Embed Size (px)
Citation preview
Creamer �1
The U.S.-China Cyber-Security Dilemma: Real, or Really Hyped? What is Means for Foreign Policy Advisors James Creamer III, M.S. Security and Resilience Studies Graduate Student
Capstone (POLS 7980), Political Science Department, Northeastern University
The focus of this paper is to address the concerns regarding the new generation of the security dilemma referred to as the ’cyber-security dilemma’ or the ‘cyber-arms race’ between China and the United States. Opposing viewpoints see this arms race as justified and warranted, while others believe it to be an over-reaction. The purpose of this paper is to conduct a qualitative case study analysis based a dataset collected by scholars at Northeastern University to determine which sides arguments holds to be more accurate based on the actual impact (severity and damage) of cyber-incidents, is the response we are seeing from the U.S. and China align with the security dilemma? This paper seeks to find out and its format proceeds as follows: introduction to the issue and a literature review discussing the modern security dilemma in China, U.S.-Sino relations, and Cyber-security. This will be followed by a list of terms and definitions, research design, qualitative analysis, implications for policy makers and conclusions.Keywords: Cyber; Conflict; Attack; United States; China; Security; Dilemma; Critical; Infrastructure; DDOS; Hacking; Arms; Race
Part I: Introduction
Cyber-attacks have saturated the western media so far in 2015, and there appears no
end in sight. Major security breaches at Target, Sony Pictures Studios, and most recently, the
U.S. Office of Personnel Management, are common place. They have brought the attention to
the public that the Internet was never designed with security in mind. This inherent insecurity
has lead to a new security dilemma; the last one this prevalent was during the Cold War with
nuclear weapons, and now hacking has taken its place and cyber-war appears imminent
(Penn: Correa: Snyder: Gewirtz). As a result of this cyber-security dilemma, we have seen major
pushes toward increased offensive and defensive cyber-capabilities among state actors (Gertz:
Shall & Selyukh). The two states that receive the most attention are the United States and
China. With this buildup of ‘cyber-armies’ on either side, one must wonder whether or not
these nations are justly reacting to current threats.
President Obama has made cyber-security a priority since he stepped into office.
However, most recently he has made the strongest push forward to making cyber-security one
of his top agendas (Daniel). But why does any of this matter between the U.S. and China? That
Creamer �2
is because according to the Elcano Institute, the U.S. and China are two of the world’s most
powerful countries (Elcano 13). The U.S. was ranked number one in the 2014 economic
presence ranking, while China number two (Elcano 18). The U.S. also held the number one
spot for the 2014 military presence ranking, and China number five (Elcano 19). Cloud services
and security firm Akamai Technologies reported that in 2014, based on originating cyber-attack
location, China lead the world with 41% of all attacks, followed by the United States with 13%
(Akamai). Many believe we are beginning to see the start of the next generation of conflict
between two of the world’s largest and most powerful countries. Being able to make effective
and well-informed policy decisions regarding cyber-security should be a top priority for both
sides; this is why it matters.
Several scholars have examined a variety of similar topics in the years past. Academics
including Charles Glaser, Jason Douglas, Ling Li et al., Andrew Scobell and Adam Liff have
focused on the modern security dilemma in regards to China. Others including Avery Goldstein,
Phillip Saunders and Michael Tai have examined U.S.-Sino relations at varying levels. More
specifically in this topics context, academics including Myruam Dunn Cavelty, Jyh-An Lee, Nir
Kshetri and Jon Lindsay, have written on cyber-security between the United States and China.
This paper examines the reactions of China and the United States regarding the cyber-
security dilemma by utilizing the existing literature in conjunction with a recently constructed
dataset by Creamer, Valeriano and Maness to determine whether or not we see a cyber-
security dilemma unfolding. This research is limited in scope as these cases are limited to the
most recently discovered events. Based on facts of these U.S.-China dyadic incidents, do we
see a new security dilemma unfolding? Since this question is founded in the gaps of existing
literature, this research paper will use relevant theories of security studies in conjunction with
data from a qualitative analysis. The following paragraphs will provide a summary of relevant
terminology for this paper, as well as a summary of the existing scholarly literature. Following
the literature review will be the research design, qualitative analysis, implications for policy
makers and conclusions.
Creamer �3
Part II: Terminology
Since the audience of this paper will vary widely, it is deemed appropriate to include a
section of terminology in order to specifically define certain political and technical concepts in
respect to this paper. Maness and Valeriano indemnify an issue that plagues this research; the
lack of consistency among definitions and terminology (Valeriano and Maness “Cyber War
versus Cyber Realities” 20). The following paragraphs include definitions for “security
dilemma”, “cyber-army”, "cyber-attack", “cyber-incident”, “cyber-conflict”, “hack”, “breach”
and ”(distributed) denial of service”, as used for the purposes of this paper.
The security dilemma is a scenario that arises due to states seeking to increase their
own security and survival. According to the international relations theory of realism, states’
primary motivation is survival. Since states are seeking this, it creates a paradox. The more
powerful a state becomes, the more likely other states will try to increase their own power for
survival. This continues to spiral with each action causing the other side to react, and so on
and so forth (Jervis). The term cyber-arm(ies) is in reference to state-actor’s military/security
assets that have the capability to operate in cyber-space and attack or defend against targets
through various cyber-related methods. In the context of this paper, cyber-armies can be public
actors or private state-sponsored actors. A cyber-attack is one individual instance of using a
cyber-method of attack against a state or non-state actor. This can occur in many forms
including DDoS, APT, and Spear Phishing. Cyber-incident is a similar reference to cyber-attack,
but is used in a less offensive tone. It uses a more objective connotation to state that an
incident has occurred, as opposed to using the term attack which implies it was an aggressive
move .On the other hand, a cyber-conflict implies a series of cyber-incidents where two actors
are engaged in conflict with one another, but does not escalate to a level consistent with
warfare (Valeriano and Maness 32).
A cyber-incident that was the result of a hack means that someone gained unauthorized
access to a system/service/information. Hack is a generally used term and could range from
describing a particular incident (noun) or could be the general description of the method of
Creamer �4
attack (verb). Another generally used term is breach or security breach, and this has a similar
meaning to hack. It refers to the unauthorized access of a system, service, or information. One
of the most common methods of attack is a denial of service or distributed denial of service
(DDoS) attack. This occurs when a IP-connected target is flooded with requests and as a
result, becomes overwhelmed and is disabled. All terminology relating to the qualitative
research and the dataset created by Creamer, Valeriano and Maness can be found in
Appendix A.
Part III: Literature Review
Section A: Modern Security Dilemma and China
Author Charles Glaser is noted for discussing possible security dilemma outcomes for
China based on international relations theories, factors that impact the security dilemma, and
the dangers of exaggeration (Glaser). Most international theorists predict three different
situations emerging between China and the international community, one liberal and two realist
(Glaser). The liberal theory states that China can rise peacefully due to international economic
and political forces (Glaser). One realist theory states that China’s “growing strength” will turn
into a more aggressive strategy for them, and ultimately predicts a Cold War type standoff
between them and the U.S. (Glaser). The other realist theory states that the likelihood of
conflict between major powers is minimal because of structural forces in the international
system, but “secondary disputes” within the region are what are expected to be seen (Glaser).
