WASHINGTON—China and North Korea pose the greatest cyber threats to the United States, said panelists during a Brookings Institution conference June 14. The conference was part of the institution’s Asia Transnational Threats forum.
William Carter, deputy director of the Technology Policy Program at the Center for Strategic and International Studies, said China’s goal is to “define the agenda for global cyberspace dominance” by taking the United States’ position in cyberspace and by being “seen as the good guy” in global cybersecurity.
One of China’s plans is to adopt universal visibility in order to track networks that contain information of U.S. financial data, health information, banking information, behaviors and preferences, “biometrics and identity documents, family and friends,” and even communication content.
“I don’t necessarily expect them to use traditional Russian techniques like massive doxing and social media manipulation campaigns that are relatively overt,” Carter said. “But I do think that they want to be able to track us all; they want to see what we’re doing, where we’re going.”
In addition, Carter said China does indeed want to track the global population, while doing it below the threshold of provocation, conflict, and war.
“China is redefining how you can exercise power and use cyber to protect power without approaching that threshold,” Carter said.
Additionally, he said China has its vulnerabilities due to its dependence on international partners. Their cybersecurity laws explicitly help them project their power, legal norms, and requirements on international companies that could be threats to domestic companies.
His takeaway was that China wants to be the country to set cyber norms and models, and define how foreign countries do cybersecurity in the way the United States has done for years, which is by maximizing intelligence capability, maximizing visibility, and getting into the supply chain.
“Make sure that you have a presence everywhere, an understanding of what’s happening everywhere,” Carter said. “That’s the model that they want to replicate. It’s ours. So we should look to lessons from our own history to think about how we deal with that.”
Furthermore, the panelists agreed that one major obstacle for the U.S. government to take action against these cyberthreats is the issue of attribution, or attributing an attack to a certain country.
Chris Painter, former coordinator for Cyber Issues at the U.S. Department of State, made it clear that attribution, although hard, is not impossible with cyberspace.
“There is this thought that you have a free shot because of attribution challenges; that’s just not true,” Painter said. “Especially with nation states, because you look at all of the different tools … not just following the cyber footprints to figure out who’s responsible.”
According to Painter, one of the first notable times the United States attributed a cyberattack to another country was in 2014, when the Obama administration attributed the Sony hack to North Korea. But one reason this attribution was successful was due to the shared condemnation of North Korea the United States was able to garner from other countries.
Painter also noted that while the public attribution was a good thing, it doesn’t—and didn’t—actually discourage North Korea’s conduct. Since the Sony attack, North Korea has made hundreds of attacks on countries globally.
“[North Korea is] willing to sacrifice anything in order to achieve what they’re aiming at,” said Jong-in Lim, a professor at the Graduate School of Information Security at Korea University.
Additionally, Katherine Charlet, Director of the Technology and International Affairs program at the Carnegie Endowment for International Peace, said the reason cybersecurity threats are so bad is because of the sheer complexity and massive use of cyberspace.
“In cybersecurity, everybody cares,” Charlet said. The Department of Energy, the Department of Treasury, Trade, NIST, and this is just within the U.S. government—and then of course, the deep linkages with the private sector … for whom cyberspace is a place of commerce and social engagements, it’s not just a space for the military; it’s a space for everyone.”
Watch the forum here.
Tahreem Alam is a staff writer for Homeland411.
© 2018 Homeland411