If you are not viewing today’s strategic cybersecurity concerns through the larger lenses of U.S. trade policy with China, North Korean denuclearization talks and a return of U.S.-based manufacturing, you’re missing the boat. All these issues are part of the same ecosystem, one based on the inextricably linked idea that economic security is national security and vice-versa.
When you view strategic cybersecurity challenges through this ecosystem, you begin to understand that in order to solve the most serious issues you need to employ a system-based approach instead of a goal-based one (also known as “looking at the bigger picture”). Scott Adams is one of the best at explaining the difference between the two.
Maintaining Generational Advantages
One of the more interesting books I have read in the past few years is Solider Spy by Tom Marcus. It’s about the life of a former MI5 agent who was recruited to the service after the 7/7 attacks in London. Toward the end of the book, he makes an interesting comment (fret not, this is not a spoiler): To paraphrase, he suggests in a short comment that while terrorist attacks and loss of life are absolutely horrible and must be stopped, these attacks do not necessarily have the same lasting strategic impact on national security that intellectual property theft and corporate espionage have.
You see, it’s the generational leaps in technology that give a country a strategic advantage. When you start to close these generational gaps, your enemies, adversaries, challengers, and even allies have a new way to challenge your position.
And apologies for being so brutish about this, but when you want to catch up in a flash, the most efficient way to do so is to steal something, not develop it on your own (I am not advocating theft, I’m simply employing some realpolitik thought here).
How much did the F-35 project cost? Let’s go with $1.5 trillion dollars. Do you think the hackers invested $1.5 trillion to develop cybersecurity tools to steal the plans? Probably not. They’re not looking to innovate and make an honest buck. They’re looking for the straight up “profit” scenario, illustrated so eloquently by the Henry Hill character in the movie Goodfellas: “You take a $200 case of booze and you sell it for a hundred. It doesn’t matter. It’s all profit.”
When you don’t have to worry about the R&D or supply chain purchasing costs, you’re saving your resources for someplace else. It’s actually force multiplying your capabilities because you are managing your resources better. Former defense acquisitions chief Frank Kendall perhaps summed it up best in one comment, referencing design theft: “What it does is reduce the costs and lead time of our adversaries to doing their own designs, so it gives away a substantial advantage.”
The existing business model is simply untenable when you invest 10 years and $1 billion into a project, only to have it stolen in one night. It’s great for the thief, but terrible for you. There is absolutely no way you can get a reasonable return on investment, meaning that your only viable option is to close up shop and rely on somebody else. That’s great for their wealth generation pursuits, but not yours. In fact, you may very quickly slip into a mode where you rely on wealth redistribution.
How Do You Calculate Economic Impact on a Country in the Age of Cybercrime?
In fall 2018, the Foundation for Defense of Democracies issued a report with some staggering numbers. It attributed over 90 percent of the economic cyberespionage in the United States to Chinese hackers, estimating losses of nearly $300 billion per year. When you start to mix in trade deficits, you understand why former NSA Director Gen. Keith Alexander said in 2012 that rampant cyber theft constitutes “the greatest transfer of wealth in history.”
You see, you cannot look at the theft alone in isolation. The theft has purpose: Steal to strategically weaken the other side, whether it is through closing generational technological gaps or bleeding the other side economically.
This is a good juncture to inject one of the best lessons in economics I ever learned (a subject I generally have never had any use for because I’m still trying to find this mythical “rational buyer” that most of my undergraduate economics professors kept talking about).
But in this particular story, this economics professor was born and raised in one of the most repressive Eastern Bloc countries at the height of 20th Century communism. Heavy accent and all still intact, the professor certainly had a unique perspective on world economies and international trade. Furthermore, this lesson perhaps has more importance today in a globalized economy than when it was said more than two decades ago.
The professor asks the class, “How do you calculate national GDP?” We regurgitated that standard undergraduate response: “The total market value of goods and services produced by an economy over a period of time.”
We received a look of disgust. The experience is so etched into my mind I still chuckle when I think about it. The professor shakes their head and says, “Wrong. How do you calculate national GDP?”
Can You See the Entire System Yet?
We so-called “leaders of tomorrow” were perplexed. Then, some of the “smarter” types in the class regurgitated the same answer citing some textbook, which impressed the prof about as much as finding out the sky is blue.