This viewpoint also states that “conflict is not predetermined” and through not over reacting to
threats or making “uncomfortable concessions”, one can avoid conflict (Glaser). Glaser states
that the perceived threat, and associated security dilemma response, can be dramatic when
“attacking is easy” (Glaser). This translates into “a spiral of fear and arming” (Glaser). He also
mentions the opposite, that if “defending and deterring are easy” that rush to arm is subsided
(Glaser). One’s perceived beliefs about a nation’s “motives and goals” can impact that
response to arm in either direction (Glaser). Glaser believes that given the current state of
Creamer �5
nuclear arms in both countries, and our geographical boundaries and obstacles, that the
security dilemma should stay at a moderate level (Glaser). According to Glaser, this should help
“facilitate cooperation” between the two nations (Glaser).
Neo-isolationists believe that it is not the rise of China that could impact the security of
the United States, but the relationships that we have with regional allies (Glaser). According to
this viewpoint, the U.S. has the capability to deter homeland conflicts from China, and that any
further relationships create “unnecessary [risk]” (Glaser). On the other hand, some scholars
argue that “selective engagement” is an effective tool at “[preventing eruption] of a conflict in
the first place” (Glaser). Similarly to the U.S. strategic plan during the Cold War, their
commitment to allies, along with military footholds and nuclear capabilities are considered to
be sufficient to “deter a Chinese attack” on the regional allies (Glaser). Furthermore, given the
current and potential “conventional military [and nuclear] capabilities” of regional allies, if the
U.S. disassociated with the region, there would be a sufficient deterrent from China striving to
become the regional hegemonic power (Glaser). According to Glaser, it is in fact in China’s best
interest to have U.S. influence in the region, as they see Japan as more of a threat, and U.S.
relations provide stability (Glaser). The exception to this analysis is Taiwan; with their history
with China, and geopolitical value to the U.S., slowly receding U.S. commitment to Taiwan is
seen as a favorable option to prevent conflict (Glaser). Glaser states that U.S. leaders make
decisions on the realist “assumption that states accurately perceive and respond” to situations
(Glaser). However, in the event this assumption is incorrect, it actually increases the risk for
future conflict (Glaser). This lack of understanding and misperception directly influences the
severity of the security dilemma (Glaser). Glaser believes that to date, the U.S. has not
overreacted to China’s military growth, but given the U.S. National Security Strategy, we
certainly could (Glaser). The exaggeration of threats, i.e. China’s military buildup and nuclear
capabilities, may in fact strain relations and create more conflict (Glaser).
Scholar Jason Douglas has examined the current security dilemma regarding U.S.-Sino
nuclear proliferation (Douglas 125). This security dilemma stems from the United States’ stance
Creamer �6
on developing advanced defensive nuclear capabilities and China’s development of offensive
nuclear capabilities (Douglas 126). Douglas mentions that a “missile defense system is an
attractive option for Americans trying to prevent a nuclear strike on US territory”, but comes
with the unintended consequences that other states perceive as a threat to their “nuclear
deterrent” capabilities (Douglas 128). President Obama has stood fast in supporting an “Asian
missile defense system” for US allies, a stance that been seen by the Chinese as an aggressive
move into their territory to limit their sovereignty (Douglas 129-130). Due to recent Japanese
military enhancements for ballistic missile defense, China has begun massive expansion of
military capabilities, which as Douglas writes, “could lead to what has been termed an offense︎-
defense arms race, with each side developing capabilities in order to counteract those of the
other” (Douglas 130-131). Historically speaking, China has a “no-first-strike” policy, whereby
they limit the number of nuclear weapons to a quantity suitable for second strike capabilities
only (Douglas 131). However, with the recent modernization of American nuclear arms, China
does not have a credible second strike capability (Douglas 132). This has led to further Chinese
nuclear expansion, which is thus seen by the U.S. as an aggressive offensive posture (Douglas
133).
Douglas highlights a concept to counter the realist approach to the anarchic system,
what Ken Booth and Nicholas Wheeler call, “security dilemma sensibility” (Douglas 138). The
definition of this concept is “an actor’s intention and capacity to perceive the motives behind,
and to show responsiveness towards, the potential complexity of the military intentions of
others” (Douglas 138). Both states cannot completely understand each others “motives and
intentions”, but understanding how your actions may be perceived by the other can impact
your own decisions and prevent future conflict (Douglas 138). Understanding the perspective of
the other state is the key to this sensibility, however this viewpoint is lost on many policy and
decision makers (Douglas 138).
Authors Ling Li, Ruixing Huang and Dewei Wang have empirically tested the security
dilemma between China and the United States (Ling et al. 153). Ling et al. take a quantitative
Creamer �7
approach to a historically qualitative analysis to determine whether the Chinese security
dilemma is “subjective inference” or is it actually grounded in quantitative support (Ling et al.
153). The authors use military expenditure as their measure for improvement of national and
military power (Ling et al. 153). Their research analyzed the military expenditures of China, the
United States, Japan, Indian, Taiwan, Vietnam and South Korea (Ling et al. 155). The analysis
determined that the only statistically significant reactions to China’s military spending were
from the U.S. and its allies, Japan and South Korea (Ling et al. 155). According to the authors,
China’s military spending is predominantly defensive in nature, and when the United States and
allies increase their expenditures as a result of China’s spending, it negates the impact of that
spending (Ling et al. 156). This evidence supports the belief that the reactions by the U.S.,
Japan and South Korea directly contribute to the security dilemma, and that this dilemma is
factual and not just a perceived deduction (Ling et al 156).
Scholar Andrew Scobell discussed the security dilemma from the viewpoint of the
Peoples Republic of China (PRC) (Scobell 713). The premise of Scobell’s argument is grounded
on the theory that the PRC has always viewed itself as an underdog in the international
community (Scobell 75). Scobell provides evidence that supports the claim that under the Mao
Zedong era, Deng Xiaoping era and post-economic reform era that the Chinese government
has viewed itself as such (Scobell 715-718). Scobell argues that while the concept of the
security dilemma is present within the academic community in China, it is “one step removed
from decision makers” (Scobell 718). Those in power in Beijing adhere to the ‘New Security
Concept’ or the ‘peaceful rise and development’ (Scobell 718). They view the military
expansion as a way to defend themselves from external threats, and acknowledging the
security dilemma would mean that China is admitting their own actions have caused this
(Scobell 717-718). China’s reputation in the international community is reflective of their power
in the international community (Scobell 719). Scobell notes Ian Johnston’s belief that if China
does not recognize the security dilemma, they will always be “convinced that the [U.S.] is intent
on their demise” (Scobell 719). Similar issues can be found within the United States too; that
Creamer �8
the security dilemma falls only on the ears of academics, and that U.S. policy makers ignore its
existence (Scobell 719). Scobell offers three possible ideas to help curb the security dilemma
(Scobell 719). These include “encourag[ing] senior policy makers on both sides to put the
security dilemma on the agenda” and begin an open dialogue, “ton[ing] down the inflammatory
rhetoric” on both sides as it only negatively contributes to a resolution, and lastly for the U.S.
and China to openly and directly discuss their national security interests and concerns (Scobell
719-720).
