitutes strategic stability and work much harder to achieve that. In recent years, the United States has made great strides toward this goal, not least through the Strategic and Economic Dialogue with China.
The latest Pentagon document, with one paragraph on dialogue with China (almost a perfunctory nod in the direction of strategic stability) and a footnote on suspended dialogue with Russia, gives the impression of putting the cart before the horse. After all the fundamental goal of defense strategy, even before deterrence, is strategic stability– otherwise known as peace and characterized by military sufficiency and defensive strategies, not by a quest for superiority and heavy reliance on offensive strategies.
The document notes that the assessment by the Director National Intelligence that cyber threats may be the most serious security threats now facing the United States. Unfortunately the document gives little sense of how the elements of the strategy match the specific cyber threats (by country or actor) in terms of the intended strategic impact of the U.S. capability development beyond generalized references to deterrence or degrading enemy capability. One presumes that these elements are highly classified, but that alone does not take away the need for more attention to the security dilemma created by US capability development in cyber space. How can we measure progress towards strategic stability in cyber space as it is viewed by the major powers of Asia, China and the United States included?
The opinions expressed in this article are the author’s own and do not reflect the view of the EastWest Institute.