The cyberspace debate has largely been defined by the increasing tensions between its two largest competitors – the United States and China. The recent accusations of a sustained a cyber campaign by Beijing represented the most significant manoeuvrer from Washington thus far. But while it is important to acknowledge cyber-infiltration attacks as part of China’s broader cyber-hegemonic strategy, the current fixation towards attacks themselves risks becoming exceedingly unproductive and distracting.
Washington should focus on identifying areas of opportunity that provide greater insight into Beijing’s strategy. These should be examined through the international legal debates surrounding cyber-warfare, specifically China’s reluctance to discuss the parameters of self-defence as well as its contrasting enthusiasm to promote cyber-sovereignty.
Cyber self-defence
Both Article 2(4) and Article 51 of the UN Charter permit the use of force by states in circumstances of ‘self-defence.’ However, given the novel nature of cyber-warfare, the threshold for activating these in response to a cyber-attack has yet to be definitively established despite vigorous debate.
Unsurprisingly, attempts to clarify this have stalled due to the polarising legal views of the US and China.
The US preference for retaliatory military action in more traditional circumstances is well known. The administration holds a capacious conception of self-defence which it has used to justify pre-emptive military strikes against state and non-state actors. Accordingly, Washington has argued that this similarly applies for cyber-attacks and that there is no threshold necessary for an attack to warrant retaliation.
Conversely, China has adopted a restrictivist view on the principle of self-defence. The PRC has rejected the possibility of any intervention by a state except under extremely grave circumstances that are supported with the discretion of the Security Council’s judgement, expressing a particularly strong opposition towards US arguments prior to the 2003 invasion of Iraq. However, unlike the US, China has never explicitly confirmed this view within the context of cyber warfare, with Beijing declining to contribute to international discussions to define self-defence obligations and restrictions.
Whilst this reluctance to contribute has been interpreted as antagonistic, it also reveals the benefits that Beijing receives from this absence of universally agreed norms towards self-defence. Respected legal scholar Julian Ku believes that should a set of rules be established, Beijing’s concern would be that Washington would attempt to justify a major official cyber-attack in response to a Chinese cyber-operation. Fittingly, Beijing recognises that in the absence of established norms a US administration is handicapped in claiming a retaliatory attack of self-defence and that any official declaration of attack may instead be perceived as initiating hostilities due to the ambiguous nature of cyber-attacks. Thus, by stalling attempts for a global consensus, China allows for its cyber operations to continue while insulating itself from the potential of legitimate US retaliation.
Steps forward: defining sovereignty
As the self-defence debate remains at a stalemate, a productive alternative would be to define the international legal parameters of sovereignty within cyberspace. Such a debate is critical to establishing an international legal foundation from which further deliberations, including that of self-defence, can productively develop.
This brings with it complications. Sovereignty is not a static principle but instead a fluid precept: The Treaty of Westphalia outlined exclusive sovereignty within the boundaries of a state’s territory; the Outer Space Treaty held that celestial bodies cannot be claimed as sovereign territory; UNCLOS outlined that all transits in a state’s territorial waters are permissible without consent; and the Paris Convention provides absolute sovereignty over one’s airspace. Given the variability of sovereignty across the first four domains of warfare, it becomes clear that the development of the fifth will likewise be distinctively unique and representative of a new international consensus.
Defining this international consensus is a challenging feat in and of itself given that cyberspace has become the prominent modern ideological tool. For its part, the US has called for open and interoperable cyberspace where cross-border data flows are encouraged and internet programs are able to support civil society and advocacy. Comparatively, China has advocated heavily for strict sovereignty, undoubtedly in order to advance its economic, political and military interests and limit western interference in internal affairs. Such ardent advocacy appears effective, with a divide increasingly apparent between the West’s laissez-faire approach and its counterparts shift towards state-controlled centralisation.
Though this dichotomy of opinion towards cyberspace sovereignty entails that the international debate will be arduous, it has greater potential for development than the debate towards self-defence given Beijing’s comparative willingness to engage in discussions. Therefore, it is necessary to be both welcoming of Beijing’s contributions to the cyberspace debate and tempering of the hegemonic interests it will undoubtedly pursue. Nevertheless, if one wishes to see an international legal framework develop to address China’s cyber-infiltration attacks, the first step must be to not address prospects of retaliation but instead the parameters of the battlespace.
Michael Nguyen is the Cyber Fellow for Young Australians in International Affairs.