Authors Adam Liff and G. John Ikenberry have discussed the security dilemma through
the context of China’s rise and military competition in the Asia pacific (Liff & Ikenberry 88). Liff
and Ikenberry determine that at this point in time, there is no “full-scale security dilemma” due
to a traditional arms race between China and other states (Liff & Ikenberry 88). However, they
do admit that they do expect that situation to “[gradually] spiral” as military expenditures
increase (Liff & Ikenberry 88). Liff and Ikenberry identify two issues exacerbating the situation
between China, the U.S. and regional actors; the first is Beijing’s response in terms of military
policy, and the later is “misinterpret[ation]” by Beijing regarding the U.S. and other states’
desire to keep the “status quo” (Liff & Ikenberry 88). Beijing’s response includes their “pace
and scale” of military development, their low level of interest in “other states’ concerns” and
their lack of transparency (Liff & Ikenberry 88). The misinterpretation has resulted in a
“confrontational” view from Beijing’s perspective (Liff & Ikenberry 88). The authors conclude
with five policy recommendations to minimize the likelihood of conflict between the U.S. and
China (Liff & Ikenberry 88). Both governments must admit that they are caught in this security
dilemma in order to make meaningful progress forward (Liff & Ikenberry 88-89). Additionally, it
is recommend that they increase their information sharing in regards to their interpretations of
one another policies (Liff & Ikenberry 89). Furthermore, it is recommended that each side
increase their transparency regarding “military capabilities, strategic objectives, and military
policy decision making” (Liff & Ikenberry 89). The fourth recommendation is that both
government need to “strengthen diplomatic mechanisms for bargaining” so that both sides can
Creamer �9
more effectively manage crosses (Liff & Ikenberry 90). The last recommendation that Liff and
Ikenberry provide is that all states involved must “continue to shape and improve the wider
political and strategic context in which military competition is unfolding” so that they can
increase military cooperation and reduce rivalries (Liff & Ikenberry 90).
These authors make a wide variety of implications based on their work on the modern
security dilemma between the U.S. and China. While there focus is not on cyber-security, the
situation unfolding is quite similar to a traditional security dilemma and the political fallout that
comes along with it. The most important take aways and how they relate to the cyber-arms
race is as follows. One of Glaser’s realist theories predicts the cyber-arms race well. Glaser
previously mentions that the arms-race response is more dramatic when attacking is easy, and
that defending and deterring are difficult. Since the Internet was not designed with security in
mind, it is becoming increasingly difficult to defend and deter, and easy to attack without
retribution. Based on Douglas’s analysis of China’s nuclear arms policy, it appears similar to
their cyber-security policy since it is used for defensive purposes only. However, like with the
modernization of U.S. nuclear weapons, China’s response to the NSA leaks has been what
some would consider an aggressive posture. Douglas believes that “security dilemma
sensibility”, or the ability to understand how your actions may be perceived by others can
impact your own decisions is key to reducing the standoff. This same sensibility applies to the
cyber-security dilemma. The key applicable lessons from Li, Huang and Wang are that China’s
military expenditures are mostly defensive in nature, and that when the U.S. notices the
increase in spending, they respond with increasing their own spending. This negates the
impact of China’s defensive spending and causes the cycle to repeat. This same scenario
exists in the world of cyber-spending and is important to recognize and understand that.
Scobell’s primary take away relevant to the cyber-security dilemma is that
the concept of the security dilemma at all is removed from policy makers in China and the
United States. By failing to acknowledge its existence, they are contributing to its growth.
Scobell’s lessons on encouraging senior policy makers to engage in dialog, conversing more
Creamer �10
calmly, and openly discuss interests and concerns are all applicable to handling the growth of
cyber-arms race. Liff and Ikenberry’s contribution to this cyber-arms research is that as military
expenditure increase, we see a spiraling effect into the security dilemma. An increase in cyber-
related spending can have the same effect. In order to address this, Liff and Ikenberry argue
that they need to stop presuming the motives of the other, acknowledge the security dilemma,
and increase transparency in decision making. All of these actions are applicable to cyber-
decisions between China and the U.S. The take aways mentioned above can all impact the
ability of both countries to effectively manage the cyber-security dilemma. However,
understanding more broadly U.S.-China relations is also important to effective decision making
and is discussed in the following section.
Section B: U.S.-Sino Relations
Author Avery Goldstein has previously discussed the potential for a “serious U.S.-China
crisis”, the specific features making a crisis “so dangerous” and also the “general features of
crisis stability” (Goldstein 50). Goldstein concludes that the risks involved with striking first in
“conventional and nuclear” conflict are so high, it produces a dis-incentive for doing so
(Goldstein 88). Furthermore, Goldstein states that since each party “desire[s]… a favorable
outcome”, it actually creates a desire to “manipulate risk” and use force to get ”the upper
hand” (Goldstein 88). This is a direct outcome of a misunderstanding about the viewpoints of
the other party or a lack of perspective regarding a crisis (Goldstein 88). Goldstein argues that
this rationale alone should be enough for policy makers to take this into consideration when
discussing potential conflict (Goldstein 88-89). Goldstein concludes by stating that while China
being a “true peer competitor” to the U.S. is far away, policy makers must focus on the
“immediate danger of instability” and focus far less on issues of conventional war and nuclear
capabilities (Goldstein 89).
Michael Tai discussed international security in the context of China and the United
States (Tai 137). Notable topics include conventional warfare forces, nuclear capabilities, and
Creamer �11
cyber warfare (Tai 139-144). Tai notes that after the the conventional military forces in China are
not capable of taking on the United States, due to many issues including older soviet-era
weaponry and logistical issues (Tai 139-140). While the U.S. sees the recent buildup of Chinese
armed forces as a threat, it is more likely that the Chinese are building up to protect themselves
from regional forces including Japan and Taiwan (Tai 140). The United States began to view
China as the next conventional threat “after the demise of the Soviet Union” and that is where
the attention has remained (Tai 143). When comparing nuclear capabilities, it is estimated that
the United States has somewhere in the range of 7,700 nuclear weapons with 2,000 of them
“on hair-trigger alert” (Tai 143). This is in comparison to China’s 250 nuclear weapons and an
administration which pledges a no-strike first policy (Tai 144). In order for the U.S. to use
nuclear weapons, all that is requires is a “20-minute deliberation between the president and
two or three of his advisors” (Tai 143). In regards to cyber-warfare, the U.S. has publicly been
accusing the People’s Liberation Army of hacking public and private American organizations
since 2013 (Tai 144). It was revealed by Edward Snowden later that year that the NSA had been
conducting espionage on “major Chinese telecommunications companies, network backbones
at Chinese universities… and the Hong kong headquarters of Packet” (Tai 144). This revelation
had caused great concern for Beijing which has translated into a more hawkish stance and a
viewpoint where the U.S. is trying to overthrow the Chinese government (Tai 144).
Author Phillip Saunders elaborated on the ‘post-War On Terror’ strategic pivot, or what
is being referred to as the United States ”return to Asia” (Saunders). Saunders differentiates
that this “rebalance” is not the same as the “balance of power” (Saunders). Saunders drives
home five key points throughout his article. The first is that this pivot back to Asia is in
response to the “increased economic and strategic weight” of Asia and has the goal of brining
“diplomatic, economic, and military resource[s]” to our allies (Saunders). Secondly, it is
expected that it will be difficult to find a sweet-spot of rebalance that provides adequate
reassurance to U.S. allies, but not so dramatic to make Chinese leadership weary of
“cooperation with Washington” (Saunders). Furthermore, the strategy as a whole provides
Creamer �12
“more attention” to other Asian regions other than China, such as those in “Southeast Asia
[and] the Indian Ocean” (Saunders). The forth important point to understand is that China is
weary of this strategic move by the U.S., but at the same time are also moving forward with
“efforts to stabilize Sino-U.S. relations” (Saunders). The final takeaway from Saunders’ article is
that in order to minimize conflict within this strategy, more cooperation is required between
both governments on both areas of similar interests as well as conflicting viewpoints
(Saunders).
