How to Win a Cyberwar with China

It's time for the Obama administration to start playing offense, or it might soon have a real war on its hands.

The Internet is now a battlefield. China is not only militarizing cyberspace -- it is also deploying its cyberwarriors against the United States and other countries to conduct corporate espionage, hack think tanks, and engage in retaliatory harassment of news organizations.

These attacks are another dimension of the ongoing strategic competition between the United States and China -- a competition playing out in the waters of the East and South China seas, in Iran and Syria, across the Taiwan Strait, and in outer space. With a number of recent high-profile attacks in cyberspace traced to the Chinese government, the cybercompetition seems particularly pressing. It is time for Washington to develop a clear, concerted strategy to deter cyberwar, theft of intellectual property, espionage, and digital harassment. Simply put, the United States must make China pay for conducting these activities, in addition to defending cybernetworks and critical infrastructure such as power stations and cell towers. The U.S. government needs to go on the offensive and enact a set of diplomatic, security, and legal measures designed to impose serious costs on China for its flagrant violations of the law and to deter a conflict in the cybersphere.

Fashioning an adequate response to this challenge requires understanding that China places clear value on the cyber military capability. During the wars of the last two decades, China was terrified by the U.S. military's joint, highly networked capabilities. The People's Liberation Army (PLA) began paying attention to the role of command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) assets in the conduct of war. But the PLA also concluded that the seeds of weakness were planted within this new way of war that allowed the United States to find, fix, and kill targets quickly and precisely -- an overdependence on information networks.

Consider what might happen in a broader U.S.-China conflict. The PLA could conduct major efforts to disable critical U.S. military information systems (it already demonstrates these capabilities for purposes of deterrence). Even more ominously, PLA cyberwarriors could turn their attention to strategic attacks on critical infrastructure in America. This may be a highly risky option, but the PLA may view cyber-escalation as justified if, for example, the United States struck military targets on Chinese soil.

China is, of course, using attacks in cyberspace to achieve other strategic goals as well, from stealing trade secrets to advance its wish for a more innovative economy to harassing organizations and individuals who criticize its officials or policies.

Barack Obama's administration has begun to fight back. On Feb. 20, the White House announced enhanced efforts to fight the theft of American trade secrets through several initiatives: building a program of cooperative diplomacy with like-minded nations to press leaders of "countries of concern," enhancing domestic investigation and prosecution of theft, promoting intelligence sharing, and improving current legislation that would enable these initiatives. These largely defensive measures are important but should be paired with more initiatives that start to play offense.

Offensive measures may be gaining some steam. The U.S. Justice Department, in creating the National Security Cyber Specialists' Network (NSCS) last year, recognizes the need for such an approach. The NSCS -- consisting of almost 100 prosecutors from U.S. attorneys' offices working in partnership with cyber-experts from the Justice Department's National Security Division and the Criminal Division's Computer Crime and Intellectual Property Section -- is tasked with "exploring investigations and prosecutions as viable options for deterrence and disruption" of cyberattacks, including indictments of governments or individuals working on the government's behalf. It's a good first step, but Congress could also consider passing laws forbidding individuals and entities from doing business in the United States if there is clear evidence of involvement in cyberattacks.

Congress could also create a cyberattack exception to the Foreign Sovereign Immunities Act, which currently precludes civil suits against a foreign government or entity acting on its behalf in the cyber-realm. There is precedent: In the case of terrorism, Congress enacted an exception to immunity for states and their agents that sponsor terrorism, allowing individuals to sue them.

Enterprising companies and intelligence personnel are already able to trace attacks with an increasing degree of accuracy. For example, the U.S. security company Mandiant traced numerous incidents going back several years to the Shanghai-based Unit 61398 of the PLA, which was first identified publicly by the Project 2049 Institute, a Virginia-based think tank.

Scholars Jeremy and Ariel Rabkin have identified another way to initiate nongovernmental legal action: rekindling the 19th-century legal practice of issuing "letters of marque" -- the act of commissioning privateers to attack enemy ships on behalf of the state -- to selectively and cautiously legitimize retaliation by private U.S. actors against hacking and cyber-espionage. This would allow the U.S. government to effectively employ its own cybermilitia. Creating new laws or using current ones would force the Chinese government and the entities that support its cyberstrategy to consider the reputational and financial costs of their actions. Of course, if the United States retaliates by committing similar acts of harassment and hacking, it risks Chinese legal action. But America has a key advantage in that its legal system is respected and trusted; China's is not.

