Cyberwars

Just as physical borders are a symbol of sovereignty, so are the growing borders in cyberspace

I have been reading an excellent but terrifying novel by two cyber tech specialists, Peter Singer and August Cole, called Ghost Fleet, which imagines how the Chinese ambition to push the US Navy out of the Western Pacific would play out. It begins with Chinese hackers disabling the Pentagon’s command and control system which makes US fleets blind, particularly as many have Chinese manufactured electronic components with “backdoors” embedded in their operational systems. With a Pearl Harbor-type attack on the US Hawaiian fleet, China occupies Hawaii and controls the Western Pacific. In the fightback, the US resurrects its old naval ships, which had been mothballed but have the advantage of not having any modern electronics that could be hacked. This is the ghost fleet which is armed by a newly invented Mach7 cannon called the rail-gun, developed by the US’ DARPA to counter the Chinese new DF21-D anti-ship missile known as the ‘carrier killer’. This US ghost fleet destroys the hitherto triumphant Chinese fleet it engages near Hawaii. How realistic is this and what are the lessons to be learnt from this imagined future?
 
The first point to be emphasised is that despite the current furore over Russian hackers undermining Western elections, the major threats are from China. As Robert Hannigan, the former director of the UK’s GCHQ, writes: “China manufactures an estimated 90 per cent of the world’s IT hardware, including three-quarters of all smartphones.” But, not only is Chinese technology ubiquitous, “it is increasingly world-leading”. The leading suppliers of the new faster 5G technology are all Chinese. This poses a security risk. The British have been experimenting with “scrutinising the software and hardware installed by Huawei in UK networks". This involves scanning a vast amount of code, but there are severe difficulties in understanding the IT supply chains. They can be very long and software vendors could “subcontract its code writing many times over. Even where hardware and software can be scrutinised, spotting the difference between an engineering mistake and a deliberate ‘backdoor’ is often a matter of judgement”. The vast resources needed to vet the IT global supply chain are not available and even if they were, they would reduce the net economic benefit from using Chinese IT components in mobile telephony. It is in this context that an unrecognised security benefit of President Trump’s current trade war with China is that it will disrupt these Chinese-dominated supply chains and provide incentives for their replacement by indigenous ones.  In a war, such security benefits trump any foregone economic benefits.   

Illustration by Ajay Mohanty

The US and other liberal democracies are in an undeclared cyberwar with China (and the others in the League of Dictators: Russia, North Korea and Iran, but with the greatest threat being from China). For, as the American Enterprise Institute’s Zack Cooper has noted in a recent report (“Understanding the Chinese Communist Party’s approach to Cyber-enabled economic warfare’’, www.defenddemocacy.org/zack-cooper, September 2018), cyber warfare is part of Chinese geopolitical strategy to challenge US hegemony. China is estimated to be responsible for 50 to 80 per cent of cross-border intellectual property theft worldwide and over 90 per cent of cyber-enabled economic espionage in the US. It is estimated this intellectual property theft could cost over $300 billion annually. The cumulative effect of Chinese cyber-enabled economic espionage has been to “erode the United States’ long-term position as a world leader in innovation and competitiveness. Perhaps most worryingly, China is reversing many of the US military’s technical and industrial advantages and creating potential vulnerabilities should a conflict arise”.
 
In 2015, the then President Barack Obama and President Xi Jinping signed the US-China cyber agreement that neither China nor the US would in Mr Xi’s words “be engaged in or knowingly support online theft of intellectual properties”. Yet, in November 2017,  “the US Department of Justice unsealed an indictment against three individuals from Chinese internet security firm Boyusec, for cyber attacks against financial, engineering and technology companies”. The Justice Department failed to get any Chinese cooperation in its investigation, leading two commentators to note “that this indictment suggests that China is either violating the 2015 deal or exploiting its ambiguities (Zack Cooper, ps.34-35)”.  This reflects Hobbes’ dictum “that covenants without the sword, are but words, and of no strength to secure a man at all”.
 
The basic problem in dealing with China is that it was incorporated into the international trading system on the hope that it was moving towards a private enterprise-based market economy whose actions could be judged by conventional economic criteria. Thus, mainstream economists have maintained that in a market economy, dumping would not be in the economic interest of private firms. But, as China has moved towards an authoritarian state capitalism, it has used trade policy to further its geopolitical aims even if it leads to private losses through dumping. This raises the question whether there can ever be mutually beneficial free trade with a strategic enemy.
 
In a survey, “Assessing the Risks of Cyber Terrorism, Cyber War and other Cyber Threats”, www.csis.org, James Lewis of the Center for Strategic and International Studies finds that “infrastructure in large industrial countries are resistant to cyber attack... Infrastructure systems, because they have to deal with failure on a routine basis are also more flexible and responsive in restoring service than early analysts realized”. The real security risks are from espionage and cybercrime. But even for infrastructure, the vulnerabilities to cyberattack increases “as societies move to a ubiquitous computing environment when more daily activities have become automated and rely on remote computer networks”. Also, the move from “relying on dedicated proprietary networks to using the Internet and internet protocols for their operation” creates new avenues of access.
 
It is in this context that the Indian government’s plans to prohibit the international transfer of data generated by Indian e-commerce users and the Reserve Bank of India’s prohibition of overseas transfers of Indian financial data should be seen. This will, as Financial Times has argued in an editorial (September 11, 2018), be a “further move towards breaking up the world into a series of data regimes” —  a “splinternet” — which “could seriously retard the growth of data enabled innovation beyond simply the delivery of online services”. But this economic argument is unpersuasive, just as that for free immigration across national borders is no longer plausible for political reasons. Just as physical borders are an important symbol of national sovereignty, so are the growing borders in cyberspace in an increasingly dangerous geopolitical world.
 
In cyberspace, bilateral agreements between states to control their indigenous e-data (as Germany is instituting for reasons of privacy and security) may be desirable to get some of the gains from free trade in electronic data. It has also been suggested by Keith Alexander (Financial Times, September 5, 2018) that to counter the threat of cyberwar from the League of Dictators — particularly China — a cyber Nato of the free world should be set up. This is worth exploring. But it would need the support of the US, which for the moment seems doubtful under President Donald Trump.