Log in to get started!

Don't have an account yet? You can create one below.

Student Instructor
Display Title
Cyber Clash with China

Tensions escalate between the United States and China as the Nasdaq Stock Market faces a devastating cyberattack from an underground hacker collective possibly supported by the Chinese government.


Cyberspace is a new domain of conflict that has few accepted standards of behavior. In recent years, China has exerted authority over areas of the South China Sea also claimed by other Asian countries, leading to tension with the United States. A few days ago, following several incidents in both cyberspace and the South China Sea itself, the Nasdaq stock market was hacked, which significantly harmed the U.S. economy. U.S. intelligence agencies believe some in the Chinese government knew about the attack, for which a Chinese hacker collective claimed credit. National Security Council members need to advise the president on the merits of a cyber response, economic sanctions, or military measures.   

Lead Image
A magnifying glass over a segment of code with a map of China overlaid on top of it

The Situation

Cyberspace is a new domain of conflict that has few accepted standards of behavior, and basic questions about it—including how countries should respond to cyberattacks—are still unresolved. In recent years, China has exerted authority over areas of the South China Sea also claimed by other Asian countries, leading to tension with the United States. Last week, following several near misses in the South China Sea between U.S. and Chinese military vessels and aircraft, as well as the theft of documents from U.S. military networks, the U.S. Air Force conducted a flight near a shoal claimed by China. Three days later, the Nasdaq stock market was hacked, which significantly harmed the U.S. economy. U.S. intelligence agencies believe some in the Chinese government knew about the attack, for which a Chinese hacker collective claimed credit. National Security Council members need to advise the president on the merits of a cyber response, economic sanctions, or military measures.   





  • U.S.-China relations and China’s emergence as a rising power
  • Territorial disputes in the South China Sea
  • Definition of standards for behavior in cyberspace
  • Military, economic, and other activities in cyberspace
  • Information and communications revolution
Guide Sections
An Introduction to the National Security Council
National Security Council meeting

“The function of the Council shall be to advise the President with respect to the integration of domestic, foreign, and military policies relating to the national security...”

– Title I of the National Security Act of 1947

1.1 Overview

The United States plays a critical role in establishing and maintaining international order in an increasingly globalized world. The range of foreign policy issues that require its attention or involvement is vast: from conflicts in Afghanistan, Iraq, and Syria to tensions with North Korea and Iran; from long-standing alliances with European and Asian powers to complex, evolving relationships with Brazil, China, India, Russia, and South Africa; from the stability of global finance to the promotion of economic opportunity in low-income countries; and from climate to health to nuclear proliferation to terrorism. There is little around the world in which the United States does not have a vested interest. Further, issues such as immigration, trade, and cybersecurity underscore the fading distinction between domestic and international matters.

U.S. leaders use a range of tools to pursue a foreign policy that they believe will safeguard national security and achieve U.S. goals:

  • diplomatic, such as bilateral or multilateral consultations and negotiations, treaties, defense and security agreements, resolutions at global and regional bodies such as the United Nations, and public diplomacy to promote U.S. views and culture
  • economic, such as trade and investment agreements, tariffs, sanctions, embargoes and boycotts, development assistance, loans for the purchase of U.S.-manufactured products, and sales of arms, equipment, and technology
  • military, such as missile strikes, nuclear deterrence, ground force deployments, ship and submarine patrols, blockades, unilateral or partnered military exercises, foreign military training, and special operations forces
  • unconventional actions, sometimes secret, undertaken by the U.S. government and its proxies, such as training and assisting foreign intelligence services, supporting armed nonstate actors, private security contracting, and cyberwarfare

Effective policymaking requires a deft combination of these tools. To accomplish this, policymakers need to clearly define U.S. interests and gauge the interests, resources, and motivations of foreign governments and nonstate actors. The U.S. intelligence community helps policymakers in their work by collecting and analyzing a vast range of information, including satellite images, communications records, documents, data, and personal observations.

Foreign policy successes and failures are often associated with presidential decisions. Less explored is the decision-making system that helps the president make those critical choices and coordinate their implementation. This guide will help you understand the system through which the United States creates and implements its foreign policy.

Learn More
See More
National Security Council meeting
CIA Director George Bush discusses the evacuation of Americans from Beirut

“....I envisioned a special role for the national security advisor, who is the manager of the National Security Council. I needed an honest broker who would objectively present to the president the views of the various cabinet officers across the spectrum.”

