The top U.S. military officer on Thursday dismissed comparisons of Chinese and American snooping in cyber space, saying all countries gathered intelligence on their potential adversaries but Beijing's problematic “niche” was intellectual property theft.
Army General Martin Dempsey, the chairman of the Joint Chiefs of Staff, also said the U.S. government was close to completing an update of its rules of engagement in cyber space and that Americans needed to understand a cyber-attack could trigger a real-world military response.
“All nations on the face of the planet always conduct intelligence operations in all domains,” Dempsey told an audience at the Brookings Institution think-tank after he was asked about intelligence leaks showing the National Security Agency targeted Chinese institutions for cyber spying.
He rejected suggestions that the leaks by NSA contractor Edward Snowden demonstrated hypocrisy on the part of the United States, which has been sharply critical of Chinese hacking of U.S. government and commercial computer networks.
“China's particular niche in cyber has been theft and intellectual property,” Dempsey said. “I've had some conversations about that with them. Their view is that there are no rules of the road in cyber, there's nothing, there's no laws that they are breaking, there's no standards of behavior.”
That disagreement is a point of friction in ties between the two countries and was discussed earlier this month by Presidents Barack Obama and Xi Jinping at a summit in California.
Dempsey said the two countries would have their first formal discussions next week to try to establish rules for conduct in cyber space “so we don't have these friction points.”
The United States has become increasingly vocal about Chinese hacking, which officials say has cost the United States hundreds of billions of dollars in lost intellectual property and is helping U.S. adversaries speed development of high-tech weapons systems.
The Pentagon's annual report on China in April for the first time directly accused the Beijing government and military of being behind the hacking.
Dempsey, in his remarks on cyber security at Brookings, said the government could not completely prevent insiders like Snowden from disclosing secrets if they were willing to break the law, but he said it could take steps to mitigate the risk.
He said a shift to so-called “cloud” or “thin client” computing could boost security and reduce the number of systems administrators needing with broad access. Deeper background checks and greater oversight also could be imposed, he said.
Snowden was a systems administrator working for Booz Allen Hamilton in Hawaii on an NSA contract when he disclosed details of secret U.S. surveillance programs.
“I think systems administrators is the right place to begin to clean this up ... because they have such ubiquitous access, and that's how he ended up doing what he did,” Dempsey said.
Dempsey said the U.S. government is close to completing an update of its rules of engagement for dealing with a cyber-attack, describing them as a “playbook” that outlines the roles and responsibilities of the different agencies involved.
He cautioned against assuming a cyber-attack that caused significant damage would automatically be met with a cyber-response of similar scope and destructiveness.
“I think what the president ... would insist upon, actually, is that he have the options and the freedom of movement to decide what kind of response we would employ,” Dempsey said.
“That's why I say I don't want to have necessarily a narrow conversation about what constitutes war in cyber, because the response could actually be in one of the other traditional domains” of air, sea, space or land, he said.