Cyber Clash with China (NSC)

Educator Overview

Case Overview

Fictional, set in the present day. Cyberspace is a new domain of conflict that has few accepted standards of behavior. Basic questions about it—including how countries should respond to cyberattacks—are still unresolved. In recent years, China has exerted authority over areas of the South China Sea also claimed by other Asian countries, leading to tension with the United States. Last week, following several near misses in the South China Sea between U.S. and Chinese military vessels and aircraft, as well as the theft of documents from U.S. military networks, the U.S. Air Force conducted a flight near a shoal claimed by China. Three days later, the Nasdaq stock market was hacked, which significantly harmed the U.S. economy. U.S. intelligence agencies believe some in the Chinese government knew about the attack, for which a Chinese hacker collective claimed credit. National Security Council members need to advise the president on the merits of a cyber response, economic sanctions, or military measures.

Decision Point

China, Brunei, Malaysia, the Philippines, Taiwan, and Vietnam have competing territorial claims in the South China Sea. In recent years, China has exerted authority over the area by increasing the size of existing islands or creating new ones. China has also constructed ports, military installations, and airstrips. The United States has promoted the right of military vessels to operate in China’s claimed two-hundred-mile exclusive economic zone. Furthermore, the United States has rejected China’s claim to a twelve-mile territorial zone around the artificial islands it has built. Since 2015, the United States has signaled its opposition by flying military aircraft and sending U.S. Navy ships near certain islands.

Last week, the U.S. Air Force conducted a flight near a shoal claimed by China in the South China Sea. Three days later, the Nasdaq Stock Market suffered a hack that damaged computers and forced the suspension of trading for two days. This imposed significant costs on various U.S. companies and dented confidence in the U.S. financial system. An underground hacker collective based in China known as the Zheng He Squadron has claimed responsibility for the hack. The group has known ties to the People’s Liberation Army, China’s military. U.S. intelligence agencies assess with 90 percent certainty that the hack occurred with the knowledge or support of parts of the Chinese government. Beijing claims no knowledge of the attack. The president has convened the National Security Council to discuss how the United States should respond. 

Learning Goals

CFR Education simulations use a variety of pedagogical tools to create an effective, meaningful, and memorable learning experience for students that builds their global literacy. Students will develop crucial skills such as critical thinking, communication, collaboration, and creativity. Students will complete authentic assessments that feel relevant: instead of five-paragraph essays and book reports, students will write policy memos and participate in a role-play of a meeting of a foreign policy–making body. There are no right or wrong answers in actual policy deliberations, and there are none here, either; students will walk away from this experience with an appreciation for the complexity of policy questions.

In this simulation, students will learn about the National Security Council, as well as meeting these learning outcomes specific to this simulation:

  • Students will understand that cyberspace is a new domain of conflict with few accepted standards of behavior and continues to be difficult to find agreement around.
  • Students will consider the extent to which cyberattacks pose a threat to international peace and security.
  • Students will evaluate the costs and benefits associated with options the United States could take in response to a Chinese cyberattack.

Concepts and Issues

Concepts

Issues

  • U.S.-China relations and China’s emergence as a rising power
  • Territorial disputes in the South China Sea
  • Definition of standards for behavior in cyberspace
  • Military, economic, and other activities in cyberspace
  • Information and communications revolution

Policy Options: Educator's Guide

This section presents context, potential benefits and drawbacks, and other information about the policy options outlined in the case that you may find helpful as you guide the role-play and assess students. 

The United States has an interest in ensuring that China does not assert its sovereignty claims over the South China Sea by using force or intimidation. Washington has sought to secure this interest through freedom of navigation operations—sending ships or aircraft into areas that China claims but that the United States considers open to all—as well as increased military exercises with its allies in the region. The United States also has an interest in defining the rules of behavior for cyberspace. It has tried to strengthen deterrence by building up offensive capabilities. It has demonstrated its ability to attribute attacks, indicting foreign hackers, and levying sanctions. It has also promoted norms of behavior through bilateral agreements and multilateral forums. 

