It might be time to throw some SALT on China

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.
Written by David Gewirtz, Senior Contributing Editor

There once was a time that Russians and Americans were poised to kill each other. It was the 1960s, and the Union of Soviet Socialist Republics and the United States of America were overflowing with nuclear missiles aimed at each other.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders.

If one nation attacked, the other was sure to respond. The term “overkill” came to have dire meaning as weapons experts realized that not only could each nation blast the other back into the Stone Age, but there were so many missiles that we could, theoretically, destroy each other many times over.

It was mad. It was, in fact, MAD, as in Mutually-Assured Destruction.

Even in these dire times, cooler heads gave voice to practical concerns. While neither country had much love for the other, the idea of blasting each other into glass didn’t hold much appeal either. If one country or the other could just do it, and win, that would be one thing. But MAD was the maddening truth, and so a smarter strategy needed to be considered.

And so, in 1969, an odd set of negotiations began called the “Strategic Arms Limitations Talks,” or SALT. The talks weren’t designed to limit the number of ballistic nuclear weapons. Instead, they were designed to limit the number of anti-ballistic nuclear weapons – or weapons designed to defend against ICBMs. To be fair, a lot of that technology didn’t even exist at the time (the much-later Reagan Star Wars program was the beginning of real counter-ICBM technology), but it was something.

SALT lead to SALT II, which the U.S. decided not to ratify because – get this – the USSR invaded Afghanistan.

Ah, the irony.

In any case, later SALT II lead to START, which led to START II, which ultimately led to the two nations limiting the number of nuclear missiles to just mere total destruction, rather than 30-times or 60-times overkill.

Then, of course, the USSR became Russia and Russia discovered the value of cash, and who knows what became of all that fissionable material and technology? But hey, they’re now our buddies, right?

After all, almost 300 million of us worldwide have installed anti-malware software on our computers from Kaspersky, a Russian company that is now the world’s fourth largest supply of anti-malware to consumers.

Irony upon irony aside, we’re here today to talk about China, not Russia. All this has been just background so you’re clear on the idea of arms limitation talks.

See, here’s the problem: China and the U.S. may also be poised for mutually-assured destruction, this time of a digital nature.

There seems to be some kind of major malfunction in the strategic thought processes of China’s leaders. They seem to think it’s acceptable to mount hacking attack after hacking attack against United States’ interests – against our government, our industry, and our citizens.

The recent attacks against The New York Times and The Washington Post were traced back to government-backed Chinese hackers. And now, security firm Mandiant, the company hired by both media outlets to trace and mitigate the attacks, has released a report claiming an “overwhelming” number of cyberattacks can be traced to facilities operated by the Chinese government.

Here’s how this could play out.

China could continue attack the United States. To think the United States won’t return the favor is unrealistic.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

First, we’re the country that is home to Apple and Microsoft and Google and Facebook and many other companies with very smart computer scientists, none of whom want foreigners (or even their neighbors) traipsing around inside their computer networks without an invitation.

Second, it would be very un-strategic for the United States to not build an offensive cyberwar capability. The U.S. has always optimized for strategic offense as a way to win wars. While there has been no public admission of an assault arm of the nation’s strategic cybersecurity forces, it would be ludicrous to think such a capability hasn’t been created. The New York Times even reported that the Stuxnet attacks against Iranian centrifuges were masterminded by the U.S.

So China could attack U.S. companies. The U.S. American companies, completely without any involvement from the U.S. government could attack China in order to make the originating attacks stop.

China could retaliate, attacking our infrastructure, perhaps causing damage or downtime to our power grid or water management. The United States cyberforces could retaliate, perhaps causing similar damage to China.

Attack. Counter-attack. Retaliation. Attack back.

At some point, critical infrastructure, like the ability to order pizza online, would be affected. A little later, more systems might go down.

If both companies decided to get into a full-tilt cyberpissing match, it’s entirely likely that financial systems, electrical systems, transportation systems, health care systems, and many of our other way-of-life networks would simply cease to function.

It wouldn’t be a nuclear attack, but we’d still be knocked back to the Stone Age. While the prospect of never again hearing “did you see my Facebook post?” has its appeal, the fact is, we are now so reliant on Internet infrastructure that if the net goes down, we go down with it.

Since China is desperately trying to move its population into the middle class, if we go down, we’re likely to take China down with us. If you think the prospect of a few cranky Texans are scary, imagine how the Chinese leadership must feel about the prospect of a Stone Age population numbering 1.3 billion, many still sporting that newly-entitled attitude, and all very angry about basics like not being able to get food.

The point here is, neither of us can win if we attack each other. While that fact may be hard to get through the heads of the Chinese leadership, it’s an essential truth.

At this point, I don’t think a few high-level phone calls from our new looks-like-an-apple-doll Secretary of State, John “watch me windsurf” Kerry, will convince the Chinese to cut it the heck out.

For some relatively short-sighted reason, the People’s Liberation Army and the Chinese leadership seem to endorse these cyberattacks based on short-term desires, like preventing American news outlets from printing juicy stories. Like that would ever work.

But back in the 1960s, the Soviets were as confrontational and shoe-bangingly disagreeable as the Chinese leaders are today. And yet, some Soviet leaders managed to do the math and were able to comprehend the madness of mutually-assured destruction.

That comprehension led to SALT and the various other talks that did, in fact, reduce the worldwide nuclear risk by some measurable degree. At the very least, those talks made clear to both parties the desire to never see destruction, and the absolute willingness to go there if the other pulled the trigger.

I think we’re at a point where we need to initiate cyberSALT talks with China.

If we don’t start some level of reasonable cyberarms limitation talks now, there will be a conflagration later.

Here’s the thing. Back in the 60s, all the nukes were in the hands of the governments. Now, our cyberweapons are not. Now, our companies (and our teenagers) also have the means to build weapons of digital destruction.

While it might have been possible for the Americans to reason (after a fashion) with the Soviets and the Soviets to reason with the Americans, can you imagine how much like talking to a brick wall it would be for anyone to try reasoning with a teenager, or, worse, Apple (a company that often shows the responsive communications skills of the most sullen of teenagers) after it was on the receiving end of a cyberattack?

My recommendation to both nations is to begin diplomatic talks limiting these cyber-incursions. And while you’re at it, invite Google and Facebook and Microsoft. Don’t bother inviting Apple or the neighborhood teenagers. They probably wouldn’t show up anyway.

Editorial standards