US & China Are Escalating Their Cyber War

defense-large.jpg

Threet & Response: A Snapshoy of the Cyberwar.

"Admiral, is China an adversary?" On July 30, U.S. Republican Senator Tom Cotton asked that question to Adm. John Richardson, who is President Barack Obama's nominee to be the next chief of naval operations. 
Heretofore, the most common answer in official Washington to that question has been to describe China as a competitor, not an adversary. Richardson avoided a straight answer; he said China was "a complex nation," doing some things that possessed an "adversarial nature." But by declining to give the standard response, Richardson may have signaled a transition in official thinking to the view that China is in fact an adversary.
The Obama administration now faces a critical decision on two flashpoints created by Chinese aggression. The first is how the United States government will respond to the cyber intrusion into the Office of Personnel Management (OPM) database, an attack that resulted in the theft of over 20 million government personnel records. The administration has reached a series of conclusions regarding the OPM hack that represents a significant departure from past practices. 
In the wake of the OPM data breach, establishing cyber deterrence with China will require inflicting punishment on their decision-makers in a way that harms their interests (in order to demonstrate that it is possible to do so), and promising more to come if these decision-makers don't change their behavior. And that will likely require much sterner measures than the diplomatic protests and Justice Department indictments that have thus far had no discernible effect. Critics of retaliation will protest that a response will only result in an escalating cyber war between the two countries, with the United States more exposed to the damage that would bring. 
The second flashpoint is of course Chinese activities in the South China Sea. According to a recent article in Politico, a civil-military dispute is now simmering between Navy officers and officials at US Pacific Command (PACOM) and advisers at the White House. Military officials want a clear demonstration of freedom of navigation near China's outposts in the Spratly Island chain but are meeting resistance from White House advisers, who are seemingly reluctant to create a flare-up in the region, especially in advance of Chinese President Xi Jinping's visit to the United States in September.
US officials refuse to say whether US warships or aircraft have sailed or flown within 12 nautical miles of any of the seven Chinese artificial islands in the Spratlys. According to the United Nations Convention on the Law of the Sea (UNCLOS) (which China has ratified and the United States has not), artificial structures built on submerged features, which describes at least six of China's seven outposts, do not possess the 12 nautical mile territorial right. Querulous Navy and PACOM officials are concerned that a failure to defend the law with a visible demonstration will result in the gradual acceptance of China's territorial claims in the sea.
This is not a new issue but recent events have stepped up the urgency of a response. Having largely completed its dredging and land reclamation at its seven sites in the Spratlys, the next phase for China will be further structural improvements such as more offices, barracks, piers, warehouses, aircraft hangers, and military equipment. 
The United States and its partners will undoubtedly have to reckon some day with Chinese missiles in the Spratlys. But establishing the initial legal precedent of freedom of navigation by sailing and flying within 12 nautical miles of China's sand piles will be an easier decision before those missile are installed.
The upcoming summit between Obama and Xi may be the last chance to prevent China's slide from competitor to adversary. That chance is slim. China seems committed to both its cyber espionage program and its territorial expansion in East Asia on its "blue soil." We can now see in retrospect that America's long-standing, bipartisan policy of forbearance toward China has accelerated the slide and therefore should be seen as totally discredited.
Judging by media reporting, the Obama administration seems to have endorsed the principle of deterrence, enforced through punishment, to protect US interests in cyberspace. What remains unknown is how much punishment, and in what forms, the United States will have to deliver in order to establish deterrence. 
Chinese leaders are likely to presume they possess significant comparative advantages in the cyber domain, which means that retaliation and escalating cyber duels are possible. Applying deterrence theory to the cyber domain presents far more questions than answers. This does not mean that deterrence is not the right approach for the US government to take. But once on this course we should expect some surprising departures from past experiences. Finally, we should not be surprised if "cyber non-combatants" suffer some collateral damage once hostile network packets start flying in all directions.
As with the looming cyber war, such a US demonstration in the South China Sea would be merely the next move in an open-ended game. What will follow are deeper examinations about whether the United States and its partners in the region are prepared to compete in the game, and how policymakers and military leaders on all sides expect to either control escalation or attempt to use escalation to their advantage. A question no one will be asking at that point is whether China is an adversary.
Ein News:  http://bit.ly/1hPOcNG

 

« Cognitive Computing: What Can and Can’t Be Done.
Hit List: ISIS 'hacking division' Releases Details of 1,400 Military & Government Personnel. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.