China Not Deterred By U.S. Cybersecurity Plans

Despite recent evidence sourcing a bulk of China-based cyberattacks against America to groups backed or directed by the Chinese government, and efforts by the U.S. Department of Defense to put forth a unified strategy on cyber security, Adam Segal writes for The Council on Foreign Relations about the pitfalls of deterrence as a strategy to combat Chinese cyberespionage:

China Defense Daily lays out some of the reasons why Chinese experts think deterrence is hard, or to be more specific, why the U.S. military will have difficulty achieving its deterrence aims. First, though, the article addresses all the “advantages” the United States brings to the table: resources (10 of the world’s 13 root servers are in the United States); technology (operating systems, databases, processors, microchips, network switching, and other core technology are all “in the hands of American companies”); power (there is a large gap between the U.S. and others in the development of weapons, investment, the training of talent, and the scale of armed forces).

Despite these strengths, the article see the U.S. as being unable to secure its networks. The announcement of the Defense Department’s Strategy for Operating in Cyberspace, in the Chinese view, encouraged other countries to develop their own offensive capabilities. Attribution is hard, and providing proof of who is behind an attack that would convince others is still extremely difficult. Detection and monitoring capabilities in cyberspace are underdeveloped so it is a real question whether the U.S. military can detect, provide warning of, and deter an attack before it happens. Finally, if the United States decides to retaliate through offensive cyberattacks, it can have no certainty about the outcomes. The impacts on networks are often limited and can be quickly recovered from.

U.S. intelligence officials are going to AP and The Wall Street Journal and telling them they have identified the specific Chinese groups behind attacks on Google, RSA, and other companies is an attempt to diminish Chinese confidence that they can remain hidden and, thus, strengthen deterrence. Going further down the hall of mirrors, it may be that the purpose of the article in China Defense Daily is to undermine these U.S. efforts. Can Washington believe that it has achieved a credible deterrent if the potential adversary keeps saying it is not possible?