The principal policy options available in this case are discussed below. These responses are available individually, in combination, or all together.

Cyber Responses

The United States could pursue a proportionate response. The United States could try to disrupt critical networks within China, such as its banking system, for a limited period. The attacks could also be directed at a target that seems particularly valuable to the Chinese leadership. These attacks could be focused on the censorship technology that constitutes the so-called Great Firewall. The U.S. response should be accompanied by some level of attribution. This means that the United States would need to identify the attackers, and the attack would reveal some of the United States’ technical and intelligence capabilities.

With this option, the United States would essentially be responding in kind. This would keep the U.S.-China dispute in the domain (cyberspace) it is already in rather than extending it. Even if the conflict were to escalate, Washington could claim that it was not the instigator. The United States would likely be capable of mounting a targeted cyberattack that stood a good chance of producing the desired effect.

Nonetheless, a cyber response has costs and risks. A cyberattack could fail if the defender has already patched the vulnerability. Given China’s extensive connection with the global economy, malware used against China could also quickly spread to the rest of the world. This could infect U.S. allies and eventually make its way back to the United States. Although limited to one domain, cyberattacks could also escalate rapidly. If attacks damage Chinese defense networks, Beijing could fear that a conventional strike could soon follow. In this scenario, China could decide to launch conventional strikes on U.S. military assets as quickly as possible. Chinese economic retaliation—such as sanctions or tariffs—against the United States is also possible. In addition, other countries could find U.S. claims of China’s guilt unconvincing. Failing to convince others that the Chinese government was behind the attacks would not only limit support for the U.S. response but also undermine Washington’s efforts to develop international norms for behavior in cyberspace. 

Punitive Sanctions

In April 2015, Obama issued an executive order that laid the groundwork for economic sanctions. Declaring a national emergency to deal with the threat of “significant malicious cyber-enabled activities,” the order enabled the treasury secretary to sanction individuals and entities involved, directly or indirectly, in cyberattacks. Possible sanctions include freezing suspects’ financial assets and barring commercial transactions with them. In the current scenario, the White House could sanction high-level Chinese authorities who it believes ordered the attack and levy economic sanctions on government entities and state-owned enterprises deemed to be connected to the hacks. It could also expel Chinese diplomats from the United States. 

Another response would be to indict the individual hackers involved. Although these individuals are unlikely to ever be handed over to U.S. authorities for trial, their international travel would be limited, and the indictments could deter future Chinese hackers who wish to someday travel abroad. Punitive sanctions would involve identifying the attackers and revealing some U.S. technical and intelligence methods. 

It could take a while for economic sanctions to be imposed. However, it could take even longer for them to cause enough damage to affect the target’s behavior. Chinese firms could also skirt financial restrictions by trading with Russia or others, and China could retaliate against U.S. companies that heavily export to China. The U.S. response could appear weak, undermine deterrence, and embolden other cyberattackers. The United States would need to convince others that the Chinese government was behind the attacks. Otherwise, support for U.S. sanctions would be limited, possibly reducing their effectiveness. 

Military Responses

Washington could increase freedom of navigation operations and the U.S. military presence more broadly in the South China Sea. It could help small countries build maritime law enforcement and security capacity and in particular improve the Philippines’ long-term maritime capabilities. The United States could also expand military exercises with countries in the region.

Such a response is clear and well within the capability of the U.S. military and would also convey the United States’ resolve. Washington could announce that its military initiatives were in response to the Chinese cyberattacks. It could also refrain from doing so. Connecting the response to the attack publicly could be more escalatory. However, it would have the advantage of marking a clear response to the Chinese behavior, ideally leading Beijing to reduce or end this activity. Not making the connection public would be less provocative but could signal to potential attackers that cyberattacks such as the one against Nasdaq fall below the threshold for a forthright response. Regardless of whether the United States announces the connection, military steps could escalate Chinese reclamation behavior in the South China Sea. It could also lead to an incident that escalates into military conflict. Moreover, U.S. support could also embolden the smaller countries to push China harder than they would dare to alone.