— George H.W. Bush, “A World Transformed,” p. 18

1.2 The Interagency Process

Whether it aims to respond to an immediate crisis or to advance a long-term objective, a successful foreign policy–making process starts with a clear articulation of interests and goals. Policymakers and their advisors then formulate policy options to meet those goals and consider each option’s strengths and weaknesses. This process is challenging in the best of times. Information may be unreliable or incomplete, an adversary’s intentions may be unclear, and a decision’s consequences may be unknowable. Leaders often have to choose from a list on which every option is imperfect. Adding to this uncertainty is the complexity of the U.S. government’s foreign policy machinery: numerous agencies—each with its own interests and biases—seek to influence how policy is decided and carried out. In these circumstances, it takes considerable effort to run a process capable of producing sound policy decisions.

The National Security Council (NSC) plays a critical role in this effort. Its mission is to help the president effectively use a variety of instruments—military, diplomatic, or otherwise—to forge policies that advance U.S. national security goals.

The NSC was created by the National Security Act of 1947, which defined it as an interagency body intended to “advise the president with respect to the integration of domestic, foreign, and military policies relating to the national security.” Following World War II, in an age of expanded American interests and responsibilities, the NSC was expected to provide a place where the heads of federal departments and agencies could cooperate to develop and recommend to the president policies that would advance U.S. aims. The NSC and its staff were also meant to manage the policymaking process so that the president would receive a full range of advice and opinion from the departments and agencies involved in national security.

The NSC has evolved significantly over the years, adapting to the preferences of successive presidents and the challenges they faced. Variables such as NSC meeting attendees, the frequency of meetings, the amount and format of information passed to the president, the importance of consensus, and the relative dominance of the NSC over other government institutions have changed over the decades.

During this time, the NSC has evolved to comprise various interagency committees and a large staff to prepare analysis and coordinate policymaking and implementation. The NSC is at the center of the interagency process, one through which relevant government agencies address foreign policy issues and help the president make and execute policy choices.

I. National Security Advisor

The national security advisor (formally assistant to the president for national security affairs), a senior advisor to the president, is at the heart of the NSC structure. Ideally, the national security advisor’s role is twofold: to offer advice to the president and to coordinate and manage policymaking. Because they have direct access to the president and do not represent a cabinet department such as the State Department or Defense Department, national security advisors are in a unique position to drive foreign policy decisions, manage the actors involved, and mitigate conflict throughout the decision-making process.

II. National Security Council Staff

The NSC staff consists of individuals from a collection of agencies that support the president, the vice president, and the administration. NSC staff members are generally organized into directorates that focus on regions or issues. The size and organization of the staff vary with each administration.

The NSC staff provides expertise for the variety of national security policy matters considered by the committees and the president. It manages numerous responsibilities, including preparing speeches, memos, and discussion papers and handling inquiries from Congress on foreign policy issues. Staff members analyze both immediate and long-term issues and help prioritize these issues on the interagency agenda.

III. Committee Structure

Committees are at the core of policy deliberation and policymaking in the NSC. They fall into four categories:

  • The highest-level is the National Security Council itself. Formal NSC meetings are chaired by the president and include individuals named by the National Security Act of 1947 as well as other senior aides the president invites.
  • The principals committee (PC) comprises cabinet-level officials who head major government departments concerned with national security, such as the secretaries of state and defense. The national security advisor traditionally chairs the principals committee.
  • The deputies committee (DC) includes the deputy leaders of the government departments represented on the principals committee and is chaired by the deputy national security advisor.
  • Policy coordination committees (PCCs) cover a range of regional areas and issues. Each committee includes officials who specialize in the relevant area or issue at one of the departments or agencies in the interagency system. PCCs are generally chaired by senior directors on the NSC staff. Much of the day-to-day work needed to formulate and implement foreign policy across the U.S. government happens at the PCC level.

This committee structure tackles both immediate crises such as an outbreak of conflict and enduring issues such as climate change. In the normal course of events, PCCs conduct analysis on an issue, gather views on it and its importance from various departments, formulate and evaluate policy options, and determine what resources and steps would be required to carry out those options. The deputies committee, meanwhile, manages the interagency process up and down. It decides what PCCs to establish and gives them specific assignments. It also considers information submitted by the PCCs, ensuring that it is relevant, complete, and clear, before relaying it to the principals committee or the full NSC.

The principals committee is the highest-level setting, aside from the NSC itself, for debating national security issues. It consists of the heads of the NSC’s component agencies—essentially all the members of the NSC except the president and vice president. Formal NSC meetings, which the president chairs, occur whenever the president sees fit. They consider issues that require the president’s personal attention and a direct presidential decision.