Diplomatic action should bolster these efforts. The Obama administration's suggestions for pressuring China and other countries are a good start, but U.S. diplomacy must be tougher. In presenting Chinese leaders with overwhelming evidence of cyber-misdeeds (but without giving away too many details), Washington should communicate how it could respond. To control escalation, the administration should explain what it views as proportionate reprisals to different kinds of attacks. (For instance, an attack on critical infrastructure that led to deaths would merit a different response than harassment of the New York Times.)

As the administration's report suggests, the United States is not the only victim and should engage in cooperative diplomacy. The United States should set up a center for cyberdefense that would bring together the best minds from allied countries to develop countermeasures and conduct offensive activities. One such center could be Taiwan, as its understanding of Chinese language, culture, business networks, and political landscape make it invaluable in the fight against cyberattacks. Of course, centers could be placed elsewhere and still utilize Taiwan's knowledge, but even the threat of placing a cyberdefense center just across the strait would be very embarrassing for China's leaders, as Taiwan is viewed as a renegade province. The point is not to be gratuitously provocative, but rather to demonstrate that the United States options that China would not favor.

The U.S. military's cyber-efforts presumably already include it own probes, penetrations, and demonstrations of capability. While the leaks claiming the U.S. government's involvement in the Stuxnet operation -- the computer worm that disabled centrifuges in the Iranian nuclear program -- may have damaged U.S. national security, at least China knows that Washington is quite capable of carrying out strategic cyberattacks. To enhance deterrence, the U.S. government needs to demonstrate these sorts of capabilities more regularly, perhaps through cyber-exercises modeled after military exercises. For example, the U.S. military could set up an allied public training exercise in which it conducted cyberattacks against a "Country X" to disable its military infrastructure such as radars, satellites, and computer-based command-and-control systems.

To use the tools at America's disposal in the fight for cybersecurity will require a high degree of interagency coordination, a much-maligned process. But Washington has made all the levers of power work together previously. The successful use of unified legal, law enforcement, financial, intelligence, and military deterrence against the Kim regime of North Korea during a short period of George W. Bush's administration met the strategic goals of imposing serious costs on a dangerous government. China is not North Korea -- it is far more responsible and less totalitarian. But America must target those acting irresponsibly in cyberspace. By taking the offensive, the United States can start to impose, rather than simply incur, costs in this element of strategic competition with China. Sitting by idly, however, presents a much greater likelihood that China's dangerous cyberstrategy could spark a wider conflict.


It’s Not an Intifada

Palestinians aren't ready to rise up -- yet.

Don't call it an intifada. Not yet, anyway.

Sure, violence has erupted recently throughout the West Bank. The injuries and deaths of Palestinian protestors continue to make headlines. Palestinian and Israeli commentators are warning of a return to chaos. Some are outright cheering for it. But officials from both sides of the Green Line are reluctant to call it an "intifada," for fear of letting the proverbial genie out of the bottle. Instead, they carefully wield such terms as "popular resistance," "rioters," or just "the situation."

What's in a name? The term intifada was popularized when the Palestinians launched their first uprising against Israel from 1987 to 1990. Translated as "shaking off," that Palestinian intifada was replete with rock-throwing, tire-burning, civil disobedience, and low-level violence against Israel in an attempt to gain independence. By contrast, the second intifada, from 2000 to 2005, was an all-out war, with Iranian proxies Hamas and Palestinian Islamic Jihad, Fatah's Tanzim and al-Aqsa Martyrs Brigades, and other groups carrying out terrorist attacks against Israeli civilian and military targets.

These two campaigns to decouple from the Israelis differed greatly in tactics, but both were unquestionably embraced by the Palestinian leadership and the Palestinian people alike. We don't see that kind of cohesion today, and that, essentially, is why we won't yet call it an intifada.

