By Franz-Stefan Gady
Sino-U.S. relations in cyberspace in 2016 will be defined by three key policies.
Sino-U.S. relations in cyberspace in 2016 will be defined by three key policies: attribution, sanctions, and norms. The first two tacks will be used by the United States to contain malicious Chinese activities in cyberspace (and to assuage the U.S. private sector and U.S. public opinion), whereas the last device will be used for promoting strategic stability between both nations by deepening the understanding of what is acceptable behavior in the cyber realm.
First, while it is true that attribution, i.e. tracing a cyber attack back to its originator, remains difficult, it is not impossible. Both the U.S. government and the private sector have repeatedly called out Chinese hackers in so-called “naming and shaming” campaigns. This tactic consists of either leaking classified intelligence to the press or publishing cyberattack reports by U.S. cyber security firms (which over the years became a clever marketing ploy for those companies). And while “naming and shaming” sustained a severe setback with the Snowden revelations, we will certainly witness a number of such cyberattack disclosures in 2016. However, the shock value—and as a consequence its potential negative impact on the Sino-U.S. bilateral relationship—will be less severe than in 2014 and 2015, given that, after the recent Office of Personal Management data breach and the Snowden disclosures, the threshold for disclosures with the potential to severely undermine the Sino-U.S. bilateral relationship has substantially risen. At the same time “naming and shaming” will at least contain both sides from going overboard when it comes to cyber espionage activities and aggressive network intrusions.
Read the full story at The Diplomat