The goal of this committee structure is to foster consensus on policy options or highlight where and why consensus cannot be reached. If officials at one level agree on an issue, it may not need to go to senior officials for a decision. This practice reserves the president’s time, and that of the principals, for the most complicated and sensitive debates.

When a crisis erupts, however, issues may not follow the usual path up from the PCCs. In these cases, NSC staff members and officials in government departments and agencies generally draft papers drawing on their expertise, available intelligence, and any existing contingency plans. Policy options are then debated and decided at the appropriate level, depending on the nature and severity of the crisis. The policymaking process may also deviate from this model based on the preferences of each president.

For the purposes of Model Diplomacy’s NSC simulation, you will role-play the NSC meeting with the assumption that the committees described have already done their jobs and passed critical information to the highest-level decision-makers.

Presidential Decisions

When the president makes a policy decision, it may take the form of a verbal instruction recorded in a NSC staff document and shared with relevant departments and agencies. The president may also issue formal decisions in documents that lay out the administration’s policy and explain its rationale and goals. These documents have gone by different names under different presidents. President Donald J. Trump issues national security presidential memoranda, which replace the presidential policy directives and presidential study directives that President Barack Obama issued.

The president may also issue an executive order. In the past, presidents have issued executive orders for such purposes as facilitating sanctions against foreign individuals and establishing new offices in government departments to achieve foreign policy aims. For federal agencies, both national security directives and executive orders carry the full force and effect of law, though the president’s authority to issue these kinds of documents is sometimes questioned.

National Security Council meeting
President Bush leads a meeting of the National Security Council.

“These complex times have made clear the power and centrality of America’s indispensable leadership in the world.”

— Obama 2015 National Security Strategy

1.3 Departments and Agencies

Although many executive branch departments and agencies are involved in foreign policy and, depending on the issue, play a role in the NSC process, the Department of State, the Department of Defense, and the intelligence community form the core of the foreign policy bureaucracy. The Department of the Treasury, the Department of Homeland Security, and the Department of Justice often play crucial roles as well.

Department of State

The Department of State conducts the United States’ relations with other countries and international organizations. It maintains U.S. diplomatic presence abroad, issues visas for foreigners to enter the country, aids U.S. citizens overseas, and manages cultural exchanges and other programs to promote American interests. As head of the department, the secretary of state is the president’s principal foreign affairs advisor and has a keen understanding of the United States’ international relations, the relationships between foreign countries, and the behavior and interests of their governments.

Department of Defense

The Department of Defense carries out U.S. defense policy and maintains U.S. military forces. It includes the U.S. Army, Navy, Marine Corps, and Air Force, as well as an array of agencies with missions ranging from advanced technological research to defense cooperation with friendly countries. The department employs more than two million military and civilian personnel and operates military bases across the United States and abroad. The secretary of defense, the head of the department and the president’s principal defense policy advisor, stays up-to-date on the security situation in foreign countries and the possibilities and implications of U.S. military involvement. The chairman of the joint chiefs of staff is the highest-ranking member of the U.S. armed forces and the president’s top military advisor.

Intelligence Community

The U.S. intelligence community consists of seventeen agencies and organizations, including the Central Intelligence Agency (CIA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), which gather and analyze intelligence to help policymakers formulate and implement U.S. foreign policy. Each of these agencies has its own mission; for example, the NSA focuses on signals intelligence (information gathered from communications and other electronic signals) and the Defense Intelligence Agency on military information. The director of national intelligence, the president’s principal advisor on intelligence issues, oversees this network of agencies with the aim of ensuring that they work together and deliver the best possible information to U.S. policymakers.

Department of the Treasury

The Department of the Treasury carries out policy on issues related to the U.S. and global economies and financial systems. The secretary of the treasury, as head of this department, serves as one of the president’s chief economic advisors and is responsible for addressing a range of economic concerns, including growth, trade and investment, and the position of the U.S. dollar. The Treasury’s ten bureaus, which include the U.S. Mint and the Internal Revenue Service, do much of the department’s work, which ranges from collecting tax to printing currency and executing economic sanctions.

Department of Homeland Security

Created soon after the terrorist attacks of September 11, 2001, the Department of Homeland Security works to counter and respond to risks to American security. It focuses on issues such as terrorism prevention, border security and immigration, disaster response, and cybersecurity. Familiar agencies within the department include U.S. Customs and Border Protection, which checks travelers and goods coming into the United States; the U.S. Secret Service, which protects the president and investigates financial crimes; and the Transportation Security Administration, which ensures security at airports. The secretary of homeland security oversees the department and advises the president on relevant issues.

