Gaining access to intelligence and information has long been an accepted norm for governments, part of a world of espionage that is largely unregulated on an international level. Gen. Martin Dempsey, US Joint Chiefs chairman, acknowledged as much in a June speech at the Brookings Institution. (Karen Bleier / AFP)
WASHINGTON — Surprisingly, sorting out the rules connected with all-out cyber war has picked up considerable steam. A little more than a month ago, a gathering of officials from more than a dozen countries including China and Russia agreed to apply international law on warfare to cyber.
But coming to agreement on the more pervasive threat — constant cyber intrusions emanating from China — is proving far more challenging. Even defining the difference between intrusion and attack gets thorny. It’s one of the areas playing a key role in the ongoing dialogue between the two countries on the issue, an issue that contains definitional disagreements, cultural standards, and even technical ambiguity.
“It’s not always clear,” said Christopher Painter, US State Department cyber coordinator and chair of the cyber dialogue with China. “The two major threat concerns that we’re facing right now, there are three but two are realized, the other being this cyber war hypothetical. The two that are realized are things like denial of service attacks. That’s sustained but it’s not going to be debilitating. But that’s an attack. But you don’t use the attack term for an intrusion. It’s not an attack, it’s an intrusion. We always try to be very precise.”
The definitional problems stem from a basic issue with intrusions: they can become attacks at the click of a mouse, but aren’t inherently attacks from the get go. And differentiating between an intrusion that will only snoop versus an intrusion that could lead to damage to a system is essentially impossible, said Jeff Moulton, a researcher at the Georgia Tech Research Institute.
“It’s hard to figure out when an intrusion is going to turn into an attack,” he said. “In fact, you can usually only be certain after the forensic investigation. ‘Intrusions’ come down to motivation/intent.”
Moulton compared the predicament to determining the difference between trespassing and an attack on a home. Stepping foot on someone’s property is still intrusion and therefore not accepted, but it’s not the same as destroying a house. But when an attacker crosses a property line onto a lawn, there’s no way to tell if that person is an attacker or a trespasser.
In much the same way the US encounters countless intrusions on systems, intrusions that thus far haven’t turned into destructive action, but they are still of concern because the intruder now has the access needed for an attack.
Gaining access to intelligence and information has long been an accepted norm for governments, part of a world of espionage that is largely unregulated on an international level. Gen. Martin Dempsey, US Joint Chiefs chairman, acknowledged as much in a June speech at the Brookings Institution.
“The activities that nations conduct in the intelligence area have some pretty clear standards,” he said. “For example, if we move away from cyber, we run strategic reconnaissance flights outside of Chinese territorial waters for example, in order to gain some insights into the Chinese intentions. All countries on the face of the planet conduct those activities.”
But besides the general issue of intrusion, the larger problem appears to be the type of intrusion. China has focused on stealing intellectual property, an area that the US considers off limits.
“China’s particular niche in cyber has been theft of intellectual property and I’ve had some conversations about that with them, and the conversations generally, we tend to agree to disagree,” Dempsey said. “Their view is that there are no rules of the road in cyber, there are no laws that they’re breaking. There are no standards of behavior, and so we have asked them to meet with us in order to establish some rules of the road so that we don’t have these friction points in our relationship.”
Experts say that is largely a cultural tradition, the notion that ideas are not protectable. In general, the Chinese government considers data intrusion required for stealing tech as part of the broader acceptance of espionage.
The US, in contrast, doesn’t accept that, and has been raising the issue in dialogues on cyber, the next round of which is scheduled for this fall.
“When you think about what really matters, obviously infrastructure matters, we care about that, obviously financial institutions matter, but also if all your trade secrets are going out the window and could be used to capitalize later on, that really drains the life blood out of the economy, which has long term huge effects on any country in the world,” Painter said. “There is a distinction when you have targeted activity that is intrusions that’s taking commercial information and the commercial information is being used for commercial purposes. That’s something that the US doesn’t do. That’s one of the norms that we’re very serious about advancing, that that’s not something that we should be doing.”
Finding a solution to the diametrically opposed positions on commercial espionage is unlikely, said Ian Wallace, a visiting fellow at the Brookings Institution who helped draft the UK’s cyber policy.
“It’s very difficult to come up with a compromise,” he said.
What may end up moving the needle is the growing problem large Chinese companies are having with their own property being stolen by other Chinese companies, Wallace said.
“It is an increasing problem within China that those companies that are developing their own intellectual property are now facing compromises from companies within the country,” he said. “In the long term there is some hope that they will see the benefit.”
Even if the dialogue can’t hammer out the most glaring difference between the US and China — the intellectual property issue — Painter said that having discussion with China to help create a more candid and open exchange on cyber is critical, pointing to similar efforts with Russia.
“One of the breakthroughs there is the president announced these bilateral confidence-building measures with the Russian Federation, which are the first of their kind in cybersecurity anywhere,”he said. “They’re not rocket science, they are having a hotline, that’s a good transparency measure. This is something familiar in the non-cyber world, but hadn’t really been applied in the cyber world. If you have transparency measures that make countries more comfortable dealing with each other if they don’t have that level of trust, you build on those cooperative measures where they may be cooperating against a third party threat for instance.”
The Chinese government, through its English language mouthpiece China Daily, has offered similar sentiments.
“This institutionalized dialogue will ease friction and mitigate a possible flashpoint, which could lead to a larger crisis,” a recent editorial said.
Of course, issues such as the Edward Snowden leaks complicate discussions. But while he wouldn’t directly address the Snowden issue, Painter did describe his optimism with the process even after just one round of dialogue.
“I think a lot of countries want to discuss these issues, particularly the cybersecurity issue but also cyber governance and other issues in cyberspace, because they’re recognizing how important this is to their own development.”
“Look, this was the first meeting. We’re going to have another meeting before the end of the year. We’re also going to have intercessional discussions. I know I’ve been to China more than any other country since I’ve taken this job.”