Axiom and the Deepening Divide in U.S.-China Cyber Relations

Recent revelations by a group of security researchers of another China-based hacking group, reportedly more sophisticated than Unit 61398, is likely to set off the usual recriminations and denials, but have very little impact on the U.S.-China bilateral relationship. The Chinese embassy has already responded that "these kinds of reports or allegations are usually fictitious," a response that Robert Dix, vice president of government affairs for Juniper Networks, colorfully and baldly describes as the Chinese giving "a big middle finger to anybody in the United States that’s tried to out them or point fingers in their direction."

The report on the group, called Axiom, describes a six-year campaign against companies, journalists, civil society group, academics, and governments, and may preclude any real discussion on cyber issues between Chinese President Xi Jinping and U.S. President Barack Obama at the Asia-Pacific Economic Cooperation (APEC) summit next week. There was, however, very little chance that their sidebar discussion was going to lead to major progress. The differences between the two sides are deep.

An article that ran last week in the People’s Liberation Army Daily [Chinese] criticizing the North Atlantic Treaty Organization (NATO) and efforts to develop the laws of armed conflict in cyberspace shows just how deep the differences are. The focus of the piece is the Tallinn Manual on the International Law Applicable to Cyberspace. Written by a group of international experts at the invitation of NATO’s Cooperative Cyber Defence Centre of Excellence, the manual addresses many of the specific applications of law to cyberspace, including the use of force, when and how states can defend themselves, as well as questions of proportionality, distinction, and neutrality. The report was non-binding and is not the official ruling of NATO, the United States, or any other government.

The Chinese have long been skeptical about the applicability of international law to cyberspace. This article goes one step further, casting the manual as an effort to manipulate cyberspace using law. In particular, the author levels four charges:

• Post hoc justification: the manual argues that using the Internet for strategic action is permissible, and that countries can send false information to make the enemy believe that there is an ongoing error, wage psychological warfare, fabricate command issues, and steal enemy codes, signals, and passwords, all things the United States is said to have already done.
• Unilateralism: this is another example of the U.S. military using its strength to define rules that reinforce its dominance.
• Cold War thinking: NATO is an alliance designed for collective defense. Even though it is supposed to be a partnership, the United States will lead the organization into a confrontation over cyberspace.
• Bad faith: NATO says the group that researched and wrote the manual is independent, but the author of the article implies this cannot be true because of the leadership of Michael Schmitt, who teaches at the U.S. Naval War College.

There was some hope that discussions about international law might be a useful area of cooperation for the United States and China. The 2013 Council on Foreign Relations Independent Task Force report suggested that the U.S. State and Defense Departments "should call together a group of legal advisers from Kenya, Brazil, China, India, Tunisia, South Africa, Turkey, and other important developing cyber powers to work on these questions." Perhaps the task force was naive in its hope that these discussions could be the basis for collaboration, but it is surely not a good sign that some in Beijing see the process as a weapon and source of greater mistrust.