Our So-Called Foreign Policy: Sense and Nonsense on Russia’s Hacking

Tags

2016 election, Amy Klochubar, China, cyber-security, cyber-war, defense spending, Democrats, hacking, Hillary Clinton, intelligence, John McCain, Middle East, NATO, Obama, Office of Personnel Management, Our So-Called Foreign Policy, Putin, Republicans, Russia, sanctions, terrorism, Trump

What could be more predictable? The growing uproar over charges that Russia’s government waged a cyber-focused disinformation campaign to influence the last U.S. presidential election has let loose a flood of positively inane statements and arguments on both sides that show politics at its absolute worst.

Even worse, unless both Democrats and Republicans – and the various conflicting camps within the two major parties – get their act together quickly, the odds of further attacks and all the damage they can cause to American governance will only keep shooting up.

Let’s start with those who have expressed skepticism about these allegations, including regarding the substance of yesterday’s intelligence community report concluding that “President Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine confidence in the democratic process, denigrate [former] Secretary [of State Hillary] Clinton [the Democratic nominee], and harm her electability and potential presidency.”

Can they really be serious in contending that the intelligence agencies’ publicly expressed judgments don’t pass the credibility test because no smoking gun or any other compelling evidence has been published? Do they really want the CIA etc to reveal whatever human and technical sources and methods they rely on? Do they really believe that any effective counter-hacking strategy can be developed or continued after disclosing that information?

The insistence on definitive proof, moreover, amounts to terrible advice for making foreign and national security policy generally. It seeks to apply to the jungle realm of international affairs the standards of the American legal system. President Obama’s years in office should have taught Americans how dangerously childish it is to believe that relations among sovereign countries are governed by commonly agreed on rules and norms, that the world is on the verge of this beatific state of affairs, or even that significant progress is being made. And Americans should hold shadowy world of spying and counter-spying to a simon-pure standard?

A more defensible rationale for doubting the intelligence community’s work emphasizes its past major blunders. And from what’s been made public, they have indeed been all too common and all too troubling.  (Please keep in mind, though, that successes often cannot be made public.)

Nevertheless, if a president or president-elect has no faith in a high confidence judgment of this importance from his intelligence agencies, then it’s clearly time to clean house. If the next administration does indeed decisively reject the community’s work on this matter, it will have no legitimate choice but to replace it leaders.

Back to the genuinely ditzy positions: statements that the Russian hacking failed to influence the course of the election. I personally believe this, and shame on those partisans who keep insisting that this interference prevented former Secretary of State Hillary Clinton from winning the White House or that it delegitimizes to any extent Donald Trump’s victory.

But should the United States count on Moscow – or any other actor – continuing to fail? Should it wait to respond forcefully until a U.S. adversary succeeds? Shouldn’t Washington capitalize on its adversaries’ current evident shortcomings in this regard and focus on punishment and deterrence? Simply posing these questions should make clear how obvious the answers are.

A final major objection to hammering the Russians represents another more reasonable judgment call, but it’s still fatally flawed. It’s the argument that Washington needs to softpedal the hack attack because the United States has a vital interest in improving relations with Moscow.

As I’ve written, opportunities for better ties with Russia abound, and they should be pursued. But that’s no reason to let Moscow off lightly for its cyber-aggression. In the first place, in any mutually beneficial relationship, boundaries need to be drawn. This is especially true given how much stronger and wealthier than Russia the United States is. If an effort to subvert America’s democratic processes doesn’t qualify, count on further, even worse provocations by Moscow.

Just as important, this approach overlooks a crucial reality: Clear indications that Russia has an incentive to cooperate with the United States in fighting Islamic extremism and terrorism haven’t appeared because Moscow is in a charitable, or even helpful, mood. They’ve appeared because these are vital interests as well for Russia, which both borders the dysfunctional Middle East and rules over its own Muslim populations.

In other words, Moscow has plenty of incentive to play ball with Washington on the Middle East whether the United States retaliates sharply for the hacking or not. And if the Russians don’t understand that, then there’s little hope of any form of meaningful cooperation.

Yet the actual and potential inconsistencies and hypocrisies of those urging tough retaliatory measures are equally troubling. Some are exclusive to Democrats. For example, the sanctions imposed on Moscow by the Obama administration for the hacking seem pretty modest for actions that it claims “demonstrated a significant escalation” of Russia’s “longstanding” efforts “to undermine the US-led liberal democratic order.”

And at the same time, the outrage voiced at Moscow contrasts conspicuously with reactions to China’s successful attack on the federal Office of Personnel Management, in which the records of some 22 million U.S. government employees – including classified and confidential information – were compromised. Indeed, President Obama never publicly blamed China’s government nor announced any responses.

