As Congress considers the controversial CISPA cybersecurity bill, the U.S. and China have begun high-level military talks aimed as setting international norms for cybersecurity. These talks are a much-needed response to the growing problem of cyber spying, and the threats in the newest type of battlefield — the Internet.
Last month the Obama administration demanded that the Chinese government seize its hacking operations into American computer systems and agree to discuss guidelines for international cyber security. This demand followed a February New York Times and Mandiant investigation linking the People's Liberation Army's (PLA) to cyber attacks on the companies at the backbone of America’s economy and infrastructure.
It is important, however, to consider that China is also a victim of cyber attack. As reported by the Financial Times: "... as a late starter, China's Internet is highly vulnerable and among the most victimised by cyber attacks. The latest figures show that in the past two months, 6,747 overseas servers were found to have controlled more than 1.9m mainframes in China with Trojans or botnets."
Although some experts claim the threat of cyberwar is overblown, it is undisputed that the threat is only going to grow, and this meeting offers a rare possibility for the U.S. to preemptively attempt to contain the security threat that is bound to come from the current "cyber arms race."
The administration is not taking the threat of such an escalation lightly. In his State of the Union Address, the president emphasized that America's enemies are "seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems." Chinese leadership seems receptive to Obama’s concerns. The Chief of the PLA’s General Staff, General Fang, expressed his hopes for a "new kind of military relationship that is consistent with the state-to-state relationship."
The first highly publicized instance of cyber warfare was its use by Russian forces as part of their kinetic war with Georgia in 2008. Cyberattacks on Georgian command, control, and communications systems had the effect of what has been called a "virtual blitzkrieg" — weakening the opponent's ability to effectively respond to a ground attack. Some experts, however, believe that cyber warfare is making international conflicts less costly. In making his case for cyberwarfare, Tim Maurer notes that, "Such attacks could theoretically cost lives if they shut down emergency hotlines, for example. But they're not the sort of thing that should keep us up at night." Further, Maurer notes that the Stuxnet virus that was allegedly launched by the U.S. to infect Iran's nuclear facilities and pushed back Iran's nuclear development by several months should be celebrated.
As both China and the U.S. are fortifying their domestic information systems and growing their cyber attack capabilities, the current engagement between the two world powers is essential to prevent possible future escalations due to these cyberattacks, whose potential effects are not yet fully understood.