James Lewis is Director of the Technology and Public Policy Program at CSIS, Washington, DC. This is the last in a five-part series on Asia in the age of cyber threats. Part 1; part 2; part 3; part 4.
Conflict and competition in cyberspace is part of a larger shift in the international security environment as power flows away from Europe and as global institutions developed after World War II are challenged by new economic powers. A new, multipolar order is emerging and in the previous four posts we have seen how cyber competition will be part of this change. It will not be narrowly military, but will include a contest to influence and control the structures and rules of global finance and business.
To once again emphasise the themes of this series: first, there is a continuum from cyber crime to espionage and other forms of cyber competition in Asia; second, much of the activity in this sphere is China-centric; and finally, these activities do not constitute war, but cyber competition can add to the risks of conflict.
These risks can better be managed if cyber conflict is put into a framework of shared understandings and with the application of international law. Controlling this risk requires establishing 'rules of the road' in cyberspace on state behaviour, understanding military intention and cooperation on cyber crime. Asia's relatively weak institutions for international security cooperation do not bode well for effective discussions on these issues at an inclusive region-wide level.
One alternative would be to await global understanding of cyber conflict to reduce the chance of cyber conflict in Asia. There are several 'global' efforts to reconsider cyberspace governance and cyber security already underway, including work in governmental expert committees in the UN and its agency the International Telecommunications Union.
Another alternative would be bilateral discussion between the US and China. A'G2' approach has some appeal – cyber security issues were raised at both the 2011 Security and Economic Dialogue and in recent meetings between Barack Obama and Xi Jinping.
The US also needs to work closely with its regional partners, acting as a proxy for their interests and bearing in mind that any understandings with China will need to ultimately be implemented on a regional and global scale. Serious cooperation on cyber security may have to begin in the three separate bilateral security arrangements the US has with Australia, Japan and the Republic of Korea. Improving relations with India also offer some scope for collaboration, particularly since India is concerned about Chinese cyber activities.
As with other security issues in Asia, China's activities have created an implicit commonality of interests among other regional powers. However, Asian nations which negotiate a collective defence in cyberspace would exacerbate Chinese fears of encirclement or containment by the US and its allies.
The most important way to assure China, reduce its suspicions and also restrain its malicious activity in cyberspace is through engagement and confidence building. China asked to include cyber security on the 2011 Strategic and Economic dialogue (S&ED) agenda, an indication of their interest if not concern. The US and others can engage China over cyber security as was done in the 1990s on nuclear non-proliferation. Military exchanges would also be useful, but these would need to take place outside the US-China relationship as US military defence officials report that the PLA is unwilling to engage them in dialogue on this issue.
Key decisions for China include deciding when the costs and risks of its cyber espionage programs outweigh the benefits, whether the use of proxy forces (which can be difficult to control) increase the risk of conflict, and how to direct internet activities so that the growing political power of China's netizens does not compromise the Party's control.
The experience of the Orange Revolution in Ukraine, dissent in Iran, and the more recent Arab Spring reinforce the notion inside China that new technology creates political risks that the US will seek to exploit. One Chinese official stated in private meetings that 'Twitter is an American plot to destabilise Iran' (and, by implication, China). It is difficult to see how these ingrained suspicions can be overcome in the near term.
Global information networks connect national economies more closely than ever before. They accelerate research and innovation. But they have also become a source of vulnerability and a new venue for conflict. Given that cyber conflict occurs on a global network, it is hard to 'regionalise' it, but just as Asia has become the most dynamic venue for global economic activity, so has it also become the locus of cyber conflict.
Photo by Flickr user HaPe_Gera.