Most important, however, is the question of whether Russia hardliners in both major parties old and new will act on the logical implications of their views of Russian actions and intentions – including on Moscow’s efforts to expand its influence along its own European borders. If for instance the hacking, as per Arizona Republican Senator John McCain, is truly an “act of war,” then will the call go out to cut off economic and diplomatic relations with Moscow?

If Russia’s moves against Crimea or Ukraine or the Baltics mean, in the words of Minnesota liberal Democratic Senator Amy Klochubar, that “Our commitment to NATO is more important than ever,” will today’s hawks – especially the noveau liberal variety – call for more U.S. defense spending and bigger American military deployments in endangered countries? And will they demand that American treaty allies in Europe finally get serious collectively about contributing to the common defense – which is first and foremost their own defense?

The answers to these questions will speak volumes to the American people as to whether their government is truly determined to defend interests declared to be major against foreign threats. And you can be sure they’ll convey the same vital information to America’s foreign friends and foes, too.

Our So-Called Foreign Policy: U.S. Cyber Strategy Still Seems Full of Holes

Tags

arms control, asymmetrical war, China, cyber-war, deterrence, Iran, James Clapper, Joseph S. Nye, multilateralism, North Korea, nuclear weapons, Obama, Our So-Called Foreign Policy, Politico, Project Syndicate, Russia, treaties

Terrorism has understandably grabbed all the recent national security headlines lately, but two big articles this week have also valuably reminded us that major cyber threats still loom. Unfortunately, these pieces also (unwittingly) remind of all the reasons to worry that Washington still doesn’t have its arms around two of the biggest challenges facing the nation on the cyber front. The first is the asymmetry issue, which is a fancy way of saying that many of America’s current and likely cyber adversaries have much less to lose than the United States in a computer-war exchange. The second is the unlikelihood that the kinds of legalistic foreign policy approaches favored by much of the American establishment can meet this challenge.

Actually, the asymmetry issue has several cyber-related dimensions. One, widely noted (and especially by Chinese strategists), is that today’s civilian computer networks, whose development has long emphasized openness and information sharing, are vulnerable to attacks even from relatively low-tech countries. So for that reason alone, cyber-war can be a great geopolitical equalizer.

The second, however, is less widely noted. As I’ve written, the decision to launch a cyber attack against an adversary with significant cyber-war capabilities of its own rests on much more than a calculation of whether any assets the attacker values (its own cyber forces, its other military forces, its economy or broader society) can survive a retaliatory strike in meaningful form. This decision also hinges on more than how “meaningful” is defined for one or both parties to the conflict. It depends as well on a more fundamental, more political assessment regarding how much pain the two countries and societies can withstand.

Paradoxically, and especially relevant to Americans, the more advanced a country is, the less able it arguably is to deal satisfactorily with the disruptions stemming from a major cyber strike. And because the converse makes sense, too, it may not be decisive that the United States could inflict more damage in absolute terms in a cyber exchange on foes such as North Korea or Iran or Russia or even China than vice versa. The kinds of hardships stemming from the disabling of modern infrastructure could be much more tolerable for the peoples of these less developed, less prosperous countries than for Americans because much greater percentages of them rely so much less on these systems. Moreover, life without them is a much more recent memory – as are knowledge of and experience with coping.

That’s where, for all the information it contains (and keeping in mind that national cyber capabilities are closely guarded secrets), this detailed new Politico article on U.S. forces in this realm falls short. Even if America’s technological edge is as strong as portrayed, some of its adversaries might not be impressed enough to be deterred. One big possible policy implication: Asymmetry means that shoring up the nation’s cyber defenses, difficult as that is, is at least as important for ensuring cyber-security as creating matchless offenses. And as RealityChek readers know, U.S. intelligence chief James Clapper and other senior officials have said – for attribution – that these offenses actually aren’t so matchless. Another big implication – at least against China, trade and broader economic sanctions may be the most effective cyber counter-moves, since China’s dictators will struggle so to remain in power without the growing prosperity created largely by exporting to the United States.

One conclusion that shouldn’t be drawn from this cyber predicament is that a realistic way out is an international treaty or code of conduct banning or limiting cyber war. In this respect, it’s encouraging that Joseph S. Nye’s new essay for Project Syndicate is hardly a ringing endorsement of such legalisms and their effectiveness. But he does suggest that these measures can strengthen deterrence, and notes approvingly that

“major states have agreed that cyber war will be limited by the law of armed conflict, which requires discrimination between military and civilian targets and proportionality in terms of consequences. Last July, the United Nations Group of Government Experts recommended excluding civilian targets from cyberattacks, and that norm was endorsed at last month’s G-20 summit.”

Nye isn’t an Obama administration official, but he has been at the center of Democratic Party foreign policy circles for decades, and his pioneering emphasis on “soft power,” multilateralism, and other supposed substitutes for military might fits right in with Mr. Obama’s belief that world affairs is coming to be dominated by a fundamentally new, more cooperative set of dynamics and relationships. 