In fact, according to a recent poll, 65 percent of Palestinians oppose a new intifada. And so does Palestinian President Mahmoud Abbas, who has called upon his security services to keep a lid on the violence.

Abbas, however, has not entirely closed the door on a new uprising. The Jerusalem Post reports that he recently reached an agreement with the rival Hamas faction to keep things on a low flame. The two factions, whose leaders are generally prone to disagreement on just about everything, have apparently settled on the term "peaceful intifada."

This strategy apparently includes demonstrations against the West Bank security barrier, Israeli detention policies, and Israeli settlements, as well as more creative Palestinian civil disobedience, including the erection of "outposts" such as Bab Al-Shams in the disputed E1 area and others since.

The Israelis have called upon the Palestinian Authority to unequivocally end the unrest, but that may not happen right away. Abbas knows that, ahead of U.S. President Barack Obama's visit to the region in March, the uncertain security situation (not an intifada, mind you) is his ace in the hole.

Abbas's rationale for keeping the unrest on a low flame is simple. Rather than asking the Palestinian leaer for potentially painful concessions at the negotiating table with Israel, Obama might now come to Ramallah with one respectful request: maintain calm.

To this end, as one Israeli journalist claims, Abbas's government is purposely "staging media spectacles." But this could come at a price. As past uprisings have shown, it's very hard to maintain a low level of unrest without the risk of things getting out of control. Abbas's predecessor, Yasir Arafat, learned this the hard way in 2001, when the intifada he endorsed imploded on the Palestinian Authority, wreaking economic havoc and fomenting deep internal divisions that linger to this day.

Abbas should be concerned for one other reason. Now four years past the end of his presidential term, the Palestinian leader had better hope the unrest doesn't turn against him in Arab Spring fashion -- sparking what we might call an intra-fada.

The key to keeping a lid on the current situation is the Palestinian Authority's security forces. They've been subduing the unrest independently, and together with the Israelis, at times. But do they have staying power? The Bethlehem-based Maan News Agency reported in December that security coordination with Israel was "in a constant state of deterioration."

This is bad news for the Israelis, who locked horns with Abbas over his recent PLO mission upgrade at the U.N. in November. Since Abbas's maneuver, there has been a notable uptick in unrest. This includes stone-throwing, an attack on an Israeli military base, attempted kidnappings, and even an axe attack.

To be sure, the security implications are troubling for Israel. But so is the timing. Israeli Prime Minister Benjamin Netanyahu has long known that President Obama would be coming to him next month with a list of demands to help resuscitate the peace process. And he knew that Obama's ask was likely going to be another settlement freeze. But now, there is likely a list of asks to help quell the protests. Among other things, Obama will probably ask Bibi to release prisoners from administrative detention, allow for greater ease of movement in the West Bank, and make other concessions to the Palestinians. All of this comes at a time when Netanyahu is politically vulnerable, struggling to form a government coalition a month after Israel's election.

To put it mildly, this was not what Netanyahu was hoping for. Bibi has been looking forward to addressing Israel's top strategic concern: Iran. That potentially includes U.S.-Israeli military cooperation on a strike against Iranian nuclear targets, or at the very least, a "shopping list" of ordnances needed to neutralize Iran's illicit nuclear program. The current unrest will now force Netanyahu to address the Palestinian portfolio in greater depth than he likely wishes. And that probably means less time, effort, or focus on Iran.

For Obama, the West Bank disturbances might look like an opportunity to shift back to Middle East diplomacy after a hiatus following the failure of his first attempts. It was, after all, the desire to end the first intifada that opened the door for President George H.W. Bush to prod the Israelis and Palestinians to attend the Madrid Peace Conference, which opened the door to the Oslo peace process of the 1990s.

But Obama lacks now what Bush the Elder had in spades: good, old-fashioned American power. Back then, the United States was basking in its victory of the Cold War and its drubbing of Iraq in 1991. Obama's America hasn't enjoyed any victories of late, and it lacks the ability to project power in the region after limping out of Iraq and Afghanistan. The Israelis and the Palestinians are keenly aware of this, making the prospect of a third intifada (it isn't one yet) a crisis that may be too soon to leverage for the cause of peace.