Cybersecurity & Tech

Persistent Engagement with Chinese Characteristics

Alex Campbell
Wednesday, September 18, 2019, 8:00 AM

In 2018, U.S. cyber strategy shifted from a reactive, deterrence-based approach to the forward-postured, proactive policy of persistent engagement. Persistent engagement broadly entails more active defense against cyberattacks and a more constant pace of operations. The strategy rests on theoretical conceptions of the cyber domain recently advanced by scholars, but also on the argument that America’s competitors have long been practicing the same. For example, U.S.

Marine Corps Gen. Joe Dunford, chairman of the Joint Chiefs of Staff, meets with Chinese President Xi Jinping in the Great Hall of the People in Beijing, Aug. 17, 2017. DoD photo by Navy Petty Officer 1st Class Dominique A. Pineiro

Published by The Lawfare Institute
in Cooperation With
Brookings

In 2018, U.S. cyber strategy shifted from a reactive, deterrence-based approach to the forward-postured, proactive policy of persistent engagement. Persistent engagement broadly entails more active defense against cyberattacks and a more constant pace of operations. The strategy rests on theoretical conceptions of the cyber domain recently advanced by scholars, but also on the argument that America’s competitors have long been practicing the same. For example, U.S. government officials routinely cite Chinese cyber-enabled economic and political espionage as a type of persistent engagement—that is, of constant cyber operations that don’t rise to the level of armed conflict yet yield strategic advantage.

But while Chinese analysts of cyber conflict see the domain in terms similar to persistent engagement, their reaction to the new U.S. strategy seems relatively subdued or confused. Though scholars in both countries recognize the utility and even necessity of persistent engagement-like strategies, those in China seem not to have understood that the United States has now adopted one. This discrepancy reveals potential shortcomings in the ability of persistent engagement to effectively communicate expectations between states, and it merits further attention in order to avoid misperception in a uniquely opaque domain.

Persistent engagement came into force with the release of the 2018 Department of Defense Cyber Strategy and U.S. Cyber Command’s 2018 Command Vision. The strategy derives from a theoretical conception of the cyber domain proposed by scholars like Michael Fischerkeller, Emily Goldman and Richard Harknett. In the view of these scholars, the constant contact and shifting terrain of cyberspace necessitate an approach based on persistently contesting adversary activity and defending against attacks as close as possible to their origin. In other words, no defense is insurmountable and no advantage permanent in cyberspace, and the virtual trenches are mere inches apart. Therefore, Cyber Command needs to be constantly in action, detecting and preempting cyberattacks from within the opponents’ networks, rather than waiting to react until adversaries are in U.S. networks. This replaces a strategy of deterrence, in which the credible threat of U.S. retaliation (via cyberattack or other means, like sanctions or indictments) was judged sufficient to dissuade adversaries in cyberspace.

Proponents have argued that the strategy is as much a response to the particular characteristics of the cyber domain as a necessary reaction in kind to others’ actions—specifically, those of China and Russia. The 2018 Command Vision “makes no apologies for defending US interests … in a domain already militarized by our adversaries.” Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the NSA, states that “our adversaries in cyberspace are acting and taking risks in seeking to gain advantage without escalating to armed conflict.” And Harknett points out that “if one examines the writings of Russian Gen. Valery Gerasimov and the Chinese People’s Liberation Army’s notions of informationized war, it becomes clear that certain actors see cyberspace as a strategically salient vector for achieving their goals below the traditional deterrence/war threshold.” In other words, the U.S. takes the view that China and Russia have already been practicing persistent engagement, and the United States must catch up or be left behind.

Chinese sources express a similar understanding of the cyber domain as one of constant contact, where strategic advantage can be gained through competition short of war. Senior Col. Ye Zheng and Capt. Zhao Baoxian, two theorists of cyber conflict at the Academy of Military Sciences, wrote in a 2011 essay that “just as nuclear war is the industrial age’s strategic war, cyber war is the information age’s strategic war.” Ye and Zhao include in their definition of “cyber war” examples ranging from cyber-enabled espionage like the 2011 Lockheed Martin breach to destructive cyberattacks like Stuxnet, most of which fall at or below the threshold of armed conflict. Maj. Gen. Hao Yeli, former deputy director of the Fourth Department of the People’s Liberation Army’s (PLA’s) General Staff Headquarters, wrote in 2011 that “in the cyber-electromagnetic space, war and peace are no longer distinct, and the front and rear are no longer [divided].” And Senior Col. Xu Weidi, a PLA National Defense University deterrence theorist, argued in a 2015 essay that “cyber politics in international relations do not transcend the scope of power politics …. [T]he relationship between China and the United States in cyberspace is naturally manifested first as a competitive relationship.” Xu bases this argument on a characterization of cyberspace that Nakasone would likely agree with: an “ungoverned” space defined by “low visibility … , global connectivity, and widespread [anonymity].”

To American ears, all this may sound a lot like persistent engagement. These sources and others seem to validate American claims that China realized the unique features and strategic imperatives of the cyber domain before the United States. Chinese sources also note U.S. reticence to engage pre-2018: Zhang Li, a senior researcher at the Ministry of State Security-affiliated think tank China Institutes of Contemporary International Relations and regular participant in Track 1.5 dialogues, characterizes the Obama administration’s policy as deterring only “large-scale, destructive cyberattacks” through promises of retaliation while tolerating lower-level intrusions. Zhang’s tacit recognition that U.S. cyber deterrence did little to discourage actions short of war mirrors Harknett’s admonition that “rather than being concerned about provoking adversaries, we should be more concerned about not encouraging them, which current policy appears to do.”

