China and U.S. discuss cybersecurity via think tanks
Two establishment national security think tanks--one Chinese, the other American--have been holding what a former Homeland Security Department official says could be described as proxy negotiations on cyber war and cyber espionage.
Stewart Baker, a former DHS assistant secretary for policy from 2005 through early 2009, notes in a Volokh Conspiracy blog post that Washington, D.C.-based Center for Strategic and International Studies and Beijing-based China Institute of Contemporary International Relations also published earlier this summer a description of issues raised in discussions the two think tanks have undertaken for the past 3 years.
Both institutions have "just enough independence from their governments to make the talks deniable," Baker says, but notes that both governments "have been sending 'observers,' so the interest on both sides is obvious."
The document itself promotes confidence-building measures as an antidote to what it says was a high initial level of misperception, and says both Chinese and U.S. participants agree that a formal process for communicating during a crisis would be better than an ad hoc one.
It also says that both sides have similar concerns over the security of its supply chain. "Both believe that the other will seek to exploit the supply chain to introduce vulnerabilities in to networks and infrastructures," it says.
Chinese participants in the talks proposed a code of conduct that would include a pledge not to use cyber warfare and creation of an international body "to ensure equitable distribution of Internet resources."
The summary says the U.S. participants would require some agreement to constrain proxies acting in cyberspace as part of any larger agreement.
"You get a sense that there may be some movement toward confidence-building measures to head off full-fledged cyber war, reflecting what a nightmare that could be for both countries. Cyber espionage? Not so much," Baker says in his blog post.
Gauss cyber espionage virus targets Lebanese banks
It came from China! Maybe. Or not, says DoD
No accord on what 'cybersecurity' means in international affairs
Counterfeit milspec electronics easily bought online