US and China in Cyberspace

This article on US/China cooperation and competition in cyberspace is an interesting lens through which to examine security policy.

Posted on October 4, 2016 at 6:40 AM • 8 Comments

Comments

Ross SniderOctober 4, 2016 1:13 PM

The very start of the first General Election debate in late September was about cyberwar.

Both candidates offered non-answers: "we must do better!" before turning to rumors and to ruin the others' reputations and into the drivel that continued from both candidates for the remainder of the public spectacle.

Ross SniderOctober 4, 2016 4:16 PM

This reads like a giant advertisement for the US.

For example it reads "However, China has not become a responsible steward of the Internet. In September 2016, Bruce Schneier, one of America’s most respected cryptologists, expressed concerns that China may be responsible for repeated persistent DDOS attacks against the basic infrastructure that enables the Internet. Moreover, China continues to hack, to undermine human rights online, and to take actions that undermine freedom of expression in the U.S. and other countries."

It hooks on speculation/rumor about potential Chinese activities, lamenting that it is not a good steward. The article fails to mention the US global surveillance programme, or it's censorship and propaganda activities that undermine freedom of expression in countries around the world.

It reads like a Beltway Satellite organization trying to communicate an idea but only able to publish it under the lens of acceptable nationalistic editing.

Some of the content in this is interesting, though as a summary it is still extremely shallow.

Also interesting is the receding investment in policy circles to establish cyber-norms as a precursor to the creation of international law governing the cyber domain.

DroneOctober 5, 2016 3:13 AM

China is impregnating our society with huge numbers of insecure Telecommunications and IoT devices. Once a critical threshold is crossed, China will have complete control over whether our information infrastructure collapses (along with our society as a whole), or not.

Clive RobinsonOctober 5, 2016 5:19 AM

@ Drone,

Once a critical threshold is crossed, China will have complete control over whether our information infrastructure collapses (along with our society as a whole), or not.

It rather depends on your viewpoint. If and only if such a threshold exists or is reached, is not realy down to China, they are just taking a long term view on the US shortsighted thinking.

In economic theory it's the buyer who is at fault if this occures. Because in a perfect free market they would have a full range of choices of what to buy.

However as we repeatedly see a "free market" can be used as shorthand for "blindly rushing head first into a race for the bottom".

The reality is the actual end consumer has little or no choice as that is made for them by those who control production of goods.

Even so the fault is profit oriented "shortsightedness" by those in the US. China is only taking advantage of it potentialy for longer term goals.

Then again is it "China politically" or "China production" that is responsible?

Think in terms of the US Gov and the likes of Facebook, Google and more recently Microsoft. The companies decided to harvest user data for profit, the US Gov just came along and availed themselves of what had been collected...

There is the old saws of "there is no such thing as a free lunch" and "not looking a gift horse in the mouth". If you do the latter then you will fall prey to the former.

The US is fragile in that to stay afloat it chases technology very hard. As has been observed often "the leading edge is the bleeding edge" and few think about the implications of the latest techno toys.

The view of the twin towers going down should have been all the wake up call that was needed. Put simply a group of near unskilled individuals took the high tech toys that the US had become dependent on and turned them around into guided missiles. Untill people at all levels realy heed that message then what you are imagining will in one way or another happen again, it's guaranteed.

So the solution to the problem ultimately belongs with investors and shareholders in the US. Personaly I can not see that short term thinking changing so, yes what you foresee is not unlikely.

But will it be China, possibly not, their economy is becoming increasingly tied to that of the US thus bringing the US down would not be a good move currently. Hence the question of "China political" or "China production". Whilst I can see Political being cautious, I do not see Production being so. Thus they will introduce flaws etc without real thought.

Which leaves the question of who will exploit the flaws. Whilst an individual sitting in their bedroom might not be the 400lb Donald Trump alluded to, it is certainly possible with enough "data gathering" flaws for an individual to become "an army of one". Thus it might just be some goat hearders son in Afghanistan or other place the likes of IS or equivalent are going to be operating in, ironicaly perhaps using a computer bought with US Oil Money...

Cows in SpaceOctober 5, 2016 7:13 AM

This piece looks long on sweeping generalizations, and alarmingly short on specifics. I am left wondering just how much reality (or--more likely--how little) the author and I share.

After a US Senatoresque assertion like…

Meanwhile, America's internet innovators are increasingly turning to the U.S. government to protect them from cyber-hacking, cyber-theft, data localization, and censorship.

…I expect to find some helpful example of an "internet innovator", along with a reference to some representative act of hacking, theft, data localization, or censorship, just to be reassured that we, the author and I, are on the same page or, barring that, to learn what page I can turn to in order to understand what on earth the author is talking about.

What serious company, and an "internet innovator" at that, would ever depend on a government for its cyber-security anyway? I need an example.

Data localization, I hear, is a concern of Microsoft's. But somehow I doubt the author understands this to be (or expects the reader to understand it as) blowback from the US government's own outrageously lawless behavior, and the consequent, well-deserved global distrust of companies under US jurisdiction.

But does Microsoft even count as an "internet innovator"? Without confirmation in the form of an example, one cannot be certain the author does not consider it the pre-eminent archetype.

What is cyber-theft? Is that what they are calling it, these days, when somebody finds documents on a server, indexed in some search engine, that were not intended to be made publicly accessible? Or, even more absurdly, is Sony an "internet innovator"? Because "cyber-theft" sounds an awful lot like Hollywood dinosaur talk. Please don't tell me this is, somehow, about the MPAA or enforcement of region-coding on DVDs.

Wait. Is this really about so-called international trade agreements (AKA investor-state dispute resolution monstrosities) like TPP/TTIP?

Grand generalizations. Unintentionally comical politico-national stereotypes. No illustrative examples, apparently, worthy of explicit mention. Copious links to pdfs on the US Trade Representative's web site. (Briefly, I touch my back pocket, making sure my wallet is still there.)

It reminds me of a passage in another article I read recently, on a totally unrelated topic:

http://www.alternet.org/personal-health/proven-wrong-about-many-its-assertions-psychiatry-bullsht


The goal of bullshitters is not necessarily to lie about the truth but to persuade their audience of a specific impression so as to advance their agenda. So, bullshitters are committed to neither truths nor untruths, uncommitted to neither facts nor fiction. It’s actually not in bullshitters' interest to know what is true and what is false, as that knowledge can hinder their capacity to bullshit.

An "interesting lens" indeed.

Takes Two To TangoOctober 8, 2016 1:59 PM

@drone - "China is impregnating our society with huge numbers of insecure Telecommunications and IoT devices."

Internet Of DisinformationOctober 9, 2016 1:33 PM

"China has not become a responsible steward of the Internet."

*Cough* Tiananmen Square Massacre *Cough* results not in Google.cn searches *Cough*

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.