(c) Project Syndicate, 2010
The world now accepts that protecting our atmosphere, hydrosphere, lithosphere, and biosphere – the “global commons” – is the responsibility of all countries. The same norm must apply to cyberspace, which is critical to our everyday life, economic well-being, and security.
At a time when cyber attacks are increasing worldwide, US Secretary of State Hillary Clinton was right to declare that an attack on one nation’s computer networks “can be an attack on all.” Indeed, the attacks are a reminder that, as a new part of the global commons, cyberspace already has come under threat.
Cyberspace must be treated, along with outer space, international waters, and international airspace, as property held in common for the good of all. And, like ocean piracy and airplane hijacking, cyber-crime cannot be allowed to go unpunished if we are to safeguard our common assets and collective interests.
Naming China among a handful of countries that have stepped up Internet censorship, Clinton warned that “a new information curtain is descending across much of the world.” Her statement, with its allusion to the Cold War-era Iron Curtain, amounted to an implicit admission that the central assumption guiding US policy on China since the 1990’s – that assisting China’s economic rise would usher in greater political openness there – has gone awry.
The strategy of using market forces and the Internet to open up a closed political system simply is not working. Indeed, the more economic power China has accumulated, the more adept it has become in extending censorship to cyberspace.
If anything, China has proven that a country can blend control, coercion, and patronage to stymie the Internet’s politically liberalizing elements. Through discreet but tough controls, Beijing pursues a policy of wai song, nei jin – relaxed on the outside, vigilant internally.
Google is now crying foul over “ a highly sophisticated and targeted attack on our corporate infrastructure originating from China.” But, despite itscorporate motto – “Don’t be evil” – Google itself was instrumental in aiding online censorship in China, having custom-built a search engine that purges all references and Web sites that the Chinese government considers inappropriate. Now Google itself has become a victim of China’s growing cyber prowess, in the same way that appeasement of Hitler boomeranged onto France and Britain.
China deploys tens of thousands of “ cyber police” to block Web sites, patrol cyber-cafes, monitor the use of cellular telephones, and track down Internet activists. But the threat to the new global commons comes not from what China does domestically. Rather, it comes from the way in which the know-how that China has gained in fashioning domestic cyber oversight is proving invaluable to it in its efforts to engage in cyber intrusion across its frontiers.
Canadian researchers have discovered a vast Chinese surveillance system called “GhostNet,” which can compromise computers in organizations abroad through booby-trapped e-mail messages that automatically scan and transfer documents to a digital storage facility in China. This is what happened when computers of the Tibetan government-in-exile in Dharamsala, India, were attacked last year.
India’s national security adviser recently complained that his office was targeted yet again by hackers. “People seem to be fairly sure it was the Chinese,” he said. Officials in Germany, Britain, and the US have acknowledged that hackers believed to be from China also have broken into their government and military networks.
The state-sponsored transnational cyber threat is at two levels. The first is national, with the hackers largely interested in two objectives. One is to steal secrets and gain an asymmetrical advantage over another country. Cyber intrusion in peacetime allows the prowler to read the content and understand the relative importance of different computer networks so that it knows what to disable in a conflict situation. The other objective is commercial: to pilfer intellectual property.
The second level of cyber threat is against chosen individuals. The most common type of intrusion is an attempt to hack into e-mail accounts. The targets also can face Trojan-horse attacks by e-mail intended to breach their computers and allow the infiltrators to corrupt or transfer files remotely.
To be sure, if a cyber attack is camouflaged, it is not easy to identify the country from which it originated. Through the use of so-called “false-flag espionage” and other methods, attacks can be routed through the computers of a third country. Just as some Chinese pharmaceutical firms exported to Africa spurious medicines with “Made in India” labels – a fact admitted by the Chinese government – some Chinese hackers are known to have routed their cyber intrusion through computers in Russia, Iran, Cuba, and other countries.
But, like their comrades in the pharmaceutical industry, such hackers tend to leave telltale signs. Then there are many cases in which the attacks have originated directly from China.
It seems unlikely that these hackers, especially those engaged in cyber espionage, pilferage, and intimidation, are private individuals with no links to the Chinese government. It is more likely that they are tied to the People’s Liberation Army. In war, this irregular contingent of hackers would become the vanguard behind which the PLA takes on the enemy. Systematic cyber attacks constitute a new frontier of asymmetrical warfare at a time when the world already confronts other unconventional threats, including transnational terrorism.
With national security and prosperity now dependent on the safekeeping of cyberspace, cybercrime must be effectively countered as an international priority. If not, cyberspace will become the new global-commons battlefield.
Copyright: Project Syndicate, 2010.
For a podcast of this commentary in English, please use this link:http://media.blubrry.com/ps/media.libsyn.com/media/ps/chellaney6.mp3