While these scholars focus on a variety of U.S.-Sino relations topics, there are many
important lessons to extract from their work. Lessons from Goldstein’s work boil down to
misunderstanding viewpoints of each party and lacking perspective during a crisis contribute
to escalating it. Policy makers should take this into consideration when handling cyber-related
crises, and that focusing on the “immediate danger of instability” is most important. Tai’s
contribution to the cyber-security dilemma is mainly that due to the actions of both Beijing and
Washington regarding cyber-espionage and cyber-attacks, each capital is more hawkish
toward each other, which undermines the trust and ability to communicate required for open
dialogue. The most important take aways from Saunders’ work is that the U.S. needs to
recognize that China is weary of the U.S. strategic pivot back into Asia, and that in order to
minimize conflict, more cooperation is required on similar and opposing interests. With the
strategic pivot, it would be expected to assume that China will want to acquire as much
information about U.S. strategy as possible, and cyber-attacks will be one method in doing so.
That makes cooperation between the two governments more important than ever to minimize
the damage caused by cyber-attacks. Taking lessons away from traditional U.S.-Sino relations
is imperative to understand this new dilemma. By understanding previous crises, instability and
political relationships, policy makers can make better decisions in order to stabilize
relationships. Perhaps even more important though, is taking lessons away from our current
body of knowledge on cyber-security, which is examined in the following section.
Creamer �13
Section C: Cyber-Security
Author Myruam Dunn Cavelty discusses the ‘cyber-security dilemma’ that we face in
the 21st century, how our actions have made “the real world less… secure” and suggests ways
in which to resolve this dilemma (Cavelty 702). Cavelty points out that our current stance
toward cyber-security is focused on on the threat of those responsible for initiating attacks
(hackers), as opposed to those responsible for the data (system admins) (Cavelty 703).
Furthermore, Cavelty notes that we don’t look at the threat impacting human security (the
individual), but rather “information technologies, economic performance and ‘critical’ functions
of infrastructures” (Cavelty 704). Cavelty argues that the influential players of cyber-security
today have no interest in actually keeping individuals secure because of big data marketing
and advertisements, as well as intelligence gathering (Cavelty 704-705). Furthermore, it is also
mentioned that the increasing role in the private sector of protecting critical infrastructure has
made it so that the focus on protecting the infrastructure for the sake of human security has
faded, and ensuring “business continuity”, protecting the private organization has become the
goal (Cavelty 706).
Cavelty raises an important notion that has received little attention previously in cyber-
security discussions; that the “myths of a stable political world order [are] based on state
power” feed into this view that governments and the military should be establishing borders in
cyber-space, and that state-control of that space is a national security issue (Cavelty 708). This
idea in itself “directly fuel[s] the cyber-security dilemma as we have seen” (Cavelty 708).
Cavelty also argues that we should be addressing the vulnerabilities within cyber-space in
order to make our national security more secure, but given the current incentive structure by
influential actors, it seems unlikely (Cavelty 711). By closing these vulnerabilities, and focusing
on ensuring privacy rights are protected by using encryption more on the individual level, we
can actually create a safer and more resilient cyberspace (Cavelty 711-712).
Jyh-An Lee discusses the importance of the current relationship between the U.S. and
China and the roles that U.S. President Obama and Chinese President Xi play in that, the threat
Creamer �14
that China poses to the U.S. regarding cyber-attacks, and possible legal remedies to these
international incidents (Lee 951-959). It has been compared to by many that the meeting
between “Barack Obama and… Xi Jinping… in June 2013” was the most important meeting
between the two nations leaders since Nixon and Mao (Lee 951). Obama has pressed Xi on the
wave of recent attacks on American companies, to which has been referred to by many as
“cyber espionage” (Lee 956). Historically, one the differences that sets China’s alleged actions
away from other espionage is that it is focused on both the public and private sectors, as
opposed to just the public sector (Lee 956). China’s stance is that they too are victims of cyber-
attacks and that they “and the United States both…[face] with similar challenges” Lee 958).
Lee discusses three legal approaches to help eliminate or reduce the number of attacks
between the two nations (Lee 960). These include using China to develop international norms
in regards to cyber-security, creating bilateral agreements between the two states on cyber-
security, and creating the most effective multilateral agreements with support of the “United
States, Russia, China, and the European Union” (Lee 960-963).
Nir Kshetri wrote about the landscape of cyber-crimes originating from China. Kshetri
focuses on the “typology of cybercrimes in China”, domestic and “international dimensions of
cybercrime” in China, and implications for these findings (Kshetri 43-63). Through Kshetri’s
research, he determined that while attacks “originating from China arguably have caused
substantial economic damage to the Western economies”, cyber-crimes within the country
itself have created a slew domestic issues as well (Kshetri 63). Professional hacking
organizations have begun emerging within the country, which has provided a false sense of
“legitimacy to such attacks”, and a sense of patriotism has begun to arise from these attacks
too (Kshetri 63). However, given the current strained political relationship between the U.S. and
China (due to the NSA leaks and the Chinese People’s Liberation Army indictments) extraditing
citizens to the U.S. is “next to impossible” (Kshetri 63). The increasing number of cyber-attacks
supposedly initiating from China are having a dramatic hand in “shaping [U.S.] institutions” and
risk assessment (Kshetri 63). As a result, more “collaborations co-operations and partnerships”
Creamer �15
are being formed to “enhance cyber-security measures” globally (Kshetri 63). One key take
away Kshetri mentions is that the domestic views within China are “more supportive and less
hostile to cybercrimes” when compared to Western countries (Kshetri 64).
Author Jon Lindsay discusses four areas of debate regarding China and cybersecurity
(Lindsay 9). These areas of debate include “political, espionage, military, and institutional cyber
threats” (Lindsay 9). Lindsay concludes that in each of these areas of debate, the “threat from
China is exaggerated” while on the other hand, the “threat to China is underappreciated”
(Lindsay 44). As a result of placing “political information control” as a higher priority above
“technical cyber defense”, China has actually weakened its ability to protect itself from “foreign
infiltration” (Lindsay 44). Lindsay argues that China actually stands to benefit from “institutional
reform” and “multistakeholder governance” (Lindsay 44). Ultimately, Lindsay believes that the
small cyber-disputes are the “price of doing business” on the internet, and that both nations
are better off now then they ever would be without it (Lindsay 45). Lindsay’s main concern’s
however stem from misperceptions above the others intentions (Lindsay 46). In order to
minimize the impact of this friction, Lindsay recommends that the U.S. and China “discuss the
interaction of cybersecurity and traditional military force in depth and take steps to limit
misunderstandings about the other’s intentions” (Lindsay 47). Lindsay believes that “the
emergence of complex cyber threats” could potentially lead to a “positive development… in
global security” (Lindsay 47).
The lessons from these scholars are directly applicable to the cyber-security dilemma.
Cavelty’s important take aways as they related the U.S. and China are that we should be
focusing on closing the vulnerabilities in cyber-space and privacy rights for individuals to make
our nations more secure. Establishing cyber-space borders should not be part of the plan to do
it. By focusing on the aspects of cyber-security that can be controled, as opposed to focusing
on those responsible, we can more effectively protect our human security, businesses, and
critical infrastructure. Lee’s main take away is that the U.S. should continue to develop
international norms with China and create bi-/multilateral agreements to hold each other
Creamer �16
responsible for our actions, which will limit our ability and reason for a cyber-arms race.
According to Kshetri’s research, the U.S. should seek out more collaborative partnerships with
China to build up cyber-security measures. Kshetri importantly notes that each countries
domestic views are different regarding cyber-crime, and must be taken into consideration. Jon
Lindsay reiterates previous security dilemma scholars and holds that one major issue
contributing to cyber-security problems is that we often misinterpret each others intentions.
