It might be time to throw some SALT on China

It might be time to throw some SALT on China

Summary: If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.


There once was a time that Russians and Americans were poised to kill each other. It was the 1960s, and the Union of Soviet Socialist Republics and the United States of America were overflowing with nuclear missiles aimed at each other.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders.

If one nation attacked, the other was sure to respond. The term “overkill” came to have dire meaning as weapons experts realized that not only could each nation blast the other back into the Stone Age, but there were so many missiles that we could, theoretically, destroy each other many times over.

It was mad. It was, in fact, MAD, as in Mutually-Assured Destruction.

Even in these dire times, cooler heads gave voice to practical concerns. While neither country had much love for the other, the idea of blasting each other into glass didn’t hold much appeal either. If one country or the other could just do it, and win, that would be one thing. But MAD was the maddening truth, and so a smarter strategy needed to be considered.

And so, in 1969, an odd set of negotiations began called the “Strategic Arms Limitations Talks,” or SALT. The talks weren’t designed to limit the number of ballistic nuclear weapons. Instead, they were designed to limit the number of anti-ballistic nuclear weapons – or weapons designed to defend against ICBMs. To be fair, a lot of that technology didn’t even exist at the time (the much-later Reagan Star Wars program was the beginning of real counter-ICBM technology), but it was something.

SALT lead to SALT II, which the U.S. decided not to ratify because – get this – the USSR invaded Afghanistan.

Ah, the irony.

In any case, later SALT II lead to START, which led to START II, which ultimately led to the two nations limiting the number of nuclear missiles to just mere total destruction, rather than 30-times or 60-times overkill.

Then, of course, the USSR became Russia and Russia discovered the value of cash, and who knows what became of all that fissionable material and technology? But hey, they’re now our buddies, right?

After all, almost 300 million of us worldwide have installed anti-malware software on our computers from Kaspersky, a Russian company that is now the world’s fourth largest supply of anti-malware to consumers.

Irony upon irony aside, we’re here today to talk about China, not Russia. All this has been just background so you’re clear on the idea of arms limitation talks.

See, here’s the problem: China and the U.S. may also be poised for mutually-assured destruction, this time of a digital nature.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders. They seem to think it’s acceptable to mount hacking attack after hacking attack against United States’ interests – against our government, our industry, and our citizens.

The recent attacks against The New York Times and The Washington Post were traced back to government-backed Chinese hackers. And now, security firm Mandiant, the company hired by both media outlets to trace and mitigate the attacks, has released a report claiming an “overwhelming” number of cyberattacks can be traced to facilities operated by the Chinese government.

Here’s how this could play out.

China could continue attack the United States. To think the United States won’t return the favor is unrealistic.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

First, we’re the country that is home to Apple and Microsoft and Google and Facebook and many other companies with very smart computer scientists, none of whom want foreigners (or even their neighbors) traipsing around inside their computer networks without an invitation.

Second, it would be very un-strategic for the United States to not build an offensive cyberwar capability. The U.S. has always optimized for strategic offense as a way to win wars. While there has been no public admission of an assault arm of the nation’s strategic cybersecurity forces, it would be ludicrous to think such a capability hasn’t been created. The New York Times even reported that the Stuxnet attacks against Iranian centrifuges were masterminded by the U.S.

So China could attack U.S. companies. The U.S. American companies, completely without any involvement from the U.S. government could attack China in order to make the originating attacks stop.

China could retaliate, attacking our infrastructure, perhaps causing damage or downtime to our power grid or water management. The United States cyberforces could retaliate, perhaps causing similar damage to China.

Attack. Counter-attack. Retaliation. Attack back.

At some point, critical infrastructure, like the ability to order pizza online, would be affected. A little later, more systems might go down.

If both companies decided to get into a full-tilt cyberpissing match, it’s entirely likely that financial systems, electrical systems, transportation systems, health care systems, and many of our other way-of-life networks would simply cease to function.

It wouldn’t be a nuclear attack, but we’d still be knocked back to the Stone Age. While the prospect of never again hearing “did you see my Facebook post?” has its appeal, the fact is, we are now so reliant on Internet infrastructure that if the net goes down, we go down with it.

Since China is desperately trying to move its population into the middle class, if we go down, we’re likely to take China down with us. If you think the prospect of a few cranky Texans are scary, imagine how the Chinese leadership must feel about the prospect of a Stone Age population numbering 1.3 billion, many still sporting that newly-entitled attitude, and all very angry about basics like not being able to get food.

