US hopeful China will recognise its cyber war rules

The US Department of Defense’s latest assessment of China leaves little to the imagination about which country’s it thinks is the greatest cyber threat to US private sector and defense industry organisations.

While no one has, with 100 percent certainty, pinned the Chinese Government for cyber-attacks on US government and Western companies, in its 2012 report, “Military and Security Developments involving the People’s Republic of China” the US Secretary of Defense considers it likely that, “Beijing is using cyber-network operations as a tool to collect strategic intelligence.”

“In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China,” the report notes.

It later notes that Chinese actors “are the world’s most active and persistent perpetrators of economic espionage”.

The report raises China’s unwillingness to acknowledge the “Laws of Armed Conflict”, which the Pentagon last year determined did apply to cyberspace.

Robert Clark, operational attorney for the U.S. Army Cyber Command told Australian delegates at the AusCERT conference last week how the Laws of Armed Conflict in cyberspace might work internationally to determine when a country can claim self-defence and how they should measure a proportionate response.

One problem with it was highlighted by Iran, following the Stuxnet attack on its uranium enrichment facility in Natanz, which never declared the incident a cyber-attack.

Air Force Colonel Gary Brown, an attorney for US Cyber Command, in March this year detailed dozens of reasons why Iran, in the context of the Laws of Armed Conflicts in cyberspace, didn’t declare it an attack. This included that difficulties remain in attributing such an attack to a single state.

Concerns in the US over China not recognising the Law of Armed Conflict in cyberspace heightened after China and Russia proposed the “Code of Conduct for Information Security” to the UN last September.

Under that code, “governments exercise sovereign authority over the flow of information in cyberspace”, the report notes.

Policy analysts at the Council on Foreign Relations have drawn the conclusion that while US policy makers would likely welcome the code’s recognition that internet security was a global challenge, the emphasis on “information” as opposed to “cyber” security would jar with support for the protection of freedom of speech.

The US appears to be hopeful that China’s continued expansion will force it to see things the American way.

“China has not yet accepted that existing mechanisms (such as the Law of Armed Conflict), apply in cyberspace. However, China’s thinking in this area may evolve as its own exposure increases through greater investment in global networks.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.