Breaking the long silence
On Monday, May 6, 2013, the Pentagon released their annual report to Congress, explicitly accusing the People’s Liberation Army (PLA) of sponsoring cyber operations against American government agencies and industries. Analysts and observers of global affairs and international security have long suspected the complicity of the Chinese state in coordinating and sponsoring cyber operations. However, the Pentagon’s report constitutes a significant step toward the “naming and shaming” of the perpetration of cyber operations by state actors.
In February 2013, the cybersecurity firm Mandiant published a damning report accusing the People’s Liberation Army (PLA) of operating a network of hackers profiled as “Advanced Persistent Threat 1” (APT1) and subsequently identified as Unit 61398. Although the cybersecurity firm openly accused Chinese officials of the digital espionage and theft of secrets from more than 150 agencies, companies, and organizations, the Obama administration refrained from pointing the finger at the highest echelons of the People’s Republic of China (PRC)—until last Monday.
Cyber espionage in perspective
The longstanding silence on the part of the U.S. officialdom regarding China’s activities in cyberspace has ended. However, as the U.S. and their allies condemn China, they should keep in mind that a broad range of cyber operations are undertaken by virtually every modern state. As the Pentagon report notes, China seeks to reduce the technological gap between itself and the U.S. with the aim of achieving a relative advantage in cyberspace. China points to the fact that their security has also been breached by cyber operations. Experts such as Andrea Renda of the Council on Foreign Relations highlight that of the top 15 countries that are sources of cyber attacks, China ranks tenth, behind powers such as Russia, Germany, the U.S., and India.
What are the implications of the explicit attribution of cyber attacks to the PRC? Additionally, what are the broader ramifications of cyber espionage for NATO, Canada, and global security? Cyber spying, regardless of who engages in it, has significant implications for NATO, Canada, and global security. In 2007, NATO witnessed the devastating potential of digital attacks in Estonia and again in 2008 during the Russia-Georgia War. Subsequently, NATO has formed the Cooperative Cyber Defence Centre of Excellence (CCD COE), appropriately in Tallinn, Estonia.
NATO has prudently incorporated considerations of cyber security into its Strategic Concept. This most recent development in the cyber relations between the U.S. and China is part of broader global trend in which considerations of cybersecurity affect the formulation and conduct of foreign policy. In the second decade of the twenty-first century, the importance of cyberspace as a domain cannot be denied. International commerce, the functioning of critical infrastructure, and the exchange of information rely on the channels of cyberspace. As a member of NATO, Canada must take further steps to develop its cyber security capacity, as cyberspace constitutes a pivotal domain, equal in strategic importance to the domains of air, ground, and sea.
The way forward?
The next step for the international community on the topic of cyberspace is not entirely clear. However, there are some measures that are conceivable. Countries should commit to the organization of a comprehensive conference to discuss the conduct of state actors in cyberspace and to commit to conventions on cyber operations. Despite recent attempts to cooperate on the issues of cybersecurity and Internet governance, this will prove difficult, as states such as China and Russia on one hand and the U.S. and NATO allies on the other have radically different views on cybersecurity and the future of Internet governance.