This holds true for this new cyber-arms race. All the above are lessons we should be taking
into consideration when we discuss cyber-security between the U.S. and China.
Part IV: Research Design
Given this current body of knowledge, I argue that the United States and China will
continue to have this ‘cold-war-esque’ standoff, the cyber-security dilemma, as long as the two
nations continue to probe, intrude and disrupt each others computer networks and systems,
even if the outcomes of these events do not have a direct and immediate impact to the national
security of either country. In order to examine this relationship, a qualitative case study case
been conducted below in which nine dyadic incidents between the U.S. and China are the case
subjects. These nine incidents will examined by utilizing the criteria outlined by Valeriano and
Maness in their codebook for for the Dyadic Cyber Incident and Dispute Data, Version 1.5
(Valeriano and Maness “Dynamics of Cyber Conflict"). These criteria include the method of
interaction/incident, type of interaction, type of target, objective for initiator, specific political
objective and it’s success, government issued statements, severity, and damage type. These
criteria are selected for analysis overall because they can contribute to the overall perception of
fallout due to a cyber-attack.
These nine examples include the (1) Wen Jiabao retaliation, (2) Anthem breach, (3)
Github.com attack, (4) Primera Blue Cross breach, (5) New Zealand Chinese MFA hack, (6)
PennState hack, (7) Register.com attack, (8) Ocean Lotus, and (9) the U.S. Office of Personnel
Management hack. These nine cases were specifically selected from the dataset because they
Creamer �17
are all attacks on or by U.S. or Chinese state assets. This qualitative analysis is organized into
sections according to each cyber-incident. Within each section contains a breakdown of
criteria mentioned above, and includes an a brief analysis of the various hypothesis listed
below based on the reaction of the target nation. Following these findings will include
summarization of what they mean for the U.S. and Chinese policy makers, predictions based
on current data, and determination on whether or not the buildup of cyber-armies is a justified
reaction.
In accordance with the existing literature, and this papers main argument, two
hypotheses are listed below:
1. Due to security dilemma dynamics, cyber-attacks will lead to government foreign
policy responses of escalation.
2. Due to security dilemma dynamics, cyber-attacks resulting in any type of damage will
lead to government foreign policy responses of escalation.
These two hypotheses were created based on the existing literature, previous theories and the
current media attention and associated response regarding cyber-attacks. There was not
enough data to conduct a larger qualitative analysis. However, the analysis of these
hypotheses are still insightful for policy makers none-the-less.
Part V: Qualitative Analysis and Dataset
Based on the qualitative analysis, the resulting data produced (see Table 1.1) and follow
up research, there have been limited responses from the governments of China and the United
States post-cyber-attack. Out of the nine case studies, eight of them do not show significant
signs of escalation as a result of a cyber-attack. One of them shows some signs of escalation,
but not enough to contribute to the security dilemma. In both the Wen Jiabao Retaliation
incident and the Github.com attack, the interaction type was classified as a
‘nuisance’ (Creamer, Maness and Valeriano). In the other seven incidents the interaction type
were classified as ‘offensive strikes’ (Creamer, Maness and Valeriano). The method of attack
Creamer �18
stayed consistent among seven of the incidents, classified as ‘intrusion’ (Creamer, Maness and
Valeriano). The other two incidents, Github.com and Ocean Lotus, were classified as ‘denial of
service’ and ‘infiltration’ respectfully (Creamer, Maness and Valeriano). Out of the nine
incidents, only the Ocean Lotus incident used an ‘advanced persistent threat’ process
(Creamer, Maness and Valeriano). Five of the nine cyber-incidents occurred on target types
classified as ‘private/non-state actors’, opposed to the four against ‘government non-military’
targets (Creamer, Maness and Valeriano).
Seven out of nine attacks were launched by the China, leaving U.S. responsible for
launching two of them (Creamer, Maness and Valeriano). In two of the attacks the initiators’
objective was ‘disruption’ and the other seven attacks the initiators’ objective was ‘theft/
espionage’ (Creamer, Maness and Valeriano). Only four of the attacks had a clear political
objective (Creamer, Maness and Valeriano). This included the retaliation for the Wen Jiabao
NYTimes article, limiting the ability to circumvent the Great Firewall in China to limit free
speech, curbing China’s expansion into territorial waters, and several plausible explanations for
the OPM hack (Creamer, Maness and Valeriano). The only attack that had political objective
success was the Github.com attack, but it was only temporary (Creamer, Maness and
Valeriano). In the majority of attacks, the initiating state issued a statement of denial five of the
nine times (Creamer, Maness and Valeriano).
The severity of the nine attacks varies widely. In the Register.com attack, the incident
only amounted to the low end of the scale with ‘probing without kinetic cyber’ (Creamer,
Maness and Valeriano). Two of the attacks were rated ‘harassment, propaganda, nuisance
disruption’, with a potential third that bordered on ‘stealing targeted critical
information’ (Creamer, Maness and Valeriano). Four others were classified as ‘stealing targeted
critical information’ (Creamer, Maness and Valeriano). The most severe incident was the OPM
breach which was classified as ‘widespread government, economic, military or critical private
sector theft of information’ (Creamer, Maness and Valeriano). In the same two incidents
whether the objective was ‘disruption’, the damage type was ‘direct and immediate’ (Creamer,
Creamer �19
Maness and Valeriano). The other seven incidents all have damage types classified as ‘indirect
and delayed’ (Creamer, Maness and Valeriano).
Table 1.1
In four of the nine cases, there appeared to be no meaningful response by the attacked
state, and no evidence of escalation. This was the case regarding the Wen Jiabao incident as
there does not seem to be an official U.S. government response published regarding the attack
against the New York Times. In the New Zealand Chinese MFA Hack, there was no support for
either hypotheses, as the only response on record was that of the Chinese Foreign Ministry
stating that they were “seriously concerned” with the information revealed. However, there is
no direct link between this incident and a direct escalation. The PennState hack did not
provoke any major response by the United States, the President, Congress, or any other
government agency that would support the claims regarding escalation. Lastly, the
Register.com hack would also show no response by United States officials that would support
the claim of either hypothesis.
Creamer �20
In another four of the cases, there was a meaningful response by the victim state.
However, these responses would not turn into escalation. The LA Times reported that Anthem
officials were to meet with the Congressional committee involving cybersecurity to discuss the
breach and the steps moving forward (Terhune). Both federal and state inquiries have been
launched regarding this attack (Terhune). Additionally, the White House has pressured
Congress to take action to protect consumers with new legislation (Dorning). These federal and
state actions do not provide evidence to support for these hypotheses, as there has been no
public documentation of escalation. U.S. President Barak Obama issued an executive order
"blocking the property of certain persons engaging in significant malicious cyber-enabled
activities” in response to the Github.com DDoS attack (Obama: Fernholz). Given the attack’s
severity and damage type, this response by the U.S. favors the two hypotheses ever so slightly.
This could appear to be a slight escalation as the blocking of properties could be seen as an
aggressive move.
After the Premera Blue Cross breach, both Democratic and Republican representatives,
including the chairman of the Committee on Homeland Security, issued statements that United
States needs to crack down on these incidents and form new legislation to address them
(Bennett: McCaul). These statements do not show support for the aforementioned hypotheses
as there is no direct escalation against China in this case. After the Ocean Lotus incident, the
Chinese Foreign Ministry stated that this attack “proves once again that China is the victim of
hacker attacks” (Foreign). Additionally, Chinese government stated that “it is ready to work with
the international community to step up cyber security cooperation based on mutual respect
and mutual trust, lay down a code of conduct for countries in the cyber space, fight against
cyber attacks and build a cyber space featuring peace, security, openness and
cooperation” (Foreign). This response alone is not enough to provide sufficient evidence of any
direct actions of escalation.