So it’s important to note that these ideas are simply efforts to define America’s biggest international problems – and international tensions in general – out of existence. Think about it: If the United States faced cyber-armed adversaries who were willing to abide fully by the conflict-limiting agreements they signed, these agreements wouldn’t be needed in the first place. For those countries would never take such commitments seriously unless they decided that their stake in maintaining whatever degree of (shaky) global peace and order prevails significantly outweighs whatever goals they could hope to achieve through major use of cyber-weapons – or any other weapons.

That is, if the world’s Chinas, Russias, and Irans were truly devoted to competing for influence peacefully and according to a set of rules, the rules would simply codify that reality. Their existence on a piece of paper cannot create it. And the asymmetry problem makes assuming their reasonableness (at least as Americans judge it) or perceived support for the global status quo even less reasonable.

Moreover, anyone believing that the history of nuclear arms control debunks that pessimism doesn’t understand that the various Cold War agreements signed by the United States and Soviet Union had nothing important to due with preventing armageddon. Instead, in this case, the conditions for a successful “balance of terror” – of mutual deterrence – were obviously in place. Fears of final physical destruction trumped all other considerations and produced restraint.

Sadly, there’s no evidence that any of the presidential candidates this year have better ideas. But as I wrote above, what the public doesn’t know about America’s cyber-war programs and strategies greatly (and properly) exceeds what it knows. So perhaps there’s some hope that truly realistic approaches are being developed, and that the next president will start learning about them once he or she is elected.

Our So-Called Foreign Policy: How to Stop China’s Maritime Expansionism

Tags

12-mile limit, allies, Asia, asymmetric warfare, China, cyber-security, cyber-war, export-led growth, forced technology transfer, free-riding, freedom of navigation, hacking, international law, multinational companies, Our So-Called Foreign Policy, South China Sea, territorial waters, Trade, trade barriers, U.S. Navy

It’s too early to say that President Obama’s decision to use the U.S. Navy to challenge China’s expansionism in the South China Sea shows he’s grown a backbone. But maybe a vertebra or two? At the same time, it’s clear that this story is far from ended, that there may be less than meets the eye to Beijing’s apparent acquiescence in the administration’s clear dissing of Chinese unilateral claims to East Asian waters, and that the United States needs to explore new types of responses if it wants to maintain its leading position in the Asia Pacific region.

To recap, in recent years, China has put muscle behind its long-stated insistence that many of the seas to its east and south, along with various tiny islands and island chains, are Chinese territory. As with similar longstanding claims made by other Asian countries ranging from Japan and South Korea to the Philippines and Vietnam, these positions aren’t recognized by international law.

For literally decades, all of these countries generally agreed to disagree (despite testing each others’ resolve from time to time).  Yet nearly two years ago, China began upping the ante by creating large physical presences on some of the (mainly uninhabited) islands in the South China Sea, and then by literally enlarging some of the smallest ones (which are so tiny that they literally sink below the waves on a regular basis), and creating new ones through various land reclamation techniques. (Other countries have made similar efforts, but they’ve been much smaller and far more sporadic.) China has also claimed exclusive air rights over many of the disputed regions.

In addition, China has unilaterally declared sovereignty over the waters surrounding all these locations out to 12 miles – the normal allowed by international law, but a standard that doesn’t always apply to the kinds of artificial creations produced by China. Moreover, Beijing went even further, stating that foreign naval vessels needed to notify Chinese authorities whenever they wanted to enter such waters.

This decision apparently convinced Washington that China’s actions unacceptably threatened freedom of navigation in the South China Sea. That’s a huge deal, since trillions of dollars worth of U.S. and other international commerce sail through these waters annually, and since they’re rich in natural resources as well. And incidentally, all other regional powers seem to agree.

So the president finally authorized an American guided missile destroyer to sail close enough to one of the disputed islets to violate Chinese claims – and without asking permission. The administration has also made clear that the kind of mission carried out by the U.S.S. Lassen would be repeated frequently. Even better would be participation by regional allies, whose historic specialty so far has been free-riding on American defense guarantees.  But except for Japan, they don’t seem to be even actively considering such assistance, and the United States bizarrely hasn’t even officially sought it.

China has protested strongly, but don’t dismiss it as a paper tiger just yet. Despite America’s continuing military edge in East Asia, Beijing is hardly devoid of options. For instance, China could create significant military presences on some of the islands. In addition, and more worrisome, according to a tweet from China-watcher Patrick Chovanec, Beijing could escalate its cyber-attacks on American businesses and government agencies.

