July 9, 2013
Talking Cyberthreat With China
By JOSHUA COOPER RAMO
BEIJING — We confront the problem of I.T. weaponry and national security today with the same uncertainty that we brought to nuclear weapons during the early years of the Cold War.
We’re aware something dangerous is in our hands; we are less certain what to do about it. And while the very newness of the field means discussion now is necessarily tentative, one of the lessons of today’s technology is that newness creates the possibility for fast progress.
Such a possibility exists in discussions this week between U.S. and Chinese representatives in Washington, the first ever working-level cybersecurity engagement between the two nations.
The debate about U.S.-China cyberissues reflects all the symptoms of a larger unease about the information age. Machines and networks have insinuated themselves into every corner of our lives, and we get the sense that they are slipping out of our understanding, if not out of our control.
Just pressing an on-off switch implies consenting to deeper, not fully clear rules and risks. This is hard enough to make sense of in the debate about domestic liberty. Cast in the context of two great and uneasy powers, the problem touches hot buttons that have fired some of the worst conflicts in history: territoriality, trust and arms race.
One of the first things American and Chinese officials will acknowledge when they sit down this week is how little we know about I.T. systems and national security. But it’s important they look beyond immediate issues of hacking and to the deeper problems of power in this new age. Network technology challenges many traditional international rules. The treaties of Westphalia in the mid-17th century, for instance, assumed a state monopoly on violence. But with virtual world weapons, control is harder to define.
One can easily imagine a moment in which U.S. and Chinese leaders agree to dial back tensions on some issue only to see privateering nationalist hackers on both sides take up cudgels anyway. Or consider the fact that cyberattacks usually exploit unseen vulnerabilities. So nearly every strike is a “surprise attack” — an anxiety-inducing quirk that argues against the “trust first, adjust later” approach essential for dampening the shock of the inevitable crises.
Even the most basic question of any new weapons technology — does it mostly benefit offensive or defensive military action? — is unclear in this new world. This matters, because misjudgments on this score can lead to deadly miscalculations. A hundred years ago European leaders thought the machine gun was a devastating offensive weapon. They had it wrong and World War I proved to be a five-year defensive bloodbath.
Moreover, one of the charms of new technology — the speed of innovation — means strategic arrangements made today may be obsolete tomorrow. Consider artificial intelligence: Every day, thinking machines are becoming more important for analyzing data. But as these machines develop, they become ever harder to regulate. If traditional hacking is stoppable because you can always find the hackers, machine-intelligence systems that probe and poke each other may be far harder to understand or regulate with treaties.
Given this complexity, what might be accomplished between the United States and China? Here are three possibilities:
•The two sides could agree to set up a joint, open-network monitoring center staffed by civilian engineers. It should be passive at first — a group that simply monitors and discusses things like hourly trends in data traffic or stresses on the core I.P. backbone. It should also include attempts to develop notification and management protocols for various emergencies. The effort could also lead to the creation of a “bit line” for cyberemergencies that can serve the purpose a “hot line” does for traditional security. It would allow the sides to be in immediate, technical contact, and it would foster habits of cooperation and trust.
Practically, it may be desirable to set this center up as a “learning experiment” designed to be closed after a fixed time, say three years, and “rebooted” in some new form. This time-limited approach suits a world where upgrades are essential. It would also give both sides flexibility on initial terms. Similarly, the center could be a bilateral arrangement in year one and then open to other nations as observers in subsequent years.
•On artificial intelligence, both sides should set up programs to bring engineers together to discuss emerging norms. Informal collaborative work is already under way in this area — if you came to next week’s Association for the Advancement of Artificial Intelligence conference in Washington State, you’d see how many teams contain both American and Chinese researchers.
•Finally, the two sides could examine what concepts such as “no first use” could mean in a cyberenvironment. In particular, the United States should lead an effort to create a framework that, like the Nuclear Nonproliferation Treaty, would offer benefits to countries that sign up. In any event, this should be a part of America’s new strategy for a network age. China is a good place to start.
The best hope for avoiding a confrontation between rising and established powers is to be creative in developing fresh institutions. We live, after all, in a revolutionary age. The challenge the United States and China face together is not only the interoperability of two great nations. It is the future interoperability of man and machine.
Joshua Cooper Ramo is vice chairman of an international consulting firm in New York and the author of “The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us and What We Can Do About It.”