In only one of the nine cases, did any evidence show an escalation response. After the
Office of Personnel Management hack, the Obama administration stated that they have
Creamer �21
decided that retaliation is required against China for the breach (Sanger). It is still unclear as to
what type of response will be made or when a response will come (Sanger). Until this
statement, the U.S. had decided against publicly or officially blaming China for the attack, for
fear of increased tensions and cyber-conflict (Nakashima, Ellen). Furthermore, reports indicate
that the U.S. Central Intelligence Agency has considered pulling its assets out of China for the
attack has almost certainly compromised their identities (Stone). President Obama also ordered
the development of a new supercomputer to dwarf that of the world’s fastest supercomputer,
the Milky Way-2 in Guangzhou, China (Neuman). These actions taken together appear to be in
direct response to the OPM hack, and given the attack’s severity and damage type, these
responses can be considered to escalations. However, it does not mean that the U.S. will hack
the Chinese government with a more severe incident. It only means that actions will be taking
moving forward. As such, they do not directly escalate the security dilemma as the hypotheses
suggest.
Part VI: Implications for Policy Makers
With the political fallout of the Office of Personnel Management still unfolding, and the
certainty of more cyber-attacks to follow, it is imperative to extract information from these case
studies and get to the heart of the issue; based on the impact of these cyber-attacks, is the
response in accordance with the security dilemma? According to this research, there is no
security dilemma unfolding. There is very limited responses on behalf of both countries post-
cyber-attack. It does not appear that escalation is occurring the same way that the security
dilemma would predict that we do. The rhetoric being used to discuss the cyber-attacks in the
media is not justified, and is exacerbating the hawkish foreign policy experts. Based on the
existing scholarly literature and the qualitative research for this paper, the most important
implications for policy makers are as follows:
1. The cyber-security dilemma does not exist, but the media makes it appear as such. Policy
makers must acknowledge this. We cannot over-react to incidents where there is not a
Creamer �22
immediate danger to our national security. Just because sensitive information or systems
are compromised does not mean that escalation is an appropriate response.
2. The inherent insecurity of the Internet makes it difficult to defend and deter, and easy to
attack without retribution. This is the largest flaw contributing to the arms-race. We should
focus on closing the vulnerabilities in cyber-space that we can control, instead of focusing
on establishing cyber-space borders. Additionally, we should focus on privacy rights for
individuals and making human security a priority. Doing so will help protect businesses and
critical infrastructure.
3. When cyber-security dilemma issues arise, policy makers must make decisions using
“security dilemma sensibility” and take perspective on their own actions before following
through. Focus on the immediate dangers of the cyber-crisis at hand. Doing so will
deescalate the situation, allow for further communication and discussion, and will prevent
aggressive moves that will cause escalation.
4. Acknowledge that our spending increases will correlate with their spending increases, and
this cycle will continue. If policy makers continue to push for a larger budget for cyber-
armies, other actors will too. We must stop presuming the motives of others, which is
common regarding spending. Instead, we must engage in open and calm dialog to
discuss interests and concerns. This will allow states to openly air out their concerns and
proceed in meaningful diplomatic relations.
5. Cooperation is the key to success. Engaging in bi- and multi-lateral agreements helps
create international norms for countries to abide by. These can be used to hold countries
accountable, but also ensure that everyone gets a fair chance at input. If the cyber-security
dilemma and cyber-arms race are not treated with cooperation and perspective taking, it
will continue to grow and become a larger problem.
Creamer �23
Part VII: Conclusions
According to this qualitative research, we can conclude that there is not sufficient
evidence to support the claim that the cyber-security dilemma exists. However, we cannot
confidently state that this is the only theory explaining the cyber-arms race given the limited
number of cases in the study. Eight of the nine case studies showed no support for the
hypotheses, and one showed little support. Only one case involved an Advanced Persistent
Threat, and only four had possible specific political objectives. Out of those four cases, only
one had limited, temporary success. Of all nine cases, the highest level of severity reached was
‘widespread government, economic, military or critical private sector theft of information’.
Based on the impact of these cyber-attacks alone, the lack of an escalation response on behalf
of both countries is warranted. The hawkish foreign policy experts and the media appear to
have more of an over-reaction. Recommendations to policy makers have been made based
solely on existing literature and the outcomes of these nine case studies. These findings are
not conclusive and should be taken into consideration with caution. The case studies that
these conclusions are based off lack sufficient data to draw significance from them. However,
this case study lays the foundation for future scholars to create comparative case studies on
these cyber-attacks. This research was constrained by time restrictions and the availability of
data, which significantly hindered the proper data collection process. If this research were to
be conducted over a multi-year period, it would have more resources allocated into identifying
the missing pieces of data required to make significant claims. Should more evidence suggest
that the implications for decision makers listed are appropriate, they should be incorporated
into the U.S. and Chinese national security strategies. This paper intends to urge scholars to
continue research based on this analysis; with these cyber-attacks occurring more frequently
and more drastically, this topic will surely be salient for decades to come. It is in the best
interest of the international community to continue on with this work.
Creamer �24
Appendix A: Excerpt from Dyadic Cyber Incident and Dispute Data, Version 1.5
Creamer �25
Creamer �26
Creamer �27
Creamer �28
Works Cited
Akamai's "State of the Internet", Q4 2014. Rep. Akamai Technologies, 29 Jan. 2015. Web. 21
June 2015. <http://www.akamai.com/html/about/press/releases/2015/
press-012915.html>.
"APT OceanLotus (APT-C-00)." Skyeye.360safe.com. SkyEye, May 2015. Web. 03 Aug. 2015.
<https://skyeye.360safe.com/>.
Bennett, Corey. "Senate Dem 'seriously Concerned' by Premera Breach." TheHill.com. Capital
Hill Publishing Corp., 31 Mar. 2015. Web. 03 Aug. 2015. <http://thehill.com/policy/
cybersecurity/237495-senate-dem-still-seriously-concerned-by-premera-breach>.
Buddington, Bill. "China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack."
EFF.org. Electronic Frontier Foundation, 01 Apr. 2015. Web. 03 Aug. 2015. <https://
www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-
browsers-in-github-attack>.
Cavelty, Myriam Dunn. "Breaking the Cyber-Security Dilemma: Aligning Security Needs and
Removing Vulnerabilities." Sci Eng Ethics Science and Engineering Ethics 20.3 (2014):
701-15. SpringerLink. Web. 11 June 2015.
Creamer, James, III, Ryan Maness, and Brandon Valeriano. Dyadic Cyber Incident and Dispute
Data. 6 Aug. 2015. Raw data. Northeastern University, Boston, MA.
Chon, Gina, Hannah Kuchler, and Kara Scannell. "FBI Probes Possible China Military
Involvement in Cyber Attack - FT.com." FT.com. The Financial Times LTD., 18 Mar.
2015. Web. 03 Aug. 2015. <http://www.ft.com/cms/s/0/ab5d5736-cd24-11e4-
b5a5-00144feab7de.html>.
Correa, Danielle. "US Agencies Join Brits in Cyberwar Games." SCMagazineUK.com.
Haymarket Media, Inc., 06 July 2015. Web. 09 July 2015. <http://
www.scmagazineuk.com/us-agencies-join-brits-in-cyber-war-games/article/424710>.