The United States would be hard-pressed to respond in kind, as I’ve noted, because it lacks clear-cut (and perhaps any) cyber-war superiority, and because such hacking could be much more damaging to America’s more advanced economy and society than to China’s.  And in fact, capitalizing on such disparities would be fully consistent with the notion of waging “asymmetric war” developed by Chinese strategists. 

A much better means of retaliation would be economic. China’s economy, which depends heavily on exporting, and especially to the United States, is slowing. And that growth threatens Communist Party rule because it’s hold on power has for decades depended heavily on its success in boosting living standards throughout Chinese society.

Of course, erecting major barriers to Chinese imports would be condemned, especially by offshoring interests, as shortsighted and even dangerous protectionism that could plunge the two countries, and the larger world, into a “trade war.” But as always, such warnings ignore the long-term net damage inflicted on the U.S. economy – and especially its invaluable productive sectors – by the huge expansion of bilateral commerce since the early 1990s.

They also ignore the clear message being sent by the persistence of the American recovery (however inadequate) in the face of a weakening global economy, and by the reemergence once that recovery began of overall U.S. trade deficits (including of course with China) as major drags on American growth: The United States needs the rest of the world economy even less than ever, and certainly much less than trade-dependent countries like China need the United States.

Would wielding this kind of economic stick against China be cost-free for Americans? Of course not, especially in the short- and even medium-term, before supply chains got restructured. Yet tariffs and other curbs could always be phased in. Nor need they cover all Chinese products (although the more, the merrier). And other means of economic retaliation could be employed as well. How about cutting off all or at least some of the defense-related technology and capital that U.S. multinational companies are still recklessly transferring to China, either voluntarily or under threat of being shut out of the Chinese market?

More important, whatever the resulting costs, they look a lot less intimidating than those that could result from even a brief military conflict (which logically would trigger even greater and costlier economic adjustments), or from massive Chinese cyber-attacks. And don’t forget the flip side of passivity: An America that failed to use its biggest advantage over China for fear of experiencing any pain at all inevitably would be an America that flashed a big, fat green light to Beijing’s expansionists.

Following Up: U.S. Again Confirms it Lacks Cyber-War Superiority

Tags

cyber-security, cyber-war, David Sanger, deterrence, Following Up, James Clapper, Martin Dempsey, technology, The New York Times

The Big Media’s habit of burying the most important news – or its most uproarious gaffes – just keeps growing and growing. Yesterday, I posed on the Financial Times‘ hilariously sympathetic portrait of American tech executives – who clearly conned two reporters into thinking they often served as diplomatic intermediaries between Washington and Beijing, and selflessly kept U.S.-China relations on a safe course that was continually threatened by reckless politicians. Completely ignored by the paper was the companies’ overriding self-interest in preserving China profits that too often have been made at the American domestic economy’s expense – and the resulting, often furious, lobbying, that has dominated their China policy role.

Today’s example is much more serious: A New York Times account of American struggles to combat cyber-hacking by China and other rivals that glossed over the latest official U.S. acknowledgement that America lacks the technological superiority required to retaliate against cyber-aggression without fear of a devastating response.

At least give Times reporter David Sanger credit for mentioning at all a statement by U.S. intelligence chief James Clapper that the United States lacks “both the substance and the mindset of deterrence” in the cyber-war realm. This confession went unreported outside specialty publications and website, if a Google search for the quote is accurate.

Admittedly, Clapper’s statement is somewhat ambiguous. A deficiency in the “substance” of deterrence could mean that technology capable of striking back at hackers and their sponsors with impunity simply isn’t available at all, or to U.S. policymakers. But Clapper’s reference to the “mindset” could also mean that this knowhow is available but hasn’t been deployed by the appropriate government agencies, or that it’s close enough to being developed but that a lack of political will keeps slowing progress.

In any event, Clapper’s sobering description of the global cyber-war situation sounds ominously close to that offered in January by retiring U.S. Joint Chiefs of Staff Chairman Martin Dempsey – which you RealityChek readers learned about first! And as long as cyber attacks remain a threat to America’s national and economic security, that means that the U.S. government, corporate America, and vital infrastructure systems all remain dangerously vulnerable.

Our So-Called Foreign Policy: The Big Backfire Potential of Obama’s Reported New Cyber-Security Policy

Tags

China, cyber-security, cyber-war, hacking, Martin Dempsey, Obama, Our So-Called Foreign Policy, Washington Post

If Rule Number One in medicine is “Do No Harm,” then Rule Number One in foreign policy-making is surely “Do No Harm to Your Own Country.” Which is why the Washington Post‘s report this morning on the latest wrinkle in the Obama administration’s cyber-security strategy is such bad news if it’s true.

