Why does China appear to be backing down to U.S. pressure on cyber-espionage? National security and cyber-warfare analysts have reacted with skepticism and surprise to China’s apparent receptivity to recent U.S. criticism over its cyber-espionage practices. Why have seemingly tepid U.S. actions had such an impact?
This may be the wrong question. There’s a way of thinking about this question that rests less on the idea that the United States intimidated China (and consequently wonders why China felt intimidated), and more on the possibility that states are still finding their way in the cyber-realm, that the norms of cyber-conflict remain plastic, and that restraint may carry the day.
While many analysts have predicted that the opening of the cyberspace would lead to national conflict, and government conflict against subnational groups, Brandon Valeriano and Ryan Maness argue in Cyber War versus Cyber Realities that the chief characteristic of conflict in the cyber-age has been restraint. While the development of the cyber commons opens up wide avenues in which states can attack one another, most governments thus far have not pressed their advantages. In part because of uncertainty about their own vulnerability, states restrain themselves from escalating.
Some states may also worry about principal-agent problems: the degree to which they can exert full control over the cyber-capabilities that they develop. And while non-state proxies may offer some states certain advantages, these states may also be concerned about the use of such actors because of the long-term threat that enabling the groups could pose.
If the theory of cyber-restraint proves correct, then legal and diplomatic efforts at preventing or constraining cyber-espionage may yet bear fruit. The nature of restraint lies in the development of norms of appropriate behavior. International and domestic law help to inform and produce these norms. Conceivably, careful construction of trade agreements could put bounds on the acceptability of some forms of cyber-espionage. Intellectual property law, for example, could help determine how states think about the appropriateness of certain kinds of cyber-espionage under certain circumstances. If U.S. officials have their way, the bounds would involve respect for the property rights of private firms, and a renunciation of efforts to directly copy and export foreign systems.
If cyber-restraint comes at least in part from queasiness about principal-agent problems, then the structure of cyber weaponization may matter for how states behave. At the same time that China has embarked on an apparent re-evaluation of its cyber-operations, President Xi Jinping has spearheaded a massive reorganization of China’s military establishment. Potentially, this could bring China’s corps of cyber-soldiers (which has apparently developed in an ad hoc fashion) under tighter central government control. However, it could also create a constituency within the military (and consequently within government) for more aggressive use of cyber-espionage.
In any case, Valeriano and Maness (quite reasonably) argue that we should watch how states actually behave in cyberspace, rather than assuming that they’ll act in particular ways. And if states are willing to approach the cyber-commons with caution, then Washington and Beijing will have a large role to play in the development of cyberwarfare norms.