Daniel, Michael. "What You Need to Know About President Obama's New Steps on
Cybersecurity." Whitehouse.gov. The White House, 14 Jan. 2015. Web. 21 June 2015.
Creamer �29
<https://www.whitehouse.gov/blog/2015/01/14/what-you-need-know-about-
president-obama-s-new-steps-cybersecurity>.
Dorning, Mike. "White House Urges Fast Action on Data Breaches After Anthem Hack."
Bloomberg.com. Bloomberg, 5 Feb. 2015. Web. 03 Aug. 2015. <http://
www.bloomberg.com/news/articles/2015-02-05/white-house-urges-fast-action-on-
data-breaches-after-anthem-hack>.
Douglas, Jason. "In the Eyes of Others: Ballistic Missile Defense and the Sino—US Security
Dilemma." Irish Studies in International Affairs 23.1 (2012): 125-41. Web. <https://
www.academia.edu/2309172/
In_The_Eyes_of_Others_Ballistic_Missile_Defence_and_the_Sino-
US_Security_Dilemma>.
Elcano Global Presence Report 2015. Rep. Real Instituto Elcano, 2015. Web. 21 June 2015.
<http://www.globalpresence.realinstitutoelcano.org/en/data/
Global_Presence_2015.pdf>.
Fernholz, Tim. "A Fed-up Obama Has Declared a “national Emergency” for Cyberattacks in the
US." Qz.com. Quartz, 1 Apr. 2015. Web. 03 Aug. 2015. <http://qz.com/374452/a-fed-
up-obama-has-declared-a-state-of-emergency-for-cyberattacks-in-the-us/>.
Finkle, Jim. "Premera Blue Cross Hacked, Medical Information Of 11 Million Customers
Exposed." TheHuffingtonPost.com. The Huffington Post, 17 Mar. 2015. Web. 03 Aug.
2015. <http://www.huffingtonpost.com/2015/03/17/premera-blue-cross-
cybera_n_6890194.html>.
Fisher, David. "Leaked Papers Reveal NZ Plan to Spy on China for US - National - NZ Herald
News." Nzherald.com. The New Zealand Herald, 19 Apr. 2015. Web. 03 Aug. 2015.
<http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11434886>.Gertz,
Bill. "China Sharply Boosts Cyber Warfare Funding." Freebeacon.com. The
Washington Free Beacon, 1 Apr. 2015. Web. 09 July 2015. <http://freebeacon.com/
national-security/china-sharply-boosts-cyber-warfare-funding/>.
Creamer �30
"Foreign Ministry Spokesperson Hua Chunying's Regular Press Conference." Fmprc.gov.cn.
Ministry of Foreign Affairs of the People's Republic of China, 2 June 2015. Web. 03
Aug. 2015. <http://www.fmprc.gov.cn/mfa_eng/xwfw_665399/s2510_665401/
t1269493.shtml>.
Gewirtz, David. "Why the next World War Will Be a Cyberwar First, and a Shooting War
Second." ZDNet.com. CBS Interactive Inc., 22 June 2015. Web. 09 July 2015. <http://
www.zdnet.com/article/the-next-world-war-will-be-a-cyberwar-first-and-a-shooting-
war-a-distant-second/>.
Glaser, Charles. "Will China's Rise Lead to War? Why Realism Does Not Mean Pessimism."
Foreign Affairs March-April 2011: 80. Academic OneFile. Web. 11 June 2015. <http://
go.galegroup.com.ezproxy.neu.edu/ps/i.do?id=GALE|
A254244918&v=2.1&u=mlin_b_northest&it=r&p=AONE&sw=w&asid=5112aaf81f4045
2be72a7474a46e70c5>.
Goldstein, Avery. "First Things First: The Pressing Danger of Crisis Instability in U.S.-China
Relations." International Security 37.4 (2013): 49-89. MIT Press Journals. Web. 11
June 2015.
Jervis, Robert. “Cooperation Under the Security Dilemma,” World Politics, Vol. 30, No. 2
(January 1978), p. 194
Kshetri, Nir. "Cybercrime and Cyber-security Issues Associated with China: Some Economic
and Institutional Considerations." Electronic Commerce Research 13.1 (2013): 41-69.
SpringerLink. Web. 11 June 2015.
Lee, Jason. "Chinese Military Denies Role in Reported U.S. Hacking." Reuters.com. Thomson
Reuters, 20 Mar. 2015. Web. 03 Aug. 2015. <http://www.reuters.com/article/
2015/03/20/us-china-usa-cybersecurity-idUSKBN0MG0TT20150320>.
Lee, Jyh-An. "The Red Storm In Uncharted Waters: China and International Cyber Security."
University of Missouri-Kansas City Law Review 82.4 (2014): n. pag. Social Science
Research Network. Web. 11 June 2015.
Creamer �31
Lemos, Robert. "Anthem Breach Evidence Points to China, Security Researchers Say."
Eweek.com. Quinstreet Enterprise, 28 Feb. 2015. Web. 03 Aug. 2015. <http://
www.eweek.com/security/anthem-breach-evidence-points-to-china-security-
researchers-say.html>.
Levine, Mike. "China Is 'Leading Suspect' in Massive Hack of US Government Networks."
ABC.com. ABC News Network, 25 June 2015. Web. 03 Aug. 2015. <http://
abcnews.go.com/US/china-leading-suspect-massive-hack-us-government-networks/
story?id=32036222>.
Levine, Mike, and Jack Date. "22 Million Affected by OPM Hack, Officials Say." ABC.com. ABC
News Network, 9 July 2015. Web. 03 Aug. 2015. <http://abcnews.go.com/US/
exclusive-25-million-affected-opm-hack-sources/story?id=32332731>.
Li, Ling, Ruixing Huang, and Dewei Wang. "Military Expenditure and Security Dilemma in
China." Industrial Engineering and Manufacturing Technology: Proceedings of the
2014 International Conference on Industrial Engineering and Manufacturing
Technology. 1st ed. Vol. 4. London, UK: CRC, 2015. 153-56. Print.
Liff, Adam P., and G. John Ikenberry. "Racing toward Tragedy?: China's Rise, Military
Competition in the Asia Pacific, and the Security Dilemma." International Security 39.2
(2014): 52-91. MIT Press Journals. Web. 11 June 2015.
Lindsay, Jon R. "The Impact of China on Cybersecurity: Fiction and Friction." International
Security 39.3 (2015): 7-47. Project Muse Standard Collection. Web. 11 June 2015.
Mathews, Anna. "Anthem: Hacked Database Included 78.8 Million People." <i>WSJ.com</i>.
Wall Street Journal, 24 Feb. 2015. Web. 03 Aug. 2015. <http://www.wsj.com/articles/
anthem-hacked-database-included-78-8-million-people-1424807364>.
Mathews, Anna, and Danny Yadron. "Premera Blue Cross Says Cyberattack Could Affect 11
Million Members." WSJ.com. Wall Street Journal, 17 Mar. 2015. Web. 03 Aug. 2015.
<http://www.wsj.com/articles/premera-blue-cross-says-cyberattack-could-affect-11-
million-members-1426627752>.
Creamer �32
McCaul, Michael. "McCaul Statement on Premera Blue Cross Cyber Attack."
Homeland.house.gov. Committee on Homeland Security, 18 Mar. 2015. Web. 03 Aug.
2015. <http://homeland.house.gov/press-release/mccaul-statement-premera-blue-
cross-cyber-attack>.
Nakashima, Ellen. "Hacks of OPM Databases Compromised 22.1 Million People, Federal
Authorities Say." WashingtonPost.com. The Washington Post, 9 July 2015. Web. 03
Aug. 2015. <http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/09/
hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-
say/>.