According to Post reporter Ellen Nakashima, the president is seriously considering retaliating against China’s cyber-attacks on American business in significantly stronger ways. At first glance, this kind of decision seems welcome. After all, unlike Chinese (and other) hacks of U.S. government agencies, attacks on business don’t qualify as just the newest version of the kind of national security-related spying that’s common practice by all the world’s governments, including America’s. The administration has responded so far mainly by complaining to Beijing, urging the negotiation of international cyber “rules of the road,” and by indicting a handful of Chinese military personnel for penetrating American corporate computer systems – to no apparent avail.

But the likeliest effect of this report – much less an actual U.S. decision to take the steps described – is to advertise American weakness on this front, not strength, and encourage still more, and more destructive, Chinese (and other) attacks. The reason is simple. The retaliatory moves supposedly being mulled by Mr. Obama wouldn’t target the Chinese economy as such. Instead, they would be aimed at “Chinese companies and individuals who have benefited from their government’s cybertheft.”

Targeted sanctions arguably make sense when companies and individuals are the real culprits. But does anyone seriously think that whatever and whoever Chinese actors are hacking American companies are free agents having nothing to do with the Chinese government – and in fact the top Chinese leadership? Of course not.

One former Obama cyber security official quoted (by name) in the article argued that the contemplated sanctions could effectively put out of business any large and global companies that are sanctioned. Why so? Because, as he explained “most significant financial institutions refuse to do business with individuals who have been sanctioned by the United States. ‘So any company that’s been targeted under this authority…will likely find it very difficult to participate in the international financial sector. ‘”

That reasoning sounds impressive – but only if the sanctions hit one of the state-owned business giants so prominent in the Chinese economy. Any entities even modestly smaller would seem to face few obstacles under China’s fake legal and regulatory systems in dodging retaliation by simply changing their names and resuming operations after a decent interval. The Chinese government is so secretive that Washington would face excruciating difficulties even identifying the ruse.

And since both the Chinese government and the U.S. government are undoubtedly aware of all these realities, it’s hard to avoid concluding that this new American approach amounts to (unwittingly) flashing a green light for Beijing’s hackers, not issuing a credible warning. And this interpretation looks even more convincing given the statement I’ve flagged from recently retired Chairman of the Joint Chiefs of Staff Martin Dempsey (while he was still on duty) that the United States does not enjoy cyber-war superiority in today’s world. Just to remind you – that’s the American military’s top post.

As a result, no one should blame President Obama for proceeding cautiously in the cyber warfare realm. But he can legitimately be blamed for making – and telegraphing – policy choices that can only embolden U.S. adversaries.

Im-Politic: Walker and Rubio Continue Republican China Pseudo-Hawk Tradition

Tags

2016 elections, Asia, Asia-Pacific, China, cyber-war, defense spending, Im-Politic, Marco Rubio, Obama, offshoring, offshoring lobby, RealClearPolitics.com, Republicans, Scott Walker, South China Sea, technology transfer, The Wall Street Journal, TPP, Trade, Trans-Pacific Partnership

Two of the Republican party’s establishment presidential candidates have now spoken out in detail about America’s China policy; if timing is everything, they’d deserve A’s, given how Beijing’s erratic recent economic moves lie behind so much of this week’s tumult in world financial markets. Sadly, everything else about these statements simply repeats what’s become boilerplate for the Republican mainstream, and especially its Washington, D.C.-based Congressional leadership: (a) ringing calls to stand up more forcefully to increasingly aggressive Chinese behavior in East Asia and on the cyber-hacking front; and (b) thinly disguised excuses for coddling the ongoing predatory economic policies that have immensely strengthened China both economically and militarily.

Wisconsin Governor Scott Walker at least has an excuse. He has no significant foreign policy or international business experience other than hitting up Beijing for Chinese investments for his state and markets for its products and services (which, to be fair, is Standard Operating Procedure for governors).

Not surprisingly, he’s parroting the Boehner-McConnell – and, ironically, Obama – line that responding to China-related challenges (and opportunities) in Asia requires first and foremost approving the Trans- Pacific Partnership (TPP) trade deal.

At least in an article today on the RealClearPolitics.com website, Walker intriguingly left himself some Clinton-ian wiggle room on trade, calling for a TPP “that puts American workers first and levels the playing field. A deal that genuinely opens markets and ensures high standards for an area covering almost 40 percent of the world’s GDP….” In other words, he’s (reasonably) reserved himself the option of rejecting a final agreement if campaign considerations so dictate by claiming that it’s failed these litmus tests.

Nonetheless, Walker’s equation of concluding the TPP on the one hand, and restoring American “leadership” in Asia on the other – a staple of pro-TPP rhetoric – signals that he won’t be a terribly hard sell. Meanwhile, his reference to “high standards” suggests that he buys the bogus contention that the TPP can ensure that the Chinese and other Asians will wind up structuring their economies, and regional trade and commerce, along U.S.-style lines – even though even American allies in the region keep emphatically rejecting these norms.

