Is the cyber-threat from China underestimated?
(a response to the sadly misguided but still adorably informative @securitykitty)
According to @securitykitty China is heavily invested in the U.S economy. Here at Eagle Eggs, we think that’s putting it pretty lightly.
Perhaps, says the Security Kitty, China is not a truly credible threat because it wouldn’t benefit them to take action against the U.S. Or, at least, the sustained campaign of industrial espionage and currency manipulation, coupled with strategic posturing is…bearable.
A few points…
On cyber espionage…
“A health balance in the economy” may be overstating things a bit. We’re currently at an 80% trade imbalance with China — with imports increasing 13% per month and exports decreasing at 3%. The question of whether China is manipulating its currency to devalue the Yuan and widen the trade deficit is up for debate only in terms of how much and whether congress or the WTO should address it. The problems are structural, and espionage and intellectual property theft are central to the debate.
Approached from the method of trying to assess threat, vulnerability and consequence, we run into difficulty calculating the consequence of cyber espionage. It’s difficult to assess the cost of China’s documented, sustained and institutional cyber espionage only because it’s effects, as Libicki points out, are unbounded, and may take shape over long periods of time.
Chinese companies, in concert with the Chinese government acquire information through direct espionage, but also through the acquisition of tacit knowledge, hiring Americans, buying companies, and other means that require no violation of law, but are designed and support an overall strategic strategy for information control and exploitation.
On cyber attacks or sabotage…
DNI Clapper is clear — the threat of full scale cyber attack from Russian or China is unlikely, given the security fallout from such an attack would be prohibitive. So what is the value of targeted cyber efforts like infiltrating SCADA systems? Perhaps more alarming than a forthright attack, this certainly looks like the development of strategic contingencies. The Chinese hacking group that infiltrated Google in 2009 has since staged hundreds of cyber-assaults on defense companies and humanitarian organizations.
China is also messing with internet governance more broadly. From DNI Clapper’s worldwide threat assessment (page 2), China is identified as using “cyber influence” as a means to control and destabilize social movements, or potentially topple regimes.
In summary, as difficult as it is to quantify the cyber threat from China, underestimating it would be a grave mistake.
