Information and communication technologies (ICT) have drastically expanded states’ capacity to conduct economic espionage, generating much concern from U.S. policymakers. Theft of intellectual property, personal information, and other sensitive data costs the United States over an estimated $300 billion annually. A significant amount of these incursions are believed to have been carried out at the behest of the Chinese government. In the last decade, China has been a substantial beneficiary of stolen technology, intellectual property, and trade secrets as a means for leapfrogging technological development and providing domestic firms with a competitive edge in the global marketplace.
Unsurprisingly, many analysts have been unforgiving towards responses carried out by the Obama Administration. After all, Chinese hackers have little to fear from legal risks. There is no extradition treaty between the United States and China and cooperation in law enforcement remains minimal and distant. Under conditions that reward detractive behavior, how can the U.S. engage China to build, and adhere to, a more cooperative code of conduct regarding state-sanctioned actions over the Internet?
Game theory provides a robust framework for analyzing state behavior and strategic options within politically restrictive conditions. More importantly, it can also illuminate potential paths towards cooperation in the midst of deep suspicion. Robert Axelrod’s seminal work, The Evolution of Cooperation, attempts to show, through game theory, how great powers might learn to cooperate, even when uncooperative behavior is rewarded.
One of the basic games—essentially constructed scenarios—Axelrod utilizes is the prisoner’s dilemma. Situationally, it presents players with two basic choices: cooperate or defect. The resulting payoffs (illustrated in the figure below) are dependent on the respective players’ decisions. In its traditional form, the game is iterated only once and both players can only achieve their highest potential payoff by choosing to defect. However, mutual defection causes both players to be worse off than if they had cooperated and risked their respective worst-case scenarios. The basic form of the prisoner’s dilemma is instructional in understanding the mechanics of the game, but is of limited utility due to overemphasizing a do-or-die situation, which is not indicative to the prolonged process of interstate negotiation.
Instead, the ongoing conflict between China and the U.S. over cyberespionage is more accurately represented through multiple iterations, labeled the iterated prisoner’s dilemma (IPD). The game remains largely unchanged, save for being played multiple times and not restricting players’ awareness of history, in this case the actions and reactions of both players throughout the game. Under these conditions, Axelrod and others have found that employing a reciprocal strategy, known as tit-for-tat (TFT), provided the greatest overall payoff.
TFT is particularly useful in great power rivalry because it is generally forgiving, simplistic, and flexible. The strategy involves only two requirements: (1) on the opening move do not defect; and (2) perform the same action as the opponent’s from the previous round. Modeled within foreign policy, this affords a nation the appearance of openness to cooperation while allowing retributive action against an uncooperative rival. This provides numerous strategic advantages.
First, rivals need not be locked into defection once reciprocal action is evident. A history of cyclical defection by both China and the United States, including exposure of Chinese hacking by American information security firms, the indictment of five PLA officers accused of conducting cyberespionage against private industries, and American threats of economic sanctions, has developed through continued concerns over the scope of China’s cyberespionage activity. Reciprocal action by the U.S. eventually compelled President Xi to make a mutual pledge with President Obama for both governments to not knowingly engage in or support cyberespionage for economic gain. When it becomes apparent that action-reaction cycles result in constant defection, the only move that offers any additional benefit to either player is cooperation.
Second, ostracism has shown to be effective at coercing an uncooperative rival into eventual attempts at cooperation. In the case of China’s cyberespionage, this has taken on the form of “naming and shaming.” Critics of this approach are quick to point out that lack of direct attribution affords enough plausible deniability for the Chinese to continue unabashed. However, the indictment of the PLA officers was embarrassing enough for China to lodge formal complaints to the American ambassador in Beijing and to officials in Washington, D.C. Even if there was no real expectation that the indictment would significantly hinder China’s cyberespionage activity, it did send an important signal to Beijing and the international community that the U.S. is not blind to these actions and such behavior will not go unanswered.
Lastly, the TFT strategy fulfills the desire for retribution without closing the door to reestablishing cooperation. Those privy to the closed briefings and negotiations that went on before September’s summit on cybersecurity affirm that the threat of U.S. sanctions during China’s economic slowdown, and not so long after the PLA indictments, instilled significant concern into Chinese officials, as did a vocal segment of the American side calling for a more escalated response. The result was an official admission by President Xi that the attacks on the Office of Personnel Management originated in China, curtailing Beijing’s plausible deniability in the eyes of the international community—despite potential deflection or scapegoating—and the joint-pledge that economic espionage was off the table for state-backed activity. Furthermore, the U.S. still holds the option to implement sanctions in any future instance of China cheating on its pledge.
TFT offers great strategic potential, but it’s not without challenges that require effective management. As both the U.S. and China expand their own diplomatic efforts on cybersecurity it will become harder to maintain salient action-reaction cycles. Increasing the number of players (states) in the IPD has a positive relationship to the difficulty of achieving cooperation. However, because even a small subset of cooperative players can invade a population of uncooperative ones, it is imperative that the United States continues to build solidarity and cooperation on cybersecurity issues with NATO and other important allies.
The balance of proportionality on reciprocation is also an important concern. Noise, misperceptions, and domestic emotion can all easily deteriorate diplomatic engagement into crisis. But, as James Lewis rightfully emphasizes, there is no current credible alternative to attempting to build a code of conduct with China on cyberespionage. Military deterrence is problematic. Under no rationale circumstance would (or should) an act of espionage trigger a military response. Furthermore, an escalation of this magnitude would signal that openness to dialogue has closed. Axelrod notes that in scenarios modeling the IPD a propensity to defect increases drastically when players perceive a coming end to the game.
Behind the increasingly combative rhetoric, the U.S. has already made significant strides in addressing Chinese cyberespionage, but it’s a messy process. Backsliding by China should be expected and adequate proportionality practiced in any U.S. reciprocal action that follows. Additionally, American officials must have the political will to punish China on infractions even if it might jeopardize some U.S. business interests in the short-term. Pursuing a strategy akin to TFT in engagement with China provides American policymakers with the most policy options and reinforces an appearance of rationality in their diplomatic efforts. Most importantly, it enables an avenue for building broader cooperation on cybersecurity with China moving forward.