Department of Justice

The Department of Justice investigates and prosecutes possible violations of federal law, represents the U.S. government in legal matters, oversees federal prisons, and works more broadly to prevent and respond to crime. Agencies such as the FBI and the Drug Enforcement Administration are part of the department, as are divisions focusing on particular areas of law, such as national security and civil rights. Leading the department is the attorney general, who offers legal advice to the president and the heads of other departments, including on matters under discussion in the NSC.

Learn More
See More

Guide Glossary


alliance:an official partnership between two or more parties based on cooperation in pursuit of a common goal, generally involving security or defense.
attorney general:head of the Department of Justice and chief lawyer of the U.S. government. Among other duties, he or she offers advice on the legal aspects of proposed policies to the president and other department heads.


bilateral:undertaken between two entities, generally countries.
blockade:an act of war wherein a foreign military cuts off access to a specific location, usually a port, to impede deliveries of supplies. In 1962, President John F. Kennedy ordered a blockade of Cuba—calling it a “quarantine” to avoid the implication of declaring war—in response to Soviet missile activity on the island.


Cabinet:the group comprising the vice president of the United States and the heads of all fifteen federal executive departments, such as the secretaries of state, defense, commerce, labor, and education. Other officials may also have cabinet rank, depending on the administration.
Chairman of the Joint Chiefs of Staff (CJCS):the highest-ranking member of the U.S. armed forces. The CJCS does not exercise command authority over U.S. troops, but instead works with the leaders of the U.S. military services to fulfill his function as the top military advisor to the president and other senior officials.
chief of staff to the president:a close advisor to the president who is responsible for coordinating the implementation of presidential policy and managing the Executive Office of the President (EOP), which includes the national security staff among many other entities.
cyberwarfare:defensive and offensive actions taken by a government or nonstate actor in the realm of information network systems and digital infrastructure. Specific actions include planting computer viruses, mounting denial-of-service attacks to disrupt internet and network activity, and conducting electronic surveillance.


deputies committee (DC):the intermediate-level setting, below the principals committee, for debating issues in the National Security Council (NSC) system. Chaired by the deputy national security advisor, it comprises the second- and third-ranking leaders of the departments and agencies represented on the National Security Council. It manages the interagency process up and down, answering to the principals committee and assigning and reviewing the work of interagency policy committees.
director of national intelligence:the president’s principal advisor for intelligence-related matters and the head of the intelligence community, a network of seventeen agencies and organizations, such as the Central Intelligence Agency (CIA), Federal Bureau of Investigation (FBI), and Defense Intelligence Agency (DIA), that collect and analyze information to assist policymaking.


executive order (EO):a decision issued by the president that carries the full force and effect of law. An executive order usually instructs government departments and agencies to implement or modify particular policies or procedures.


foreign policy:a country’s attitudes and actions in the international arena. Foreign policy includes two principal elements: goals or interests as the country defines them, such as peace with one’s neighbors, and the means pursued to advance these interests, such as diplomatic negotiations, trade agreements, and military alliances. A country carries out its foreign policy through its dealings with other countries, international organizations such as the United Nations (UN), and nonstate actors such as corporations and advocacy groups.


interagency:involving two or more agencies. The National Security Council (NSC), for example, is an interagency forum, not a forum internal to any one agency.


multilateral:undertaken among three or more entities, usually countries. The term frequently describes organizations such as the United Nations (UN).


National Security Act:a law signed by President Harry S. Truman in 1947 to reorganize the agencies and processes related to intelligence, foreign policy, and the military. Among its reforms, the act established the National Security Council (NSC) and the Central Intelligence Agency (CIA).
national security advisor (NSA):the so-called honest broker of the national security policy process and the president’s principal advisor on national security issues. The NSA manages the National Security Council (NSC) staff, chairs the principals committee, and coordinates and manages policymaking with the goal of ensuring effective policy development and implementation.
National Security Council (NSC):an interagency body that serves as the forum for the president to discuss and take action on the most critical national security issues facing the United States. Its membership has varied since its creation in 1947, and now includes the president, vice president, national security advisor, secretaries of state and defense, and a variety of other senior officials.
National Security Council (NSC) staff:the president’s national security and foreign policy personnel. The NSC staff receives direction from the president via the national security advisor, provides expertise on issues and regions, and collaborates frequently with employees from other government departments and agencies to carry out the interagency policymaking process.
national security presidential memorandum:a type of presidential directive, or official order from the president, on matters related to national security. Called different names by different administrations, these documents may initiate a review of current policy, reorganize the structure of the national security policy apparatus, or lay out new strategies.
nonstate actors:individuals or groups that do not belong to or act on behalf of a state. This may refer to nongovernmental organizations such as Amnesty International, media outlets such as the New York Times, or terrorist groups such as al-Qaeda.


