Thoughts on USG Candor to China on Cyber

[InfoSec News <alerts () infosecnews org>]

http://www.lawfareblog.com/2014/04/thoughts-on-usg-candor-to-china-on-cyber/

By Jack Goldsmith
lawfareblog.com
April 8, 2014

Paul is skeptical about the USG’s unilateral briefing to Chinese officials 
on some of its cyber operations and doctrines that David Sanger discloses 
in the NYT.  He argues that China is unlikely to reciprocate, he doubts 
the usefulness of the unilateral disclosure, and he wonders why the USG 
does not share the information with the American public.  I think the 
matter is more complex.

First, it may be (as I have long argued) that greater candor by the USG 
vis a vis China is a necessary precondition to genuine progress on the 
development of norms for cyberoperations – both exploitation and attack. 
Unless we can credibly convey what we are doing and what we might do (and 
not do) in certain cyber situations, our adversaries will assume the worst 
and (a) invest in their own cyber programs to keep up – a classic arms 
race situation, and/or (b) interpret particular cyberoperations in a 
risk-averse fashion, in their least charitable light, which might induce 
unwarranted escalation in those contexts. Our adversaries will rationally 
assume the worst because, despite USG claims about its responsible use of 
cyber exploitations and attacks, the news is filled with reports about 
prodigious USG cyber-operations and aggressive plans in this realm. 
Indeed, as Sanger notes: “The Pentagon plans to spend $26 billion on 
cybertechnology over the next five years — much of it for defense of the 
military’s networks, but billions for developing offensive weapons — and 
that sum does not include budgets for the intelligence community’s efforts 
in more covert operations.  It is one of the few areas, along with drones 
and Special Operations forces, that are getting more investment at a time 
of overall Pentagon cutbacks.”

Second, Paul is right to be skeptical about reciprocity by China.  But it 
sounds like the United States didn’t give up much new information on U.S. 
doctrine for the use of cyberweapons.  (Sanger states that “elements of 
the doctrine can be pieced together from statements by senior officials 
and a dense “Presidential Decision Directive” on such activities signed by 
Mr. Obama in 2012.”)  More importantly, the United States can in theory 
benefit from unilateral disclosure of doctrine and weapons capabilities 
even if China doesn’t reciprocate, for the unilateral disclosure might 
assist China in interpreting, and not misinterpreting, USG actions in the 
cyber realm – all to the USG’s advantage.  As Sanger says, “American 
officials say their latest initiatives were inspired by Cold-War-era 
exchanges held with the Soviets so that each side understood the “red 
lines” for employing nuclear weapons against each other.” In theory, 
unilateral information disclosure to China about the nature of USG 
cyberoperations can help China interpret USG actions properly, and can 
thereby help tamp down on the possibility of mistaken escalation by China; 
and the USG might also in this manner help China to see the benefits to 
itself in disclosure to the USG.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/