Trans-Pacific View author Mercy Kuo regularly engages subject-matter experts, policy practitioners, and strategic thinkers across the globe for their diverse insights into U.S. Asia policy. This conversation with Dr. Samantha Ravich – Principal Investigator on two projects at the Foundation for Defense of Democracies, the Cyber-Enabled Economic Warfare Project and the Transformative Cyber Innovation Lab, and author of Marketization and Democracy: East Asian Experiences – is the 132nd in “The Trans-Pacific View Insight Series.”
What are the core objectives and tools of cyber-enabled economic warfare?
Cyber-enabled economic warfare is a hostile strategy involving attacks against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power. While economic warfare dates back millennia, adversaries now have powerful asymmetric cyber tools with which to strike at our economic base, the foundation that makes the U.S. the strongest military in the world.Enjoying this article? Click here to subscribe for full access. Just $5 a month.
Compare and contrast the cyber-enabled economic warfare methods of China and North Korea. How are they similar/different?
Two of the most active players in the field of cyber-enabled economic warfare are the Chinese and North Koreans. Often the discussion focuses on how China steals trade secrets to advantage its own industries, and Pyongyang steals money because it has no real economy. While these motivations may explain part of what is occurring, these actors have a much broader strategy that we are only beginning to understand.
For decades, China has been engaged in a massive, prolonged campaign of intellectual property theft. Increasingly, Beijing is conducting this campaign via cyber-enabled technologies, targeting nearly every sector of the U.S. economy. Unfortunately, Washington and its allies have been slow to comprehend the threat, primarily because they view each attack individually instead of collectively as elements in a coordinated campaign.
Meanwhile, North Korea has engaged in waves of destructive cyber attacks against South Korea not because Pyongyang is interested in taking out its business competitors but rather to disrupt elements of Seoul’s economy in order to sap the strength of the ROK – financially and militarily. With a GDP per capita of barely $1,300, North Korea has an obvious need for cash, which may, in part, explain the WannaCry ransomware attack and the Bangladesh bank heist. But Kim Jong-un is not simply a Korean Willie Sutton. In a military confrontation, Pyongyang would leverage any capability that could degrade the overwhelming military advantage of Washington and Seoul. Attacking our economies may be the quickest way to gain battlefield advantage since it could potentially cause panic in our markets and on our streets.
China’s actions are often mistaken for corporate espionage while North Korea’s can look like the activities of criminal enterprises. But in neither case should the United States be lulled into thinking that these attacks are not a threat to our national security or part of a larger adversarial campaign plan.
With cyberspace as an expanding theater of conflict, identify vulnerabilities in U.S. cybersecurity strategy.
Currently, the U.S. government is inadequately structured to properly and comprehensively detect, evaluate, and address cyber-enabled economic threats. Even as Washington has made great strides in organizing itself to defend military and civilian government networks, our nation’s greatest vulnerability is adversarial attacks on the private sector.
It is true that the business of America is business. And the business of America is at risk from cyber-enabled economic warfare. It is the small- and medium-sized enterprises – the very companies where the most innovative work is being done that eventually finds its way into our military – that are often hit hardest by and least able to defend themselves from hostile state adversaries.
Israel is a global leader in producing advanced, innovative cyber-technologies. Explain the U.S.-China-Israel dynamic in cyberwarfare.
The United States and Israel share a strong relationship that also translates into extensive cooperation in cyber. Cooperation in the cyber domain was codified through the United States-Israel Advanced Research Partnership Act, which permanently authorized an already-existing three-year joint program between the U.S. and Israel, and expanded it to include cybersecurity cooperation. Both the U.S. and Israel can gain real advantages by working more closely together on cyber threat sharing and, perhaps most importantly, technology development to safeguard the systems upon which our governments, militaries, and economies ride.
However, the closeness of the Israel-China relationship causes concerns in some portions of the U.S. government, given Chinese cyber-enabled economic warfare activities and doubt over whether Israel views and prioritizes the threat in the same way.
How are the U.S. policymaking and intelligence community preparing for the rapidly-evolving nature of cyberwarfare?
Without a concerted effort, the United States economy will become increasingly vulnerable to hostile adversaries seeking to undermine our military and political strength. While analogies to the dawn of the nuclear age can be overdrawn, we can learn a lot from the rigorous thought that went into assessing the types of intelligence collection platforms, targeting processes, and analytic methods created to deal with that challenge. In this new threat environment, we have much work to do. We must have sustained attention within the U.S. intelligence community to understand the capabilities and intentions of our adversaries. We need greater government investment in the types of R&D that the private sector is not likely to advance. We need a whole of government “observe, orient, decide, and act” loop so that we can properly assess the enemy’s escalatory ladder. And we must work closely with our allies to safeguard the networks and systems upon which our economy depends. Researchers like me await the release of the U.S. administration’s cyber strategy to help set the country on the path through this dangerous future.