The point here is, neither of us can win if we attack each other. While that fact may be hard to get through the heads of the Chinese leadership, it’s an essential truth.

At this point, I don’t think a few high-level phone calls from our new looks-like-an-apple-doll Secretary of State, John “watch me windsurf” Kerry, will convince the Chinese to cut it the heck out.

For some relatively short-sighted reason, the People’s Liberation Army and the Chinese leadership seem to endorse these cyberattacks based on short-term desires, like preventing American news outlets from printing juicy stories. Like that would ever work.

But back in the 1960s, the Soviets were as confrontational and shoe-bangingly disagreeable as the Chinese leaders are today. And yet, some Soviet leaders managed to do the math and were able to comprehend the madness of mutually-assured destruction.

That comprehension led to SALT and the various other talks that did, in fact, reduce the worldwide nuclear risk by some measurable degree. At the very least, those talks made clear to both parties the desire to never see destruction, and the absolute willingness to go there if the other pulled the trigger.

I think we’re at a point where we need to initiate cyberSALT talks with China.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

Here’s the thing. Back in the 60s, all the nukes were in the hands of the governments. Now, our cyberweapons are not. Now, our companies (and our teenagers) also have the means to build weapons of digital destruction.

While it might have been possible for the Americans to reason (after a fashion) with the Soviets and the Soviets to reason with the Americans, can you imagine how much like talking to a brick wall it would be for anyone to try reasoning with a teenager, or, worse, Apple (a company that often shows the responsive communications skills of the most sullen of teenagers) after it was on the receiving end of a cyberattack?

My recommendation to both nations is to begin diplomatic talks limiting these cyber-incursions. And while you’re at it, invite Google and Facebook and Microsoft. Don’t bother inviting Apple or the neighborhood teenagers. They probably wouldn’t show up anyway.

Topics: Security, Government, China


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It might be time to throw some SALT on China

    a very succint analysis of the brewing storm that most of us hardly notice ... hope level minds will prevail. as for the kids, hope they don't possess the nuclear capability that you mentioned, since the govt has no control over any of them (unlike the us fission/fusion nuclear arsenal whose main trigger is in the hands of the president.) if those kids launch those digital nukes, all we can do is brace for the worst ...
  • Let's not exaggerate

    While relations with Russia are a lot better than they were in the 1970s, Russia is not an ally of the USA in any way, shape, or form; and is highly unlikely to become one as long as Boss Putin is in charge.

    CyberSALT isn't a bad idea, but it should be remembered that China doesn't even acknowledge that it engages in cyberwarfare, so it's likely we'll need to be in a postition to "make them an offer they can't refuse" (in the Godfather sense) before they'll even talk to us about it.
    John L. Ries
    • and in addtion...

      There is really no reason why China will also agree to such talks at least in the near-future. It is in their interest not to for they - as a net assessment - stand to lose much less in a cyber-conflagration (if one can call it that) than the US. The Chinese are more concerned about their tactical networks rather than their so-called strategic networks because they remain minimally dependent on the latter, unlike the US. And, anyways, the key position taken by the Chinese in these matters is that if plausible deniability. For the US to initiate these kinds of talks would suggest two things - (1) that the US is overly concerned about such matters (which it may legitimately be), and (2) the concern of the US is being expressed from a position of weakness (which may not necessarily be the case, though it may be perceived as being so, especially by the Chinese). And, anyways, there is nothing much the US can offer the Chinese as a quid pro quo in these matters as of now.
      • Hence...

        ...the offer that can't be refused. I can think of several scenarios, but we all have our own imaginations.
        John L. Ries
    • Time

      " Russia is not an ally of the USA in any way, shape, or form"

      You could have said the same thing in 1940. Relationships can change quickly.
      • Indeed they can

        But I don't think anyone will be dumb enough to try to conquer Russia in the foreseeable future.
        John L. Ries
  • you know what would highly decrease chinese cyber attacks?

    Get their datacenters to actually enforce their eulas!

    Chinese webhosts don't care about cyber crime at all. It is easy for me to simply rent a server, set up a VPN, and start hacking people. As long as you don't distribute porn or anti government materials, you will never get closed down.