More fundamentally, just like Washington’s Republican China pseudo-hawks, Walker would beef up America’s military response to Beijing’s regional muscle-flexing while apparently leaving intact its access to the global resources and technology that powers it. Thus, Walker would “rebuild our military strength in Asia. Defense sequestration must end, and our defense budget must return, at a minimum, to the level [at which] we can once again field a military that is fully equipped to keep the peace. We also need a vigorous shipbuilding program that puts Americans to work in service of our safety.” And he’d reinvigorate regional defense alliances that President Obama has allegedly permitted to decay.

But would Walker stand up to the mercantilism that has paid for so much of China’s military power, including cyberhacking capabilities that have resulted in “brazen attacks against the United States”? Not exactly. Walker declares that “we cannot allow [China], or any other nation, a free pass on unfair trade practices and the theft of our intellectual property.” But all he’ll say about his approach to these transgressions is “These are not insurmountable issues, and the more we can work together through difficult issues, the more people from both countries will benefit.”

But at least his article said something about the subject – as opposed to its treatment of corporate technology transfers. These practices, which have given China such formidable defense-related knowhow, were completely ignored.

Florida Senator Marco Rubio has no Walker-like excuses, but his Wall Street Journal op-ed today duplicates the shortcomings of Walker’s strategy almost to a tee. It’s true that, although Rubio actually voted for the TPP in the Senate, he doesn’t regurgitate the blather about the deal demonstrating America’s strategic commitment to and credibility in East Asia. In this piece, he portrays the agreement’s main benefits as economic, embodying “firmer insistence on free markets and free trade.”

But like Walker, Rubio would restore “America’s strategic advantage in the Pacific” with higher defense spending that would “allow us to neutralize China’s rapidly growing capabilities in every strategic realm, including air, sea, ground, cyber space and even outer space.” Also like Walker, Rubio would reinforce America’s ties with its Asia-Pacific allies.

Yet although Rubio promises that “if China continues to use military force to advance its illegitimate territorial claims…I will not hesitate to take action,” and even notes that Beijing’s military spending has been surging for years, like Walker, he says nothing serious about crimping China’s revenue and technology streams. On the one hand, Rubio accuses China of numerous major violations of global trade and economic standards. On the other, he would respond “not through aggressive retaliation, which would hurt the U.S. as much as China, but by greater commitment and firmer insistence on free markets and free trade” – i.e., the TPP. Apparently, despite his experience on the Senate Foreign Relations Committee, Rubio has yet to learn that export-dependent China has much more to fear from trade conflict than the still-largely self-sufficient United States.

For decades, America’s China policy has been sabotaged by leaders more dedicated to fronting for corporate offshoring interests and their profits-first approach to Beijing rather than promoting national interests. Their combination of military bluster and economic pablum makes clear that Walker and Rubio are offering more of the same.

Following Up: Emerging Possibilities on Hacking Retaliation and a Cyber Balance of Terror

Tags

Adam Schiff, asymmetrical war, balance of terror, China, Chris Wallace, Cold War, Congress, cyber-security, cyber-war, deterrence, Following Up, Fox News Sunday, hacking, infrastructure, Martin Dempsey, nuclear weapons, Obama, Office of Personnel Management, Peter King, Russia, terrorism

Here’s a suggestion for Fox News Sunday anchor Chris Wallace – start watching some recent episodes of your own show before conducting interviews. You might be able to move the public debate on vital issues forward, rather than trodding over well-worn ground.

Wallace led off this morning’s show with a look at this past week’s news that the federal government’s personnel agency has been hacked twice in the last year, and that China is widely suspected as the attack’s source. And that’s entirely understandable. The examination of whether the Obama administration is dealing adequately with cyber threats, moreover, is vitally important. What was completely weird was how Wallace – not to mention his two Congressional guests, who both have key national security posts on the intelligence committee – handled the issue of retaliation.

It began with Representative Adam Schiff of California, ranking Democrat on the House Intelligence Committee, stating that “one of the big things that we really have to do in addition to our defense is figure out when we’re going to go on offense and how we’re going to provide a deterrent to future attacks.”

Wallace then asked Republican Congressman Peter King of New York, a member of the House Homeland Security Committee, “Do we need to retaliate against the people that we believe are conducting cyber warfare against us?” King answered, “I believe we do. I don’t think we should announce what we’re doing. I think the president and his administration have the capacity to respond once they find out, you know, sort of malware signature, who they believe this is. Then, I think, yes, there has to be a price to pay for this.”

Sounds perfectly reasonable, right? Except that only this January, no less than the nation’s top uniformed military officer told Wallace that the United States currently lacks superiority in cyber-war capabilities. According to Chairman of the Joint Chiefs of Staff Martin Dempsey, “In every domain…we generally enjoy a significant military advantage. We have peer competitors in cyber….We don’t have an advantage. It’s a level playing field, and that makes this Chairman very uncomfortable.”

