Should countries name and shame China for cyberattacks, or work diplomatically behind the scenes?
The decision of whether to "name and shame" China for cyberattacks or work diplomatically behind the scenes is a complex one, with both approaches having potential benefits and drawbacks.
Many countries, including the U.S., its Five Eyes allies (UK, Canada, Australia, New Zealand), and increasingly the EU and Japan, often employ a combination of both, adapting their strategy based on the severity of the attack, the geopolitical context, and their specific objectives.
Arguments for Naming and Shaming (Public Attribution):
Imposing Reputational Costs: China, like any major power, is sensitive to its international image. Publicly calling out its malicious cyber activities, especially when done in a coordinated manner by a coalition of states (as seen with the Microsoft Exchange hack attribution), can impose reputational damage and diplomatic costs.
Deterrence (Long-Term): While direct deterrence of nation-state cyberattacks is difficult, public attribution can contribute to a long-term deterrence strategy. It signals that:
The victim state has the capability to identify the attacker, challenging the notion of anonymity in cyberspace.
There will be consequences, even if not immediate kinetic retaliation.
Such behavior is unacceptable and violates international norms.
Norm-Setting: Public attribution, especially when accompanied by legal condemnations and statements about international law (even if not universally agreed upon), helps build and reinforce norms of responsible state behavior in cyberspace. It draws a line in the sand and clarifies what actions are considered unacceptable.
Rallying Allies and Partners: Coordinated public attribution strengthens alliances and fosters collective security. It encourages intelligence sharing and collaboration on cybersecurity defense among like-minded nations, presenting a united front.
Raising Awareness and Improving Defenses: Public disclosures of nation-state TTPs (Tactics, Techniques, and Procedures) force organizations and governments to update their defenses against specific threats. The Hafnium attribution, for example, spurred widespread patching and improved vigilance.
Domestic Accountability/Public Opinion: In democratic countries, public attribution can inform citizens about threats to national security and critical infrastructure, potentially generating public support for stronger cybersecurity measures or policy responses.
Arguments for Diplomatic, Behind-the-Scenes Engagement:
De-escalation: Public accusations can sometimes lead to an escalatory cycle. Diplomatic channels allow for discreet communication, negotiation, and de-escalation, especially in sensitive situations where a public spat could worsen tensions.
Preserving Channels for Cooperation: Despite competition, there are areas where cooperation with China is necessary (e.g., climate change, pandemic response, nuclear non-proliferation). Public "shaming" could jeopardize these essential diplomatic avenues.
Intelligence Protection: Revealing attribution publicly often requires disclosing intelligence sources and methods, which can compromise future intelligence gathering capabilities. Behind-the-scenes diplomacy allows intelligence to be leveraged without exposure.
Lack of Immediate Impact: China routinely denies all accusations of state-sponsored hacking. Critics argue that "naming and shaming" has little immediate impact on China's behavior, as it simply issues boilerplate denials and continues operations.
Risk of Misattribution/Retaliation: Despite advances, definitive attribution can be challenging. A mistaken public accusation could severely damage diplomatic relations and potentially trigger retaliatory actions against the falsely accused state.
Specific Objectives: Sometimes the goal is to recover stolen data, gain access to compromised systems, or secure specific commitments. These objectives might be better achieved through quiet negotiations than public confrontation.
Maintaining Strategic Ambiguity: Some states prefer to keep their red lines and response capabilities ambiguous in cyberspace, believing this ambiguity can enhance deterrence. Public attribution might reduce this ambiguity.
A Hybrid Approach is Often Preferred:
In practice, many countries (like the US, UK, EU, and now increasingly Taiwan, as seen with recent public statements about UNC3886) adopt a hybrid approach:
Public Attribution for Major Incidents: When attacks are widespread, highly impactful (like the Microsoft Exchange hack or critical infrastructure targeting), or involve significant intellectual property theft, public attribution (especially when multilateral) is used to impose costs and set norms.
Behind-the-Scenes for Ongoing Issues or Sensitive Intelligence: For continuous espionage, specific intelligence exchanges, or when sensitive sources might be compromised, quiet diplomatic engagement or private warnings are often preferred.
Layered Response: Public attribution can be followed by diplomatic démarches, sanctions, or other policy responses, combining different tools of statecraft.
Given Taiwan's unique geopolitical position and direct exposure to Chinese cyber threats, a carefully calibrated approach is crucial.
Publicly exposing certain attacks can rally international support and highlight Beijing's aggressive cyber posture, which aligns with Taiwan's strategy of garnering international sympathy and support.
However, it must also balance this with pragmatic considerations for maintaining stability across the Strait and managing potential escalations.
The recent public statements from Singapore regarding UNC3886, despite initial Chinese denials, indicate a growing willingness among affected nations to be more transparent about the origins of serious cyberattacks.
