Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Exploitation, warfare

Thoughts On The USCC’s New Report On Chinese Cyberattacks: CFR

On March 9th, 2012, Adam Segal wrote for the Council of Foreign Relations on the US-China Economic and Security Review Commission's recent report.  You can find that report here.  The report considered China's cyber-capabilities, the connection between the Chinese government and Chinese universities, and how the Chinese would likely target US logistic and transportation networks in the event of a conflict.

In his analysis of the report, Segal argued that we should remember four things:

1)  Much of the report explored the PLA's cyber-aspirations, not necessarily its cyber-capabilities.  There is a difference between what the PLA wants to do (as evidenced by their doctrinal writings) and what they can do.  Even the commission report noted that senior PLA officials have provided a "blunt assessment of the [Chinese cyber] shortcomings still being experienced." 

2)  Segal noted that the commission report is "not a net assessment."  In this sense, the report doesn't consider the US cyber-capability and how the US could repel the specific operations described.  So, yes, the Chinese may have this cyber-capability, but the US certainly wouldn't stand pat if the Chinese were to use it.

3)  Although the US may have an understanding of "Chinese thinking at the tactical level", we still don't know how the Chinese leadership views the "political or strategic implications of a cyberattack on U.S. interests" at the strategic level.  Segal explored this point with regard to critical infrastructure: would Chinese leadership limit cyberattacks to military targets, or would it be willing to move beyond military targets?

4)  Finally, Segal noted the effect of Chinese cyber-espionage and its impact on the US policy response.  The commission report found that "without retribution or hard evidence" of Chinese cyber-espionage, "Chinese leadership may be emboldened toward greater risk-taking for preemptive network-based attacks . . .."  To combat this, Segal believes that the US must engage in a policy of "calling the perpetrators out."

You can find the CFR source article here.

Leave a Reply