Recently, the United States joined with the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan and NATO to issue a joint statement accusing China of malicious cyber behavior. The statement addressed a cyberattack on Microsoft servers, claiming that Chinese hackers exploited Microsoft’s vulnerabilities to carry out the attack. It is worth noting that mobilizing allies to exert collective pressure is not uncommon in today’s U.S.-China relations. When the U.S. asked these countries to act together in sanctioning China, however, only a few responded. Anne Neuberger, the deputy national security advisor for cyber and emerging technology in the Biden administration, publicly stated at a cybersecurity conference in early August that allies have significant policy differences with the United States on the issue and are unwilling to join the United States in sanctioning China.
This shows that the Biden administration’s cybersecurity policy on China is fundamentally unpopular, with obvious implications of political manipulation. The U.S. is hoping to repair the rift with its allies in the field of cybersecurity by discrediting China and shaping the China threat. However, the U.S. itself has a long history of eavesdropping on allies and their dignitaries, especially after the scandal in late May that the U.S. National Security Agency used its partnership with Danish intelligence to eavesdrop on the senior officials of Denmark’s neighbors, leading to another embarrassment for the Biden administration, which is currently trying to repair trans-Atlantic relations. For this reason, the U.S. is eager to create a common enemy in the field of cybersecurity to combat China while easing complaints from allies about its reckless wiretapping activities.
Since Joe Biden’s administration took office, the U.S. is doing worse than Donald Trump’s administration ever did with respect to cybersecurity issues. The U.S. is annoying its allies, cracking down on Russia and smearing China internationally, while at home, it is hyping up cybersecurity issues, instilling fear in society and the public, and using security as a reason to hold businesses hostage in the U.S.-China political conflict.
The main reason why the Biden administration has been so unsure about cybersecurity is that it has made three major misjudgments about cybersecurity. The first misjudgment is overstating the cybersecurity threat to the United States. There is no absolute security in cyberspace, and security incidents happen all the time, so if you overinterpret matters, you will easily fall into this trap of insecurity. Both wiretapping allies and smearing China are outward manifestations of this thinking.
The second misjudgment is that the U.S. is taking a one-sided view of how countries relate to each other in the field of cybersecurity. While cybersecurity has an offensive side, it also has a cooperative side. The anonymity and transnational nature of cybersecurity require countries to strengthen cooperation in order to deal with it together. The U.S. is unwilling to engage in dialogue and seek consensus with China and Russia on cybersecurity issues, and it has been unilaterally prosecuting cybersecurity threats and imposing sanctions to deal with them, fundamentally ignoring the importance of international cooperation in maintaining global cybersecurity.
The third miscalculation is the misperception of China as the biggest challenge in cyberspace. Many Americans use the Thucydides’ Trap mentality to view China’s growing capabilities in cybersecurity, focusing their attention on China and viewing everything China does in the cyber domain through a magnifying glass. However, these people feel that any hint of a clue is enough to substantiate their preconceived judgments. Technically, such clues are valid, but they do not mean that the cyberattacks originated in China, let alone that they were supported by the Chinese government.
I have long followed the public traceability of U.S. cyberattacks against China. In the case of 1,000 alleged cyberattacks, in the end, the United States could come up with evidence supporting no more than five, not to mention whether or not this so-called evidence is reliable. For example, before the election, several U.S. government agencies jumped at accusing China of interfering in the U.S. election through social networks, but no evidence was found, and the U.S. government had to admit the accusations were wrong. If one carefully looks at the history of events in the U.S., there are many similar incidents. Such groundless accusations have done great harm to China’s image in the cyber domain.
The reason the United States is heading further down the wrong path is evident in the Biden administration’s appointments of officials responsible for cybersecurity. For example, Neuberger previously served as director and first chief risk officer of the National Security Agency National Cyber Director Chris Inglis previously served as deputy director of the NSA; and Jen Easterly, second director of the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security, formerly served as deputy director for counterterrorism at the NSA. In addition, NSA Cybersecurity Director Rob Joyce previously served on the National Security Council as cybersecurity coordinator and special assistant to the president from March 2017 to May 2018. The consequence of this full takeover of U.S. cybersecurity policy by this group of officials from the NSA is that U.S. cyber policy has become more offensive, more confrontational, and more about the pursuit of absolute cybersecurity, while the concepts of development, dialogue and cooperation have been tossed aside.
Barack Obama’s administration gave high priority to the coordination of cybersecurity issues with technological developments and international cooperation, requiring intelligence agencies to follow strict norms when taking action. Such an attitude was completely abandoned in the Trump administration. Under the Biden administration, officials from the national security community have taken over, and it is foreseeable that the Biden administration will further increase the difficulty of coordinating complex cyber issues, and will normalize the situation where departmental interests override national interests.
The author is a researcher and secretary-general of the Research Center for Global Cyberspace Governance at the Shanghai Institutes of International Studies.