The decision of whether to "name and shame" China for cyberattacks or work diplomatically behind the scenes is a complex one, with both approaches having potential benefits and drawbacks.
Many countries, including the U.S., its Five Eyes allies (UK, Canada, Australia, New Zealand), and increasingly the EU and Japan, often employ a combination of both, adapting their strategy based on the severity of the attack, the geopolitical context, and their specific objectives.
Arguments for Naming and Shaming (Public Attribution):
Imposing Reputational Costs: China, like any major power, is sensitive to its international image. Publicly calling out its malicious cyber activities, especially when done in a coordinated manner by a coalition of states (as seen with the Microsoft Exchange hack attribution), can impose reputational damage and diplomatic costs.
Deterrence (Long-Term): While direct deterrence of nation-state cyberattacks is difficult, public attribution can contribute to a long-term deterrence strategy. It signals that:
The victim state has the capability to identify the attacker, challenging the notion of anonymity in cyberspace.
There will be consequences, even if not immediate kinetic retaliation.
Such behavior is unacceptable and violates international norms.
Norm-Setting: Public attribution, especially when accompanied by legal condemnations and statements about international law (even if not universally agreed upon), helps build and reinforce norms of responsible state behavior in cyberspace. It draws a line in the sand and clarifies what actions are considered unacceptable.
Rallying Allies and Partners: Coordinated public attribution strengthens alliances and fosters collective security. It encourages intelligence sharing and collaboration on cybersecurity defense among like-minded nations, presenting a united front.
Raising Awareness and Improving Defenses: Public disclosures of nation-state TTPs (Tactics, Techniques, and Procedures) force organizations and governments to update their defenses against specific threats. The Hafnium attribution, for example, spurred widespread patching and improved vigilance.
Domestic Accountability/Public Opinion: In democratic countries, public attribution can inform citizens about threats to national security and critical infrastructure, potentially generating public support for stronger cybersecurity measures or policy responses.
Arguments for Diplomatic, Behind-the-Scenes Engagement:
De-escalation: Public accusations can sometimes lead to an escalatory cycle. Diplomatic channels allow for discreet communication, negotiation, and de-escalation, especially in sensitive situations where a public spat could worsen tensions.
Preserving Channels for Cooperation: Despite competition, there are areas where cooperation with China is necessary (e.g., climate change, pandemic response, nuclear non-proliferation). Public "shaming" could jeopardize these essential diplomatic avenues.
Intelligence Protection: Revealing attribution publicly often requires disclosing intelligence sources and methods, which can compromise future intelligence gathering capabilities. Behind-the-scenes diplomacy allows intelligence to be leveraged without exposure.
Lack of Immediate Impact: China routinely denies all accusations of state-sponsored hacking. Critics argue that "naming and shaming" has little immediate impact on China's behavior, as it simply issues boilerplate denials and continues operations.
Risk of Misattribution/Retaliation: Despite advances, definitive attribution can be challenging. A mistaken public accusation could severely damage diplomatic relations and potentially trigger retaliatory actions against the falsely accused state.
Specific Objectives: Sometimes the goal is to recover stolen data, gain access to compromised systems, or secure specific commitments. These objectives might be better achieved through quiet negotiations than public confrontation.
Maintaining Strategic Ambiguity: Some states prefer to keep their red lines and response capabilities ambiguous in cyberspace, believing this ambiguity can enhance deterrence. Public attribution might reduce this ambiguity.
A Hybrid Approach is Often Preferred:
In practice, many countries (like the US, UK, EU, and now increasingly Taiwan, as seen with recent public statements about UNC3886) adopt a hybrid approach:
Public Attribution for Major Incidents: When attacks are widespread, highly impactful (like the Microsoft Exchange hack or critical infrastructure targeting), or involve significant intellectual property theft, public attribution (especially when multilateral) is used to impose costs and set norms.
Behind-the-Scenes for Ongoing Issues or Sensitive Intelligence: For continuous espionage, specific intelligence exchanges, or when sensitive sources might be compromised, quiet diplomatic engagement or private warnings are often preferred.
Layered Response: Public attribution can be followed by diplomatic démarches, sanctions, or other policy responses, combining different tools of statecraft.
Given Taiwan's unique geopolitical position and direct exposure to Chinese cyber threats, a carefully calibrated approach is crucial.
Publicly exposing certain attacks can rally international support and highlight Beijing's aggressive cyber posture, which aligns with Taiwan's strategy of garnering international sympathy and support.
However, it must also balance this with pragmatic considerations for maintaining stability across the Strait and managing potential escalations.
The recent public statements from Singapore regarding UNC3886, despite initial Chinese denials, indicate a growing willingness among affected nations to be more transparent about the origins of serious cyberattacks.
4 days ago
