Cairncross said it was time to shift the burden in cyberspace from Americans to bad actors, taking the opportunity to single out China, whose communist regime is known to have sponsored mass cyberespionage and cyberattack pre-positioning campaigns against residents of the U.S. and its allies.
“And by bad actors, I want to particularly point to China as the numero uno in that category,” he said at the policy event.
Cairncross said the Volt Typhoon campaign—in which Chinese state-sponsored hackers infiltrated critical infrastructure systems, pre-positioning themselves for disruption in the event of a conflict—is not something that the United States would have tolerated if it had happened through nondigital means, and it should not be tolerated now.
He said there was only “one reason” that the Chinese regime would order such a campaign. “It’s to impose a strategic dilemma on the United States, and the United States in no other sphere really allows that to happen,” Cairncross said.
“And Salt Typhoon is one of the largest espionage campaigns in the history of espionage.
“It’s not something to be shrugged off, or the actions of some benign strategic competitor.
“This is activity that is meant to do us harm, and we should send a message that it’s unacceptable.”
Cairncross said that a priority of his office will be to “really start to shape adversary behavior.”
“We can’t be ambiguous,” he said. “We have to be clear that behavior is unacceptable and there has to be a cost to shift their risk calculus in this space.”
At the summit, Cairncross said the Trump administration is ready to drive a new cyberstrategy that will “advance U.S. interests and thwart our adversaries in cyberspace.”
He said the United States needs to create an “enduring advantage” over authoritarian regimes such as the Chinese regime, which he said has the ability to “integrate instruments of power more seamlessly than we can.”
Streamlining Cooperation
Cairncross said another top priority of his office will be to pave the way for coordination between various partners, so that U.S. responses to these cyberintrusions are no longer a “tactical patchwork system.”“The United States hasn’t had an overarching cyber policy, a strategy that’s set in coordination with, from offense all the way through to end user defense to state, local, and tribal governments working together in putting tactical operations and policies in place that support and feed into that strategy. And that is what we are going to do,” he said.
Cairncross expressed confidence in the current leadership and his interagency colleagues in cutting through “bureaucratic nonsense” to collaborate cohesively, and said he aims to reduce similar regulatory burdens for the private sector to allow them to move quickly in partnership as well.
“Our infrastructure is privately run, but it’s the government’s job to work to integrate that defense,” he said.
“There is a tremendous opportunity here to align academia, the private sector, military to build a pipeline that develops talent and shares it; we ought to be building a patriotic cyber force.”
Cairncross expressed a personal interest in building up a patriotic talent pipeline, previewing ideas involving venture capital and schooling programs.
“This is something to do on behalf of your country; there’s a service component here, and there’s a broad range of [opportunities] in the federal government and private sector,” he said.
U.S. allies play a vital role in these partnerships as well, he said, “particularly Five Eyes,” referring to the alliance of the United States, Canada, Australia, the UK, and New Zealand.
“There’s a lot to be done,” Cairncross said.
“There [are] many partners around the world who are looking for help as China attempts to export a surveillance state across planet Earth, country by country, continent by continent. We have to engage to help fight them.”
