« Back to article | Print this article |
Part of Secretary of Defence Robert Gates's proposed Strategic Security Dialogue, it reflects the growing prominence of cybersecurity in Sino-American strategic relations.
The concerns include computer network exploitation and computer network attacks, but also tampering with the physical infrastructure of communications and computer networks.
Vulnerabilities could be introduced in the course of manufacturing equipment or created through purchase of malignant or counterfeit goods.
Recent experience highlights these problems.
Click NEXT to read more...
The trade proposals tend to be vague because the cyber threat itself, while real, is vaguely presented.
While an ill-defined threat certainly bears watching, it does not justify protectionism.
Cybersecurity is largely classified, but trade is not, and trade policy cannot be held hostage to cybersecurity unless specific dangers are put forward.
Click NEXT to read more...
A longstanding fear has been that cyber attacks against the US might result in disruptions to power, banking, and communications systems at a critical moment.
The cyber attacks on Estonia and Georgia, which disrupted commerce and communications, raise the specter that the US might undergo the equivalent of a cyber Pearl Harbour.
Efforts by the Defence Advanced Research Projects Agency to improve verification capabilities highlight the limitations of current computer engineering skills in, for example, diagnosing cyber intrusions.
Initial studies on the Trusted Integrated Circuit programme, seeking to create a secure supply chain, were requested in 2007.
Click NEXT to read more...
A more recent worry is vulnerabilities 'hardwired' into the physical infrastructure of the Internet. In the last several years, the Federal Bureau of Investigation has warned that counterfeit computer parts and systems may be widespread.
This can manifest itself in two ways: fake parts and systems, which may fail at dangerously higher rates, or contaminated systems that might incorporate hardwired backdoors and other security problems, allowing a foreign power to subvert a system.
Click NEXT to read more...
Much cyber-related attention has been focused on the PRC. China is reportedly the source of many of the hacking efforts directed at US military and security computer networks.
Chinese computer infiltration has reputedly obtained access to such sensitive programmes as F-35 design information.
Such efforts as Titan Rain, Ghostnet, and others have reportedly attacked US and other nations' information systems systematically and have infiltrated email servers and networks around the world.
Click NEXT to read more...
Many have been traced back to the PRC - but attribution to any specific Chinese entity is extremely difficult.
A growing concern is that China can exploit its position as one of the world's largest producers of computer chips, motherboards, and other physical parts of the Internet to affect American and allied infrastructure.
China has apparently already demonstrated an ability to tamper with Domain Name System servers based in China, 'effectively poisoning all DNS servers on the route'.
Click NEXT to read more...
The arcane nature of the threat enhances uncertainty. Understanding the workings of computer viruses, patches, and the vulnerabilities of routers or microchips is difficult.
Comprehending the intricacies of global supply chains and tracing the ultimate source of sub-systems and components can be equally difficult.
Click NEXT to read more...
Several studies highlight some of the myriad vulnerabilities.
i) The 2005 Defence Science Board Task Force on High Performance Microchip Supply identified the growing security problem of microchips being manufactured (and more and more often designed) outside the United States.
ii) The 2007 Defence Science Board Task Force on Mission Impact of Foreign Influence on DOD Software noted that software frequently incorporates pieces of code from a variety of sources, any of which might be a point of vulnerability.
Click NEXT to read more...
iv) Over-classification is also a problem. General Hayden notes that much of the information on cyber threats is 'overprotected'.
Greg Garcia, head of the Bush Administration's efforts on cybersecurity, has similarly noted that 'there was too much classified Too much was kept secret'.
The ambiguity on the security side actually clarifies the trade side.
Click NEXT to read more...
With ineffective testing, banning some importers would not be worthwhile. In a global economy, equipment will simply be re-routed.
The US does not have the resources necessary to track the true source of goods when dangerous items cannot be easily discovered - and discovery may even be impossible.
If the threat was well understood but national security argued against the disclosure of vital information, this at least suggests that the danger from trade is secondary to other dangers.
Click NEXT to read more...
This would be unwise.
One drawback of restricting trade would be the costs incurred by the US in terms of spending on import inspections and the loss of availability of certain goods.
The defence community is often not well-positioned to anticipate the extent of these economic costs.
People will not relinquish scarce resources voluntarily when the gains from doing so are not spelled out.
Click NEXT to read more...
Were the US to introduce a new set of potentially sweeping restrictions based on hidden national security requirements, the global trade environment would immediately and sharply deteriorate.
Costs would be far higher than indicated by looking at American actions alone.
Balancing Economic and Security Responsibilities
i) Security. For policymakers and the public to properly comprehend the magnitude of the problem, the Department of Defence must be as transparent as possible. Some material will be classified.
Click NEXT to read more...
ii) Trade. The Department of Commerce and United States Trade Representative should restrict trade only in accordance with what can be defended publicly and systematically.
Introduction of ad hoc trade restrictions that claim a classified basis will harm the American economy.
For now, it is unreasonable to impose considerable economic costs for the sake of a serious but vaguely presented threat.
Dean Cheng is Research Fellow in Chinese Political and Security Affairs, and Derek Scissors, Ph.D., is Research Fellow in Asia Economic Policy in the Asian Studies Center at The Heritage Foundation.