Now Dempsey might have been mistaken (though that’s unlikely) or engaged in a head fake against America’s adversaries (though I can’t imagine the rationale for this one). But why didn’t Wallace remember that this is the most plausible reason for the nation’s failure to strike – fear that attackers can cause still further damage? Moreover, hadn’t Schiff or King been aware of Dempsey’s statement? If they were, do they have their own reasons for considering Dempsey mistaken?

In any event, the more I think about the issue, the more I wonder if the United States would retaliate even with clear-cut superiority. Think of it this way. Relatively few Americans nowadays – particularly in the big cities, which would be most vulnerable to a truly debilitating cyber attack – have any recent experience with the kind of privation and disruption that such a hack could create. Even most prosperous Russians and Chinese do – and then some. So even though these two countries are increasingly networked and enjoying the advantages thereof, it seems clear that they’re much better positioned to cope with cyber-generated confusion than Americans.

Another important point recently was brought to my attention. For all the damage done by foreign hackers to date, they haven’t yet (apparently) launched the kinds of attacks that could bring such massive disruptions – e.g., by bringing down the banking system, or the communications and energy infrastructure. It’s possible that these systems are adequately protected. But it’s also possible that China’s hackers in particular understand that their country would be victimized as well, since it’s so heavily dependent on exporting to the United States for continued growth and economic progress.

So although it’s certain that cyber attacks will continue, it’s also distinctly possible that many will stay relatively restrained. This could mean that America has more scope to retaliate than seems currently to be the case, but also that it has less need – and that we’ll need to (keep) getting used to greater levels of cyber risk if we want to keep reaping the benefits we perceive from more networked lives. In other words, we may be seeing the emergence of a cyber balance of terror similar to the nuclear balance of terror that helped avert great-power conflict during the Cold War. 

But there would still remain the risk of attacks from sources that don’t feel any stake in America’s continued viability, and could have even more broadly destructive aims. Dealing with these hackers – who could belong to major terrorist groups – will be complicated by the asymmetry problem: Relatively modest capabilities seem able to inflict tremendous damage on America’s economy and society.  Moreover, the perpetrators could be exceedingly difficult to track down and hack in return, and these enemies would have relatively little to lose in terms of physical assets and large-scale social systems. These observations lead me to the conclusion that the key to defeating these hackers lies not in the cyber realm but in the domain of broader counter-terrorism policies.

Our So-Called Foreign Policy: Obama Ignores a Crucial – Home-Grown – Cyber Threat

Tags

China, cyber-security, cyber-war, forced technology transfer, hacking, multinational companies, offshoring, Our So-Called Foreign Policy, technology, technology transfer

Here’s how you can tell that President Obama’s conference on cyber-security later today at Stanford University just doesn’t pass the seriousness test. There’s nothing on the agenda indicating that the administration will be dealing with the ongoing transfers of knowhow by U.S. technology firms to China that have taught the Chinese much about hacking and how to defend against it.

My 2013 article for BloombergView detailed the jaw-dropping scale of this activity by the likes of Google, Microsoft, IBM, Intel, Cisco, and other offshoring-happy multinationals. There’s no doubt that these transfers have slowed as Beijing has begun to push these firms around whenever their capabilities are no longer crucially needed. But there’s no reason to suppose that they won’t continue – as evidenced by the companies’ reaction to the latest conditions China will place on their businesses in the People’s Republic. In response to Beijing’s planned requirements that include turning over secret source codes for whatever equipment they sell to Chinese (government-owned) banks, the firms have simply called for “urgent discussion and dialogue.” The idea that they would shut down the numerous research centers and tech training programs they’ve set up in China is obviously as far off the table as the idea that the president would bring this matter up.

Yet if this hemorrhage of advanced, inherently offensive, hacking-related know-how to China isn’t stemmed, the various U.S. defensive measures being implemented and pursued could be largely and even wholly wasted – whether by the government, the private sector, or whatever cooperative arrangements they devise.

Worse, time is anything but on America’s side. As I’ve reported, no less than the Chairman of the Joint Chiefs of Staff admits that the United States has lost any superiority it might have had on cyber fronts. Unless American companies stop feeding the beast fast, the point will keep rapidly approaching at which China no longer needs them to become the world’s top cyber power.

Following Up: U.S. Confirms It Lacks Cyber-War Superiority

Tags

China, cyber-security, cyber-war, escalation dominance, Following Up, Joint Chiefs of Staff, Martin Dempsey, North Korea, nuclear weapons

Last month, I speculated that the U.S. government hasn’t responded devastatingly to hacking by China and North Korea (at least according to official charges) because it lacks escalation dominance in cyber-security. In other words, Washington is afraid to hit back hard at the hackers because it fears the hackers can hit America back harder still.