Nakashima, Ellen. "U.S. Decides against Publicly Blaming China for Data Hack."
WashingtonPost.com. The Washington Post, 21 July 2015. Web. 03 Aug. 2015.
<https://www.washingtonpost.com/world/national-security/us-avoids-blaming-china-
in-data-theft-seen-as-fair-game-in-espionage/
2015/07/21/03779096-2eee-11e5-8353-1215475949f4_story.html>.
Neuman, Scott. "Obama Orders Development Of Supercomputer To Rival China's 'Milky Way'"
NPR.com. National Public Radio, 30 July 2015. Web. 03 Aug. 2015. <http://
www.npr.org/sections/thetwo-way/2015/07/30/427727355/obama-orders-
development-of-supercomputer-to-rival-chinas-milky-way?
utm_source=facebook.com&utm_medium=social&utm_campaign=npr&utm_term=npr
news&utm_content=20150730>.
Obama, Barak. "Executive Order -- "Blocking the Property of Certain Persons Engaging in
Significant Malicious Cyber-Enabled Activities"" Whitehouse.gov. The White House,
01 Apr. 2015. Web. 03 Aug. 2015. <https://www.whitehouse.gov/the-press-office/
2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-
m>.
Creamer �33
Pagliery, Jose. "OPM Hack's Unprecedented Haul: 1.1 Million Fingerprints." CNN.com. Cable
News Network, 10 July 2015. Web. 03 Aug. 2015. <http://money.cnn.com/
2015/07/10/technology/opm-hack-fingerprints/>.
Penn, Megan. "NATO and the Cybersecurity Dilemma." FreedomObservatory.org. Freedom
Observatory, 27 Oct. 2014. Web. 09 July 2015. <http://www.freedomobservatory.org/
nato-and-the-cybersecurity-dilemma/>.
"Premera Blue Cross Breach Exposes Financial, Medical Records." Krebsonsecurity.com.
Krebs on Security, 17 Mar. 2015. Web. 03 Aug. 2015. <http://krebsonsecurity.com/
2015/03/premera-blue-cross-breach-exposes-financial-medical-records/>.
Ragan, Steve. "Anthem Confirms Data Breach, but Full Extent Remains Unknown."
<i>CSOOnline.com</i>. CXO Media, Inc., 4 Feb. 2015. Web. 03 Aug. 2015. <http://
www.csoonline.com/article/2880352/disaster-recovery/anthem-confirms-data-
breach-but-full-extent-remains-unknown.html>.
Sanders, James. "Chinese Government Linked to Largest DDoS Attack in GitHub History."
TechRepublic.com. CBS Interactive Inc., 03 Apr. 2015. Web. 03 Aug. 2015. <http://
www.techrepublic.com/article/chinese-government-linked-to-largest-ddos-attack-in-
github-history/>.
Sanger, David E. "U.S. Decides to Retaliate Against China’s Hacking." NYTimes.com. The New
York Times, 31 July 2015. Web. 03 Aug. 2015. <http://www.nytimes.com/2015/08/01/
world/asia/us-decides-to-retaliate-against-chinas-hacking.html>.
Saunders, Phillip C. "The Rebalance to Asia: U.S.-China Relations and Regional Security."
Strategic Forum (2013): n. pag. Questa.com. Gale, Cengage Learning, Aug. 2013.
Web. 23 June 2015. <https://www.questia.com/read/1G1-354248510/the-rebalance-
to-asia-u-s-china-relations-and-regional>.
Scobell, Andrew. "Learning to Rise Peacefully? China and the Security Dilemma." Journal of
Contemporary China 21.76 (2012): 713-21. Scholar OneSearch. Web. 11 June 2015.
Creamer �34
Segal, Adam. "OceanLotus: China Hits Back With Its Own Cybersecurity Report." CFR.org.
Council on Foreign Relations, 03 June 2015. Web. 03 Aug. 2015. <http://blogs.cfr.org/
cyber/2015/06/03/oceanlotus-china-fights-back-with-its-own-cybersecurity-report/>.
Shalal, Andrea, and Alina Selyukh. "Obama Seeks $14 Billion to Boost U..S Cybersecurity
Defenses." Reuters.com. Thomas Reuters, 2 Feb. 2015. Web. 9 July 2015. <http%3A
%2F%2Fwww.reuters.com%2Farticle%2F2015%2F02%2F02%2Fus-usa-budget-
cybersecurity-idUSKBN0L61WQ20150202>.
Snyder, Christopher. "Iran and Saudi Arabia Edge towards Cyber War, Study Says."
FoxNews.com. Fox News Network, LLC., 29 June 2015. Web. 09 July 2015. <http://
www.foxnews.com/tech/2015/06/29/iran-and-saudi-arabia-edge-towards-cyber-war-
study-says/>.
Sternstein, Aliya, and Jack Moore. "Timeline: What We Know About the OPM Breach
(UPDATED)." Nextgov.com. National Journal Group, Inc., 17 June 2015. Web. 03 Aug.
2015. <http://www.nextgov.com/cybersecurity/2015/06/timeline-what-we-know-
about-opm-breach/115603/>.
Stone, Jeff. "CIA Mulls Pulling US Spies Out Of China After Massive OPM Hack Likely
Compromised American Identities: Report." IBTimes.com. International Business
Times, 26 July 2015. Web. 03 Aug. 2015. <http://www.ibtimes.com/cia-mulls-pulling-
us-spies-out-china-after-massive-opm-hack-likely-compromised-2024894>.
Tai, Michael. "International Security." US-China Relations in the Twenty-first Century: A
Question of Trust. Abingdon, OX: Routledge, 2015. 137-44. Print.
Terhune, Chad. "Federal, State Officials Launch Inquiries into Anthem Data Breach."
Latimes.com. Los Angeles Times, 6 Feb. 2015. Web. 03 Aug. 2015. <http://
www.latimes.com/business/la-fi-anthem-hack-20150206-story.html>.
Valeriano, Brandon, and Ryan C. Maness. Cyber War versus Cyber Realities: Cyber Conflict in
the International System. New York: Oxford U, 2015. Print.
Creamer �35
Valeriano, Brandon, and Ryan C. Maness. "The Dynamics of Cyber Conflict between Rival
Antagonists, 2001-11." Journal of Peace Research 51.3 (2014): 347-60. Web. 13 Aug.
2015.
Viebeck, Elise. "Penn State Discloses Major Cyberattack by China." TheHill.com. Capital Hill
Publishing Corp., 15 May 2015. Web. 03 Aug. 2015. <http://thehill.com/policy/
cybersecurity/242230-penn-state-discloses-major-cyberattack-by-china>.
Vinton, Kate. "Penn State College Of Engineering Network Disabled Following Two "Incredibly
Serious" Cyber Attacks." Forbes.com. Forbes Magazine, 15 May 2015. Web. 03 Aug.
2015. <http://www.forbes.com/sites/katevinton/2015/05/15/penn-state-college-of-
engineering-network-disabled-following-two-incredibly-serious-cyber-attacks/>.
Wheeler, Carolynne. "New York Times Cyber Attacked by Chinese Hackers for Four Months
after Wen Jiabao Investigation." Telegraph.com. Telegraph Media Group, 31 Jan.
2013. Web. 03 Aug. 2015. <http://www.telegraph.co.uk/news/9840125/New-York-
Times-cyber-attacked-by-Chinese-hackers-for-four-months-after-Wen-Jiabao-
investigation.html>.
