Don’t Get Too Excited About A US-China Arms Control Agreement for Cyber

David Sanger reported over the weekend that “the United States and China are negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other’s critical infrastructure during peacetime. He added that the negotiations are being “conducted with urgency,” with the aim of announcing an agreement when President Xi Jinping of China arrives in Washington on Thursday.

That sounds significant—but it really isn’t.

As Sanger notes, the parties aren’t close to an agreement on anything of substance, and are likely to announce no more than a “generic embrace” of a code of conduct agreed to by a group of government experts working at the United Nations. That code of conduct is more an expression of hope than of limitation.

As Sanger also notes, the ostensible “agreement” won’t have anything to do with the most pressing problem the United States sees in its cyber relations with China – the widespread espionage and theft by China in U.S. public and private digital networks. The negotiation is mainly about cyberattacks (cyber operations that disrupt, destroy, degrade, or manipulate information on adversary networks) and not about cyberexpoitation (cyber operations involving theft, intelligence-gathering, and the like on digital networks).

But even if cyber arms negotiations are in early stages, and even if the negotiated agreement leaves the most pressing issues off the table, is a narrow agreement that would simply prohibit first-use strikes on critical infrastructure even feasible?

I seriously doubt it, for many reasons. Here are two general ones, but there are many more.

First are the definitional problems. While it might seem obvious that China and the United States would both have interests in preventing first-strikes on critical infrastructure in peacetime, the definitional challenges even in this narrow category are massive. What counts as “critical infrastructure” in nations that have entirely different forms of organization of public and private networks (and especially when so much U.S. military and intelligence communications travel along private networks)? What counts as an attack? Sanger alludes to the notion that many sophisticated cyberattacks are preceded by cyberexploitations that implant code in foreign computer networks as a basis for intelligence-gathering and later attack. Any serious limitation on cyberattacks would have to limit such implants. But the implants for attack and implants for mere exploitation are often impossible to distinguish ex ante—that is, until the attack is triggered. So real progress on cyberattack limitations requires progress on limiting cyberexploitation, and distinctions among types of exploitations, that we have not begun to conceptualize. These are just the beginning of the definitional difficulties. As a general matter, describing the (ever-changing) weapons, (hard-to-control) effects, and (fuzzy-boundary) targets to be limited in cyberspace is enormously challenging. And yet with such precise definitions, we cannot expect any agreement to have even a chance of being credible enough to induce real constraint.

Second is the problem of verification. Sanger quotes my Kennedy School colleague Joe Nye, who says that the agreement in question “could create some self-restraint,” but then asked: “how do you verify it, and what is its value if it can’t be verified?” Answers: You can’t, and not much. We have basically two means of verifying an agreement: (1) verification procedures established by the agreement; (2) unilateral intelligence-gathering techniques. As for the former, don’t expect China or the United States to open up their cyber-operations facilities for inspection any time soon. As for the latter, verifying cyber-operations is enormously more complex than verifying weapons and related military limitations for kinetic activities. Cyber-operations have decentralized launch-points, are embedded in trillions of communications, and often defy attribution. The United States has in the last few years bragged about its enhanced attribution capabilities, but DNI Clapper recently spoke in more modest terms about USG attribution capabilities (for example, about the OPM hack) on account of “unauthorized disclosures and foreign defensive improvements [that] have cost us some technical accesses.” The United States would have to have a very high degree of confidence in its unilateral intelligence-gathering and attribution capabilities before entering into any limitation on its offensive weapons. (The problem is especially tricky because the agreement, to the extent that it aims to limit exploits that might be precursors to attacks, might limit the means of verifying the introduction of exploits that are precursors to attacks; or at the very least it will be hard to distinguish the two types of exploit in an agreement.)

If you want to understand the hurdles against a real cyber-arms control agreement, compare any such agreement to the Iran Deal. Marvel at the extraordinary technical detail of the Iran Deal, note that a real cyber arms agreement would likely be much more technical (and indeed that for many of the most obvious terms we cannot imagine what a concrete agreement looks like right now), realize that verification and attribution are generally easier in nuclear than cyber, contemplate how Cybercommand would warm to the types of inspection and verification regimes that would be needed for China to monitor U.S. compliance with any cyber deal, and then imagine gathering 67 votes in the Senate for the deal without airtight verification and attribution regimes (and yes, a cyber deal, unlike the unusual Iran Deal, would need to go to the Senate).

Not going to happen any time soon.

Some will argue that even if we cannot generate real cyber arms control agreements, consensus on softer norms is still useful. James Lewis captured this view well when he once wrote: “agreements could increase stability and reduce the risks of miscalculation or escalation by focusing on several specific areas: confidence-building and transparency measures, such as increased transparency in doctrine; creation of norms for responsible state behavior in cyberspace; and expansion of common understandings on the application of international law to cyber conflicts, or development of assurances on the use of cyberattacks.” Maybe. But I still adhere what I once wrote in response to this: “in the absence of decent verification, we cannot be confident that transparency measures are in fact transparent, or that revealed doctrine is actual doctrine. Nor can norms get much purchase in a world without serious attribution and verification; anonymity is a norm destroyer.”