    Chinese data centers are the choice for cyber criminals worldwide. Don't believe me David? Try it yourself, you will be surprised
  • It's a total different situation

    Have you ever seen a private company that wants to make some cyber espionage asking the permission to its government? Building an intercontinental nuclear rocket is not the same like building a computer virus and more you can detach your internet plug now-days in extreme cases.
  • Starting to feel like a William Gibson novel

    Imagine a war held entirely in cyberspace with ice breakers, cyber decoys, and retaliatory worms. Could be fun as long as they stay surgical and don't start throwing around the equivalent of cyber nukes.
  • No

    As I posted in another article, the evidence for China being the main protagonist in these cyber hacks is overall very week and the companies and people making the charges don't rank high at least on my credibility index. When firm, no ifs of buts evidence of high level hacking turns up, it most often points to Russia and Eastern Europe. But firm, no if or buts evidence is usually pretty hard to come by because top level hackers are very good at disguising their tracks, especially by using botnets and relay proxies. I one time personally got curious about a virus-laced phishing attempt that, from the surface, looked like it clearly originated from China, but under closer scrutiny took me on a trip around the world. As I had also pointed out, if China had substantial talent pool of hacker types to call upon for this stuff, there would be notable cyber-security related businesses as well popping up using this talent, as is the case with Russia and Israel. This hasn't, though, been happening in China.

    Personally I think people, especially in government, should just shut up this supposed threat and do their research and homework better.
    • It doesn't really matter whether the attacks are government sponsored

      It's the responsibility of the government to stop them if they originate within their borders. Unlike nukes, anyone can participate in cyber-warfare and wreak havoc. Governments need laws in place to restrict their citizens from conducting activities that could lead to a war and they need to enforce those laws. An international agreement on those laws would be a good start.

      At the very least we should demand that the Chinese government stop attacks shown to be originating from within their borders. They have said officially that the attacks are illegal so they should find and prosecute the offenders.
      • That would include the U.S. as well

        A very recent report by McAfee has the US as being the number one country for hosting botnet servers, which are the foundation for most malicious cyber activity, more so than even Russia and China combined. The number one source of overall malicious cyber activity, by the HE Index, is Russia, with China not even being in the top 10 (they come in at #23, after Germany, Azerbaijan and Saudi Arabia, and the the US comes in at #12.)

        I personally would really like to have a chat with these fake, DC area cyber security experts about their logic and methodology for blaming China.
    • Who's Who

      How do we know that you are not a Chinese army shill working out of the same building as the hackers doing damage control? Several grammatical errors, hmm...

      Time to fire up a good old fashion McCarthy era witch hunt.
      • McCarthy wasn't hunting for witches; he was huting for anti-US communist

        sympathizers and activists, of which there were many, and a lot of them were confirmed.

        What McCarthy hunted for, is nowadays readily accepted, like with so many self-declared socialists and communists right in our congress, and a communist trained president residing in the highest office in the land.
        • And here I thought McCarthy was dead

          "like with so many self-declared socialists and communists right in our congress"

          only in you feverish imagination.

          "and a communist trained president residing in the highest office in the land."

          You are certifiable.

          "What McCarthy hunted for, is nowadays readily accepted"

          What McCarthy hunted for never existed, which is why McCarthy never produced the "list of communists" they claimed to have.

          Watch the movie "Point of Order" to see what a fraud McCarthy was. It's actual footage of the McCarthy - Army hearings, where McCarthy actually claimed the Army, and perhaps President Eisenhower himself were communists - and all this because Roy Cohen's boyfriend was not given special treatment when he was in the Army.

          In the end, Joseph Welch showed what a fraud McCarthy was. From that moment on, that dark period in American history was over.
          Adam econ Smith
      • McCarthy wasn't hunting for witches; he was huting for anti-US communist

        sympathizers and activists, of which there were many, and a lot of them were confirmed.

        What McCarthy hunted for, is nowadays readily accepted, like with so many self-declared socialists and communists right in our congress, and a communist trained president residing in the highest office in the land.
  • Or

    We can stop supporting them by not buying their manufactured good. This all goes hand in hand, regardless of what the Wall Street economists say (not that their credibility has been the best lately).
  • Unfortunately

    China is (with a few exceptions) the only place manufactured goods seem to come from. Manufacturing anything stateside is more or less impossible these days thanks in large part to the predatory anti-business stance of the current regime.
    • Not to mention...

      ...any increase in manufacturing jobs here would just make it easier for enemy voters to give money to the wrong set of politicians.
      John L. Ries
      • "Enemy voters"? By all estimates, that already happens.

        How do you think Obama got into office?