Now for the really bad news: I was right. And we know this from no less than General Martin Dempsey, Chairman of the Joint Chiefs of Staff.

Dempsey, the nation’s top uniformed military leader, told Fox News on Sunday that “In every domain…we generally enjoy a significant military advantage. We have peer competitors in cyber….We don’t have an advantage. It’s a level playing field, and that makes this Chairman very uncomfortable.”

Indeed, in a crucial sense, lack of U.S. escalation dominance in cyber-war is worse for Americans than the erosion of nuclear escalation dominance in East Asia about which I’ve also warned. The latter, after all, will mainly affect the security of American allies – because it could weaken Washington’s willingness to threaten nuclear weapons use in order to protect them. The United States’ ability to deter a nuclear attack on its own homeland still looks dependable – both because America’s own nuclear forces remain so formidable compared to any adversary’s, and because the use of nuclear weapons in a way that’s mutually non-catastrophic for attacking and retaliating country alike is so implausible, given the immense destructiveness of even one such device.

But escalation dominance in the cyber theater is vital for protecting major U.S. institutional targets, not allies. And since cyber-attacks can be calibrated much more easily, tit-for-tat exchanges are easily imagined.

As a result, cyber-security is unmistakably one area in which the United States has become steadily more vulnerable in recent years, and nothing said by Chairman Dempsey indicates that the situation will improve much any time soon. It’s clear, then, that much more work needs to be done on defenses and on offensive capabilties. But it’s equally clear that Washington needs to work much harder on strategies of denial, as loosey-goosey American corporate transfers of advanced technology all around the world have undoubtedly strengthened and in some cases created the cyber threats the nation now faces.

Our So-Called Foreign Policy: Why the Sony Hack Really Matters

Tags

"The Interview", China, cyber-war, escalation dominance, hacking, Kim Jong Un, North Korea, Obama, Our So-Called Foreign Policy, Sony

The most important lesson we may be learning from the hacking of Sony Corp. is also the most disturbing. From what Americans can know so far (and even officials lacking security clearances probably don’t know close to everything), it seems that the United States lacks cyber-war escalation dominance with North Korea as well as with China.

As I’ve written before, escalation dominance is strategists’ fancy way of describing retaliatory power so great that it puts an intimidating fear of God into any prospective attacker. Washington’s weakfish response to Chinese government hacking activity – mainly an offer to discuss hacking rules of the road with Beijing – certainly suggested strongly a determination that some kind of counter-hack or other punishment created too great a threat of a broader cyber-conflict that America simply could not risk waging.

The Obama administration has made no such suggestion to Pyongyang and the threats made by the hackers against prospective patrons of Sony’s “The Interview.” Indeed, the White House publicly threatened retaliation – which sounds more encouraging. So did the President’s own recommendation “people go to the movies” (albeit with the qualifier “For now).

But other administration remarks were much more disquieting. Chief among them were White House Press Secretary Josh Earnest’s statement that the President believes that “we need a proportional response.” If history teaches anything, it’s that such a tit-for-tat strategy is a sign either of weakness or political uncertainty (see “Vietnam War”), and worse, is interpreted this way by the adversary.

Further reinforcing my fears on escalation dominance are the clear differences between U.S.-China and U.S.-North Korea relations. America’s caution re Beijing’s hacking is at least in theory also justifiable by the myriad strategic and economic interests at stake. China’s aggressive moves in the South and East China Sea, for example, might still be neutralized through diplomacy that in turn could be jeopardized by a strong U.S. hacking response (though I’m skeptical of the former). America’s allies in Asia, moreover, are as reluctant to see anything rock the U.S.-China economic policy boat as are offshoring U.S. multinational companies.

It’s hard, however, to see how North Korea could become more hostile, at least rhetorically. (Any fear of military retaliation by Pyongyang would of course strongly indicate that America has also lost strategic nuclear escalation dominance, as I’ve previously warned.) And although Washington’s regional allies are still pretty conflict-averse regarding Kim Jong Un’s regime, no commercial considerations are complicating American calculations. (For the record, it would be completely unacceptable to let the tail of alliance unity wag the dog of the kinds of core U.S. security interests at risk here.)

And another troubling aspect of American policy: Reports that Mr. Obama “lately has been discussing the issue with aides every day” carry the hint that the Korean actions have Washington by surprise, and that even though cyber-hacking is no longer a new threat, nothing like promising retaliatory plans are yet in place.

I’m not saying that dealing with cyber-hacking is easy, and that goes double for hacking sponsored by foreign governments with formidable militaries. Unquestionably, numerous competing interests need to be balanced, and miscalculations could be disastrous. But America’s responses to date make painfully clear that the administration remains far from sorting out its priorities, and that as a result, the nation remains dangerously vulnerable to cyber-hacks.