It stands to reason, therefore, that China would recognize the provenance of persistent engagement. After all, the concept overlaps significantly with Chinese conceptions of the cyber domain and Chinese cyber strategy, and indeed justifies itself in part as a response to Chinese actions. But strangely, Chinese reactions to persistent engagement largely fail to grasp the theory’s basic components.

Most prominent among government-linked Chinese voices on cyber strategy has been a series of analyses by former PLA colonel Lyu Jinghua. Other reactions include a cursory mention from a Ministry of Defense spokesperson and articles in government publications like the People’s Daily and PLA Daily. So the Chinese government is certainly aware of persistent engagement as an idea.

However, the analyses themselves betray little understanding of what persistent engagement means, and they certainly make no comparisons to Chinese strategy or actions. Lyu frames the new U.S. posture as fundamentally reactive, posing questions such as “What kinds of attacks will trigger defending forward?” This seems to conflate the reciprocal, stimulus-response logic of deterrence with the constant, continuous logic of persistent engagement, which would provoke apoplexy in Western scholars who have argued for serious consequences lying in the nuances between these two theoretical umbrellas. Other articles in official Chinese publications characterize persistent engagement as simply a stronger, more offensive version of deterrence, instead of a strategy that involves continual preemptive operations against Chinese cyber capabilities.

This conflation of two very different American strategies cannot be blamed on spotty Chinese analysis of U.S. cyber policy. Other articles in these same publications display a sophisticated understanding of the area, speculating on the institutional effects of the dual-hat relationship between Cyber Command and the NSA and describing in detail Pentagon contracts for cloud computing.

Nor does this misunderstanding come from the strictures of official messaging. The Chinese government maintains that China does not allow cyberattacks and has a “no first use” policy for cyber weapons. It is true that any overt recognition of similarities between Chinese actions and persistent engagement would contravene this boilerplate, but Chinese analysts need not acknowledge the resemblance in order to make sense of American strategy. Instead, that they do not appear to understand it means that either U.S. academics were wrong to draw a resemblance between Chinese cyber strategy and persistent engagement, or that U.S. explanations of persistent engagement remain unclear to Chinese analysts—or both.

The second explanation alone is the most probable, and the most worrying: Chinese analysts likely do not recognize the rhetorical or functional difference between persistent engagement and deterrence. The usual Chinese term for deterrence, wēishè (威慑), encompasses what American theorists would call compellence and even preemption. Deterrence in the typical American usage entails dissuading someone by threatening retaliation or denying them any potential benefit from their actions—when successful, neither side directly acts against the other. By contrast, compellence and preemption involve taking action to either encourage or preclude action by an adversary. The difference between deterrence and wēishè is significant enough that some writers leave the latter term untranslated in English. If the Chinese government and scholars define deterrence so broadly, then the change represented by persistent engagement may seem nonexistent or confusing.

It should worry U.S. policymakers if China has not picked up on this strategic shift. Persistent engagement represents a real change: Public reporting alone reveals more frequent and proactive operations since the policy was instituted. Meanwhile, Chinese sources tend to characterize the prevailing U.S. cyber posture as fundamentally reactive, with a high threshold for response. If this is what historian Roberta Wohlstetter calls the “background of expectation,” for Chinese cyber operators, or their unintentional perceptual ruts regarding adversary behavior, then the Chinese response at the command line to U.S. cyber activity may be to search for the action to which the United States must be reacting—reasoning that, after all, the Americans only react to serious provocations. Finding none, they might suspect Cyber Command to be preparing the battlefield for above-threshold activity—even if the U.S. is in fact only taking part in below-threshold persistent engagement.

Chinese operators may well understand persistent engagement at a deeper level than the authors cited here, who are largely retired officers or officers who never saw active duty (as is common in Chinese think tanks). That Chinese hackers are reportedly repurposing U.S. exploitation tools shows the depth of interaction at the ground level. But these authors offer useful glimpses of a different, equally important set of perceptions—those of Chinese senior leadership. Operators are always going to have to translate their judgments up the chain of command to leaders who process the intelligence and decide how to react. History provides a reminder of how dangerous misunderstanding at the highest levels can be: The 1983 Able Archer exercises veered close to nuclear war not because of low-level Soviet intelligence analysts but because of he Soviet leadership’s misperceptions as to U.S. intentions.

It may be necessary for the United States to provide more explicit statements aimed at senior Chinese leadership to reinforce operational understandings and alert the whole of Chinese government to an American strategic shift. Proponents of persistent engagement place little stock in the communicative value of high-level statements and may be wont to discount the merits of both these Chinese writings and any subsequent U.S. clarifications. Part of the argument for persistent engagement is that mutual understanding is best reached through operational interaction—through persistently engaging, rather than publishing démarches or holding talks. But this vision of tacit bargaining skates over the difficulties of communication between massive bureaucracies where information gets lost and misread, and whose leadership may prove resistant to change.

Any argument that China will come to know persistent engagement by its fruits must acknowledge the reality that the Chinese government doesn’t recognize the tree. As the United States convenes its Cyber Solarium Commission to chart a course for U.S. grand strategy in cyberspace—including evaluating the merits of approaches including persistent engagement—U.S. leaders should keep in mind that persistent engagement may not be as clear to potential adversaries as they think.

This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, Inc. LLNL-JRNL-789923


Alex Campbell is a research assistant at the Center for Global Security Research at Lawrence Livermore National Laboratory, where he studies offensive cyber strategies and Internet governance. He holds a B.A. and M.A. from Columbia University.

Subscribe to Lawfare