The U.S. Must No Longer Accept China's Denial of Government-Sponsored Hack Attacks

01/11/2016 05:41 pm ET | Updated Jan 11, 2016
STR via Getty Images

China's bitter battle to rewrite the rules of the Internet persisted in December in the historic town of Wuzhen. There, China held its second World Internet Conference. The theme was identical to last year's -- "an interconnected world shared and governed by all" -- but the context surrounding this WIC was quite different.

This year's World Internet Conference fell against the backdrop of many notable developments in U.S.-China cyber relations over the past year, including continued government and non-government reporting on China's persistent malicious cyber espionage; the Obama administration's threats to impose sanctions against China for cyber-enabled economic espionage; an agreement between the United States and China that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors"; and the first China-U.S. ministerial dialogue to discuss cybercrime cooperation.

These incidents are all indicative of a fragile foundation for U.S.-China cyber relations, one built on competing interpretations of what is and what is not acceptable in cyberspace. While I welcome the consistent, high-level interaction between our two countries, we are neither closer to converging on agreed norms of behavior or the level of state involvement in cybersecurity, nor are we closer to doing anything about it.

China's state-sponsored cyberattacks seriously damage U.S. economic and national security.

The United States has repeatedly condemned Beijing's proven malicious cyber activity, only to be met by Beijing's resolute denials that any such activity occurred, let alone with the state's backing. Unsurprisingly, agreements such as the September 2015 bilateral agreement on cyber-enabled theft of economic information were crafted in a way to allow Beijing to use creative interpretation to weasel out of further reprimand from the United States. China's extensively layered cyber administration and military and operational cyber infrastructure grants Beijing an easy way out of being held accountable for its actions. It places a greater onus on the United States to prove direct government culpability, though we should not let that deter us from continuing to report China's cyberattacks against U.S. assets and organizations.

The bilateral ministerial dialogue that occurred after President Xi Jinping's state visit to the United States focused less on controversial topics such as cybercrime, perhaps choosing the path of least resistance. The dialogue set up some important areas of engagement for follow-up, including establishing a guideline for requesting assistance on cybercrime.

But I am concerned that the United States allowed China to attest in state media that the hack on the Office of Personnel Management "turned out to be a criminal case rather than a state-sponsored cyberattack as the U.S. side has previously suspected." Our administration should remain aware of Beijing's intentions to reinterpret reality, and continue to call out China's malicious cyber actions as more than mere criminal activity -- state-sponsored cyberattacks such as this seriously damage our economic and national security.

It is under this context that China convened the World Internet Conference from Dec. 16-18. President Xi Jinping provided opening remarks that echoed last year's conference. Xi's appearance was a clear attempt to seal the WIC's place as a reputable international conference, and to elevate China as an equal stakeholder in Internet governance and cybersecurity. His speech outlined Beijing's vision of how to "build a community of shared destiny in cyberspace," though this too often came at the expense of U.S. and broader international interests.

China is unhappy with the status quo of the Internet, where "the existing rules governing the cyberspace hardly reflect the desires and interests of the majority of countries." China instead wants to govern the Internet according to its own rules -- promoting cyber sovereignty, excising Western values from public discourse and education -- that support and secure continued political Communist Party rule of China.

cyber attack testify

Leaders of U.S. security and intelligence organizations testify before a House hearing on cybersecurity and the threat of cyberattacks. (Corum/Anadolu Agency/Getty Images)

President Xi endorsed China's long-touted concept of cyber sovereignty, a unique take on Internet governance that diverges from how the United States and Western nations view it. Internet sovereignty refers to the idea that a country has the right to control Internet activity within its own borders. China, Xi said, has pursued a multi-year, multi-pronged push for the international community to "respect the right of individual countries to independently choose their own path of cyber development, model of cyber regulation and Internet public policies, and participate in international cyberspace governance on an equal footing."

Such strategy recommendations on Internet governance have rightfully fallen on deaf ears. Legitimizing the forms of Internet governance described in Xi's speech would allow China to pursue relentless censorship and surveillance of domestic Internet users. It would expand the authorities of the state to control access to the Internet under the guise of "cybersecurity."

Xi's speech chastised Western nations for double standards concerning cybersecurity and governance, pursuing national security interests at the expense of other countries' interests. No country could be as familiar with "double standards" as China.

China's leadership has openly embraced technology and technological development to improve conditions for economic growth, for adherence to human rights and international norms and for fostering civic vibrancy.

And yet, China under Xi Jinping has experienced more restrictive Internet censorship, arrests and detainments of human rights activists and lawyers for exercising rights to free speech, and the creation of legislation that would intentionally disadvantage foreign firms and threaten U.S. national security interests. President Xi even defended China's Great Firewall, arguing that it was a means to protect order. According to China, once you have order, you can guarantee freedoms.

It is a sad truth that China will continue to pursue these strategies as long as it fulfills the domestic priorities to maintain Communist Party control.

China's former leading propaganda official Lu Wei, now leader of the Cyberspace Administration of China, the country's censorship and oversight agency, has also been refuting criticisms of China's well-oiled censorship machine. Mostly, he has steered conversation away from the topic, instead arguing, "If we really censor the Internet, how come our Internet user population and their reliance on the Internet keep growing?"

It is a sad truth that China will continue to pursue these strategies as long as it fulfills the domestic priorities to maintain Communist Party control. These strategies also hamper global efforts to combat true cyber threats to national security in a cooperative manner.

I encourage the Chinese leadership to consider whether the imbalance between maintaining domestic stability and stifling free speech and limiting free access to information will eventually impair Chinese citizens, as well as China's true national potential.

Also on WorldPost:

China Pollution

CONVERSATIONS