Speaking at this year’s Halifax Security Forum, the head of U.S. Cyber Command, who also is the director of the National Security Agency (NSA), Admiral Michael Rogers, issued a vicious warning to China should it not change its behavior in cyberspace.
The U.S. admiral pointed out that China is as vulnerable to cyberattacks as any other nation, according to Defense News. “To my Chinese counterparts, I would remind them, increasingly you are as vulnerable as any other major industrialized nation state. The idea that you can somehow exist outside the broader global cyber challenges I don’t think is workable,” he said.
By openly pointing to Chinese vulnerabilities, the admiral issued a veiled threat cautioning that China itself may be target of cyber intrusions in the future should Beijing not change its behavior in cyberspace, although Rogers cautioned: “None of us wants behavior on either side that ends up accelerating or precipitating a crisis. That’s in no one’s interests.”
Despite the September 25 joint statements, issued in parallel by the Chinese government and the White House, on how to strengthen bilateral relations in cyberspace–the most positive development between the two countries in this field since the June 2013 Sunnylands summit—tensions between the two countries remain. As a result, the United States has increasingly toughened its stance vis-à-vis alleged Chinese state-sponsored cyberattacks.
For example, in April 2015, U.S. President Barack Obama signed an executive order establishing the first-ever sanctions program specifically designed to deter state-sponsored malicious activities in cyberspace on a strategic scale, declaring such activities a “national emergency.”
In addition, already in March 2015, Admiral Mike Rogers said that the United States will step up its active cyber defense postures in order to deter attacks on U.S. critical information infrastructure. He emphasized that hackers will “pay a price” that “will far outweigh the benefit” should they target U.S. critical information infrastructure.
Rogers’ remarks correspond with the Pentagon’s new cyber strategy, published in April 2015, which notes that “the U.S. military may conduct cyber operations to counter an imminent or on-going attack against the U.S. homeland or U.S. interests in cyberspace.”
In July, the White House decided against publicly “naming and shaming” Chinese hackers despite convincing evidence that Beijing was behind cyberattacks on the networks of the U.S. Office of Personnel Management (OPM) that compromised personal information of more than 20 million former and current federal employees.
As I argued before, the Obama administration’s reluctance could have been due to its attempt to shape the norms or rules of the road in cyberspace–in particular, the United States’ quest to draw a distinction between commercial versus traditional cyber espionage.
According to the White House interpretation, the OPM hack fell into the latter category of traditional cyber espionage and thus presented a legitimate target for Chinese attacks, whereas most other known Chinese cyberattacks were directed at the U.S. private sector with the aim of stealing sensitive trade secrets.
This so-called cyber-enabled theft of intellectual property is something that the United States does not consider to be within the norms of acceptable state behavior in cyberspace. It is mostly due to the U.S. government’s inability to reign in those types of attacks that the U.S. stance vis-à-vis China in cyberspace has toughened recently.