x Abu Dhabi, UAESunday 23 July 2017

For big countries, cyber-sparring is the new normal

This month's meeting of the Chinese and US presidents did little to resolve the cyber-irritants between the two countries. And the whole world has a stake in these issues.

The recent uproar in Washington and elsewhere about US government cyber-snooping on American citizens has overshadowed, for now, the continuing cyber-dispute between the US and China.

This is surprising, and surely temporary, because the issue made big headlines less than two weeks ago, when presidents Barack Obama and Xi Jinping met in California. And bilateral contest and confrontation on computer security will certainly continue, and be in the news again.

Just before the summit, the US defence department had told Congress about a steady, illicit flow of data from US government computers to the Chinese government and military. The same report suggested that China is using its "computer network exploitation" ability to dig into US diplomatic, economic and defence-industrial data, even weapons design.

The Chinese, in response, simply said that they have proof of extensive US hacking aimed at China, and suggested that the US do a better job of blocking intruders.

This was hardly a tie. Espionage is business as usual for governments, but coordinated theft of intellectual property is more difficult to justify to the international community.

This time the Chinese did not invoke an argument they have used before, about US militarisation of cyberspace. In a way, America did this for them, with the timely leak of a presidential directive on "offensive cyber effects operations".

Similarly, the first news reports about National Security Agency snooping on Americans silenced the old confrontation about freedom of information versus the Great Firewall of China.

Now the summit is over, but the list of cyber-disputes between China and the US endures. Indeed, it is much longer than the summit agenda was.

China has been siding with Russia to convince the world that cyberspace is made up of national sovereign information spaces that should be subjected to effective governmental control. The US meanwhile has long backed a multi-stakeholder model. Both ideological views resonate, as last December's World Conference of International Telecommunications in Dubai showed: a proposal to change internet governance had some support but died an ignominious death.

Now China has co-authored a Code of Conduct on International Information Security, their version of rules for state behaviour in this field, to be discussed at the UN this year.

And there is tension over telecom equipment supply, especially since the US Congress concluded that Chinese firms ZTE and Huawei could not be trusted to be free of foreign state influence, and that Chinese gear thus poses a security threat to US systems.

Nor do the issues stop there. The US has also made no secret of its expectations: a recognition by China of the urgency and scope of cyber-enabled theft, steps to investigate and put a stop to these activities and dialogue and engagement to establish acceptable norms of behaviour in cyberspace.

The presidential meeting did not move very far in that direction, and there were certainly no breakthroughs.

Still, both presidents and their officials will have noted an important diplomatic breakthrough achieved in New York just hours before their meeting: A "Group of Governmental Experts", gathering under the auspices of the UN's Disarmament and International Security Committee, quietly completed its third round of negotiations on responsible uses of information and communications technology by states. The meeting ended with principal guidelines on confidence- and capacity-building and the need to apply existing international law to cyber conflict.

For the world, the US-Chinese cyber security dialogue can be expected to remain a little cryptic, but China is not the only one in dialogue with the US - bilateral cybersecurity issues are also hot topics with Germany, Russia, India and a number of other states.

As a complex and comprehensive set of issues, these cybersecurity matters are not going to be resolved quickly.

With politico-military uses of information and communications technology no longer the monopoly of one government only, states will increasingly require mutual confidence to avoid misperception and escalation of incidents.

Speaking on the subject of cyber- security at a conference at Georgetown University, earlier this year, White House "cyber tsar" Michael Daniel said the current stage of cyber conflict is "the new normal".

In that case, this is an issue for more than just US government organisations and defence contractors; everyone needs to upgrade network security and find ways to cooperate in case of an attack.

Strong national positions and strategies on cyber security will be a hard currency on international security markets in the years to come.

The multinational issues may be out of the headlines right now, but they will certainly be back. Meanwhile, bilateral and regional discussions will continue.

 

Eneken Tikk-Ringas is the Bahrain-based Senior Fellow for Cyber Security at the International Institute for Strategic Studies