The blame game just got serious. On Monday, the United States, NATO, the European Union, the United Kingdom, Canada, Japan, Australia, and New Zealand jointly accused the Chinese government of hacking Microsoft Exchange servers earlier this year, among other malicious cyber activities. What does NATO’s buy-in mean for the world’s response to Chinese hacking? What tools do these allies have to fight back? Our experts messaged us (securely) with the answers.
TODAY’S EXPERT REACTION COURTESY OF
- Trey Herr: Director of the Scowcroft Center’s Cyber Statecraft Initiative and former senior security strategist with Microsoft
- Safa Shahwan Edwards: Deputy director of the Cyber Statecraft Initiative
- Christopher Skaluba: Director of the Scowcroft Center’s Transatlantic Security Initiative and former principal director for European and NATO policy at the US Defense Department
Statement of purpose
- Monday’s White House statement lays out how China’s Ministry of State Security collaborated with private hackers to execute a breach of Microsoft Exchange accounts that impacted more than 140,000 servers this spring, mostly of small and medium-sized businesses.
- “Developing the public’s awareness of the relationships between Chinese state entities and criminal groups (and their often fuzzy delineation) is useful,” Trey says. “What’s less clear is how this reframing leads to concerted action on the international stage.”
- The US Department of Justice also recently unsealed charges against three Chinese government officials, along with a private hacker, over attempts to steal research into the Ebola virus, among other information. But Trey contends that allied governments should open up their broader toolbox, possibly including “follow-on sanctions or new restrictions on Chinese state companies or personnel, in line with what’s been announced against Russia,” as well as “financial penalties for firms that participate in these activities” or benefit from them.
- Any response will have to be calibrated carefully, Safa notes, as the United States and its allies encounter a gray area of cyber hostilities. “This is a good time for policymakers to think long and hard about what is a state operation versus a non-state operation, and, more importantly, examine the role of non-state contractors in executing state-backed operations,” she says. “The Biden administration should expect to see more of this type of activity and the blurring of the line between state and non-state actors in cyberspace.”
- One element of the statement that you might have missed? Acknowledgment that the National Security Agency worked with Microsoft to patch up its software. “This is now a recent pattern of public disclosures of software vulnerabilities and a positive trend with the functioning of the government’s Vulnerability Equities Process,” which helps determine whether the government reveals a software vulnerability, Trey adds.
Subscribe to Fast Thinking email alerts
Sign up to receive rapid insight in your inbox from Atlantic Council experts on global events as they unfold.
- Rallying so many allies to the cause of countering China is “an impressively smart act of policy and diplomacy” by the administration of US President Joe Biden, Chris tells us. “In one fell swoop, it found a tangible issue around which to bridge recent US-EU, NATO-EU, and UK-EU divides, worked out a way for NATO to engage on China while building up NATO’s ‘political’ role, linked transatlantic and transpacific allies, and stressed NATO’s relevance to modern security challenges.”
- Trey agrees that EU involvement is “great” but adds that “nothing in the announcement binds these partners or allies to action. And directly involving key member states, like Germany, the Netherlands, and France, would have been more influential.”
The fierce urgency of NATO
- By weighing in on this matter, Chris says, NATO is responding to persistent questions about the Alliance’s ability to unite its thirty members around deterring China’s aggressive actions. “In classically passive-aggressive NATO fashion,” he observes, NATO’s statement points to how allies have blamed China for the hacks, rather than pointing the finger itself.
- “Nevertheless,” Chris says, “it is an unusual and unmistakable rebuke of China and one that undercuts Beijing’s careful cultivation of European clients through aggressive infrastructure investments (e.g. in Greece and Italy) and regional diplomatic arrangements like the 17+1. On top of recent sanctions related to human-rights abuses [in Xinjiang province], this signals that European scrutiny of China is on the rise.”
- When NATO Secretary-General Jens Stoltenberg appeared at the Atlantic Council last month, he stressed that the Alliance’s Article 5 collective-defense pact applied to cyberattacks. “Today’s statement is a natural extension of that policy, clearly signaling that NATO is deterring threats and preparing to defend its members across all domains of warfare and against all adversaries,” Chris notes.
- But Safa points out that a cyber Article 5 “still has yet to be invoked and such a commitment would be challenging to follow through on. For now, joint attribution and collective statements will have to suffice and potentially mobilize member states to invest in their cybersecurity capacity and defenses.”
Fri, Jul 16, 2021
Fast Thinking By
What do this week's moves on Xinjiang and Hong Kong signal about the Biden administration’s emerging China policy? Our experts on economic statecraft connect the dots.
Thu, Jul 15, 2021
New Atlanticist By Justin Sherman
The international collaboration underscores the importance of being carefully narrow about scoping cyberspace “red lines” in talks with the Russian government.
Mon, Jun 7, 2021
Secretary General Stoltenberg explains why NATO is getting serious about cyber and China ‘is not an adversary’
New Atlanticist By Daniel Malloy
Jens Stoltenberg appeared at the Atlantic Council’s Washington headquarters ahead of next week’s NATO summit in Brussels and on a US trip that is also scheduled to include an Oval Office visit with President Joe Biden.