South China Morning Post
Advertisement
Advertisement
US-China relations
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
China and the US are increasingly using cyber operations for intelligence collection, which could have dangerous consequences, according to a new study. Photo: Shutterstock
ChinaDiplomacy

US-China tensions raise risk of nuclear reaction to cyberattacks: report

  • A collaboration between Chinese and American think tanks has found both sides could overreact to perceived cyberthreats
  • Study warns the scale of the problem is underestimated with no effective mechanism to deal with the risks
US-China relations
Rachel Zhang
Rachel Zhangin Shanghai
Why you can trust SCMP

A joint study by think tanks from the United States and China warns that cyberattacks on nuclear systems could trigger conflict, with both sides underestimating the risk.

The three-year study by the Shanghai Institutes for International Studies (SIIS) and the Carnegie Endowment for International Peace (CEIP) found the major powers not only lacked an effective mechanism to deal with the risk of an attack on nuclear systems escalating into conflict, they also did not have a full awareness of the threat.

More than half of foreign cyberattacks against China in 2019 originated in the US, report says

The report, “China-US Cyber-Nuclear C3 Stability”, said China and the US had enhanced their cyber capability and given it a bigger role in their overall security postures, as the use of cyber operations for intelligence collection was tempting for various reasons.

“They are relatively inexpensive, nonlethal, often effective, and not clearly illegal. Because they seem – and often are – less destructive, more temporary in their effects, and generally less provocative than the use of human spies and certainly kinetic weapons, cyber operations pose a lower risk of escalation,” it said.

Even if the intention of the cyber espionage on a country’s nuclear command and control system was defensive, seeking to gain warning of an attack, it was likely the target would react with deep alarm and even use its nuclear weapons before they were compromised, the report said.

Lu Chuanying, director of the International Cyberspace Governance Centre at SIIS and a co-author of the report, said the major nuclear states did not currently have a strong motivation to build a risk-reduction mechanism together, as they were not yet fully aware of the potential risk.

“Nuclear study is a very closed and exclusive research field, and there is basically no communication among countries. For instance, if an aeroplane crashed, the country may make a public announcement of the technical issue that lead to the accident, so that other countries can take precautions. But this is not the case in the nuclear field. Countries are very likely to fail to notice certain loopholes in their nuclear system due to lack of communications with one another, and thus feel safe,” he said.

00:59

US warns of ‘security risk’ from China-made drones as tech war heats up

US warns of ‘security risk’ from China-made drones as tech war heats up

The risk was especially manifest in the incessant frictions on the cyberfront and spiralling confrontations between China and the US, the report found. Last year, a leading Chinese antivirus company accused the US of involvement in a decade-long cyber espionage operation targeting areas including aviation, the petroleum industry, internet companies and government agencies. In turn, Microsoft accused China of hacking its email server software to steal data from US researchers, law firms, and national defence contractors.

The report suggested tensions could spill over into suspicions that the other side may launch a cyberattack on its nuclear system.

Lu Jinghua, a visiting scholar with CEIP and another co-author of the report, said the tensions between China and the US meant it was especially easy for them to misinterpret the intentions of a cyberattack or leap to blame each other.

“Considering the difficulties of finding out a cyber intruder’s intention and identity, China and the US tend to interpret each other’s attacks based on the worst assumptions, or even attribute attacks from a third party to each other.”

India moves to strengthen cybersecurity in wake of China-linked intrusions

There is also a vast disparity between the nuclear capabilities of the two countries. According to a US defence department report from last year, the United States has about 5,800 nuclear warheads while China has only about 200.

“The asymmetry between their nuclear forces and other offensive and defensive capabilities may incline Chinese officials to assume the United States will at some point act on the temptation to negate China’s nuclear deterrent. Chinese actions, especially in the cyber domain, to try to avoid such a possibility might make US officials fear that China is seeking to impede the US nuclear deterrent,” the report said.

Lu Chuanying said the best solution would be an agreement between China and the US prohibiting cyberattacks on each other’s nuclear system from the legal level. But the trust deficit between them meant it would be very hard to reach such a deal.

“Technically it’s very hard or nearly impossible to trace the cyber intruder and find out which country is behind the operation. So even if the two sides promised not to attack each other’s nuclear system and signed a paper for it, it would be hard to verify if they were really abiding by it,” he said.

Lu Jinghua said: “Apart from signing a new agreement, an alternative is incorporating related agenda into existing mechanisms, such as the China-US Diplomatic and Security Dialogue, and the hotline of the Ministry of National Defence.” 

7