The professor yells back at us “TIMES TWO!!!” holding two fingers high up in the air.
We students in the class honestly feel clueless, looking around at each other for some explanation. We had no idea how this professor came up with this “times two” correction for national GDP calculation. Concurrently, this professor, so perturbed at our apparent stupidity, must have been thinking this class is the dumbest cohort ever.
It was straight up an episode of the Muppets (if you don’t laugh at this scene, check yourself for a pulse).
And then the professor enlightened us. The “times two” correction is necessary to account for the black market: the unreported transactions, the theft, the criminal underground. The professor went on to say that the only way to get a true sense of a country’s productivity and performance is if you are including all the illicit behavior. It’s not a matter of right and wrong; rather, it’s just a matter of understanding a country’s true economic performance.
The professor went on, qualifying that the “times two” correction is simply an estimate, a multiplier that will change depending on the level of corruption within a country.
But the lesson was simple: if you’re not accounting for illicit behavior, you’re missing what’s going on in the entire system.
So, with the benefit of this economics lesson, do you see now how, in the age of an interconnected global economy, cyber espionage can greatly enrich not only the thief but the host country of the thief as well? Steal the R&D from Country A, manufacture it on the cheap in Country B, and Country B sells it back to Country A at a premium. Not only does the thief benefit, but Country B benefits as well from the increased economic output.
Like Henry Hill said, it’s all profit.
Economic Leverage to Change Behavior
When you’re the biggest customer, you have negotiating power. And at the moment, the United States is still the biggest customer, leading the world in imports on a per dollar basis.
It’s worth noting that this conversation would be very different if China had the domestic buying power to replace the U.S. as a customer. But it can’t. The GDP per capita figures are not even close: $53,128.54 for the U.S. and $7,329.09 for China (2017 figures). There’s simply not enough wealth within China domestically to replace the U.S. as a customer.
And when you lose your biggest customer, with no obvious replacement in existence, don’t expect business to go well.
As I noted here, it is economic leverage that could do more to address the strategic cybersecurity challenges we face, more so than any technology or similar remedy. And as an update to that article, as of late February, Huawei and its U.S. affiliate are set to face charges of – you guessed it – trade-secret theft, wire fraud and obstruction of justice in relation to a scheme to steal trade secrets from T-Mobile U.S. Inc.
Cultural Understanding Goes Both Ways
If you didn’t catch President Trump’s press conference in the Oval Office when Chinese Vice-Premier Liu visited, some of the exchanges during the Q&A are worth a watch. Cybersecurity was definitely discussed and President Trump was quite clear: we’ll trade so long as our security concerns are met.
In other words: we can no longer accept being robbed blind.
This is why the lively exchange towards the end, even including U.S. Trade Representative Ambassador Robert Lighthizer, on the difference between an MOU and an enforceable agreement is so important (MOUs mean different thing to different people, especially different cultures). Expect Trump to use economic leverage to institute some sort of bilateral enforceable agreement. Otherwise, it’s back to tariff town.
Therefore, with that backdrop, and with the Chinese trade delegation still in the U.S. while Trump was in Vietnam, perhaps you have a better understanding why he walked out without an agreement.
Trump in The Art of the Deal says you need to be able to walk away from any deal at any time if it’s not the right deal. If you disagree with his politics (or him in general) check out the must-read book Never Split the Difference: Negotiating As If Your Life Depended On It by Chris Voss, former international hostage negotiator for the FBI, who shares similar thoughts.
Yes, we do need to be sensitive to culture. And it’s not uncommon for us to tiptoe around cultural sensitivities, either. This is why you also need to be sure, if you’re going to corner somebody, give them a way out so they can save face. Never forget, almost everybody has a sense of pride, no matter what their cultural background is. Shaming and humiliation may serve some short-term interest, but you’re sowing the seeds for an all-out fight.
We still live in a world of nations and, as the old saying says, there are no long-term friends, just long-term interests, or some variation of that same saying. Keep that in mind when it comes to strategic cybersecurity challenges. It’s not a goal to be achieved. It’s part of a larger systemic problem. And there’s more going on in the system than you may realize.