The United States often poses itself as a champion of international cybersecurity despite its extensive record of transgressions in the realm of cyber-attacks and surveillance, according to which some would even proclaim the nation a global adversary. Concurrently, China’s involvement in intentional cyber-attacks targeting vital American infrastructure and cyberspace remains increasingly prominent. The hacking entity “Stone Panda,” and most recently in June Chinese intelligence hacked into Microsoft
MSFT
Manipulating Public Opinion
In the past few decades, the U.S. has developed a sophisticated mechanism to exert its soft power on the rest of the world. The country remains the leading voice in many regional and international alliances, and it is home to many of the most widely-known news and media companies in the world. The strength of U.S. soft power was evident during the cold war era, but now with the rise of China and the competition it presents as a potential global leader, each nation is vying to get its narrative out.
By and large, definitive proof regarding the Chinese government’s access to TikTok user data remains elusive. However, it is widely regarded that if The Chinese government wanted access to TikTok’s user data it could obtain it.
Restricting Information
The U.S. is known for its prominent role in global academia and all forms of formal and informal knowledge exchange. It has welcomed scholars and students from countries all over the world, with China being one of the few exceptions from which scholars and students are treated as potential spies and viewed as looming threats to cyber security. As a result, many Chinese students have faced difficulties seeking entrance to the U.S. for academic studies and even international conferences.
Additionally, in 2014, Chinese-American hydrologist Sherry Chen was arrested under allegations of espionage, accused of sharing confidential information with the Chinese government. Subsequently, her innocence was established, leading to the charges being dropped. Despite the exoneration, the false accusations resulted in her wrongful dismissal.
Abusing Cyber Attack Capabilities
The United States has been involved in a number of events where suspicions arose regarding its use of cyber attacks to accomplish political and military objectives. For example, in 2010, a worm virus named “Stuxnet” was launched against Iran’s nuclear facilities by exploiting the security vulnerabilities in the control systems. This caused the destruction of at least one-fifth of the centrifuges at the Iranian Natanz uranium enrichment plant. This worm was allegedly designed and distributed by the U.S. to hinder Iran’s nuclear weapon development plan.
One notable example of China being accused of abusing its cyber attack capabilities involves the alleged state-sponsored hacking group known as APT41 (Advanced Persistent Threat 41). This group is believed to have originated in China and has been linked to various cyber espionage and cybercriminal activities targeting both governments and private sectors around the world.
Disregarding International Law
In September 2015, President Xi of China and President Obama of the U.S. reached a mutual agreement that the two countries should not “engage in or knowingly support commercial cyber espionage for commercial interests.” However, the U.S. and China seemed to have largely ignored the agreement and continued to engage in commercial cyber espionage. For example, the Central Intelligence Agency’s cyber attack division APT-C-39 has conducted network infiltration attacks targeting multiple areas in China for up to 11 years.
China’s alleged disregard for international cyber laws pertains to its involvement in the “Operation Aurora” cyber attacks. These attacks targeted several major technology companies, including Google
GOOG
These attacks are not only a severe violation of international cyber law and a country’s sovereignty in cyberspace, but also a significant threat to national security, economic security, critical infrastructure security, and the personal information security of the general public.
Leveraging International Influence
The U.S. has been an active participant in critical cyber events and conferences and a dominant power in the drafting process of several international cyber frameworks such as the NIST Cybersecurity Standards. The significant economic and political role that the country plays in the world would usually convince international companies as well as many governments to side with these frameworks due to reasons such as facilitating trade and gaining a more politically favorable position with the U.S. This would often lead to the U.S.-led cyber frameworks and regulations being accepted as “golden rules” across the globe, even in the situation where such roles may compromise the benefits and security of non-U.S. companies and governments.
It is also worth noting that the few countries that do benefit from U.S-led cyber frameworks tend to be established allies and partners of the country, which exclude the majority of third-world countries in the world. The U.S. often appears generous in assisting its allies and partners in cybersecurity matters but need to play a more active and sustained orle in addressing the lack of cyber infrastructure and security assistance of third-world countries. America’s neglect of the global south will only widen the technological gap between countries with advanced cyber capabilities and countries that do not have such power.
Cyber Resiliency Strategies:
Due to the existence of adversaries outside of the U.S., it would be beneficial for China to engage in more dialogue to address the cooperation in cyberspace with the U.S. and other countries. Such dialogue can focus on threats that both countries face and are concerned about and serve in sharing best business practices for Chinese and US cybersecurity professionals. This must become the starting point for the two countries to establish and build mutual trust and partnership in cyberspace and pursue more responsible use of cyber power.
Enhanced collaboration with countries other than the U.S. would also be greatly beneficial since it could forge new partnerships and potentially counteract existing U.S.-led narratives in cyberspace. By sharing knowledge and information and performing joint exercises with these countries, China would not only attain more coordinated responses to cyber threats, but also potentially improve its international reputation. Special attention should be given to helping third-world countries improve their critical infrastructure and cyber knowledge since they are often neglected by the U.S. and its allies. This may present a unique opportunity to establish new international cybersecurity frameworks and models that produce more diverse views of perspectives.
The existing gap in information and communication technologies between China and U.S. will necessitate increased investment in research and development of improved cyber technologies, such as artificial intelligence and quantum computing. A parallel action must include training more cybersecurity professionals so that China and the US have a trained workforce that can defend each respective country and share best business practices with the global community to thwart global criminal syndicates and cyber attacks and deploy countermeasures when needed.
A comprehensive cybersecurity global strategy should be devised to identify potential threats and vulnerabilities, define the roles and responsibilities of all personnel involved, and set clear policies that would guide coordinated policy responses. This framework would outline preventative measures against potential cyber attacks and be integrated into existing and future cyber infrastructure in government and civilian institutions. The future of a global coordinated cyber security response depends on this.
Special thanks to Ms. Fan Lin, Masters of Science Candidate for Global Security, Conflict, and Cybercrime at NYU’s Center for Global Affairs and Summer Analyst at CJPA Global Advisors for her exceptional editorial edits, content, research and quantitative graphs which she provided.
Read the full article here