policy coordination committees (PCCs):the lowest-level setting for debating issues in the National Security Council (NSC) system and the home of much of the day-to-day work needed to formulate and implement U.S. foreign policy. Often chaired by a senior director on the NSC staff, PCCs develop, coordinate, and carry out policy options in distinct regional and functional areas.
principals committee (PC):the highest-level setting, aside from the National Security Council (NSC) itself, for debating issues in the NSC system. Generally chaired by the national security advisor, it comprises cabinet-level officials who head major government departments concerned with national security, such as the secretaries of state, defense, and homeland security, and other senior officials.


sanction:a tool of statecraft, frequently involving economic measures such as asset freezes and trade restrictions, used to exact a certain behavior or outcome from another party. The U.S. and EU sanctions against Russian companies and individuals that aim to encourage Russia to end its interference in Ukraine are an example.
secretary of defense:the principal defense policy advisor to the president and head of the Department of Defense, which oversees the formulation and execution of defense policy and manages U.S. military forces.
secretary of energy:the head of the Department of Energy, which executes U.S. policy on energy, environmental, and nuclear issues and oversees seventeen national scientific research laboratories.
secretary of homeland security:the head of the Department of Homeland Security since its creation after the attacks of September 11, 2001. This department works to protect U.S. security by implementing federal policy concerning terrorism prevention, border security, immigration, disaster response, and cybersecurity.
secretary of state:the president’s chief foreign affairs advisor, the country’s chief diplomat, and the head of the Department of State, which conducts the United States’ relationships with foreign countries and international organizations.
secretary of the treasury:one of the president’s chief economic advisors and head of the department of the treasury, which carries out policy on issues related to the U.S. and global economies and financial systems. The department is home to the U.S. Mint and Internal Revenue Service, among other agencies.


tariff:a tax on goods arriving from a foreign country, generally used as a tool of trade and foreign policy to penalize adversaries or favor allies or domestic producers.


U.S. permanent representative to the United Nations (UN):the ambassador-level official who advances U.S. foreign policy interests in the bodies and forums of the UN system.
unilateral:undertaken by only one entity, generally a country.


vice president:the second-highest-ranking official of the U.S. government and first in line to assume the presidency if the president dies, resigns, or becomes unable to serve. Though given only one responsibility in the Constitution—to serve as president of the U.S. Senate, with the power to break ties—the vice presidency has become a visible part of the modern White House. Today’s vice presidents undertake a variety of functions, from serving as an all-purpose presidential advisor to carrying out diplomatic trips abroad. The personality of the individual who occupies this post and his or her relationship with the president define the scope of the role.
Case Notes Sections
Chinese Soldiers
A magnifying glass over a segment of code with a map of China overlaid on top of it

“Right now, we’ve got about three billion people online, and they are using anywhere from five to fifteen million devices. And all of these devices are connected and all those connections represent doors … Most of these devices have vulnerabilities in them, and so that creates backdoors, and somebody’s going to find them.”

— Dorothy E. Denning, distinguished professor at the Naval Postgraduate School, October 9, 2015

2.1 The Issue

Cyberspace is a new domain of conflict, one guided by few accepted rules or standards of behavior. Policymakers find offensive cyber operations attractive because they are relatively inexpensive, can be designed to be less destructive than kinetic strikes (i.e., those against physical targets), and can provide a high degree of anonymity to the attacker. The vast majority of these operations includes cyber espionage (theft of military and political secrets or intellectual property) and political disruptions (website defacement or distributed denial of service [DDoS] attacks that flood a website with so much data that it can no longer respond).

The White House’s 2011 International Strategy for Cyberspace warns that “the United States will respond to hostile acts in cyberspace as we would to any other threat to our country.” However, although experts generally assume that a cyberattack that caused death or physical destruction would be considered an armed attack, the threshold for a military response to other forms of cyberattack remains uncertain. Indeed, cyberspace is marked by high strategic instability. Defending against cyber threats is extremely difficult. Would-be defenders need to worry about millions of lines of computer code, hundreds of devices, and scores of networks, but an attacker need find only one vulnerability.

Moreover, attribution of cyberattacks is difficult and slow, which makes them different from other weapons. Attackers can hide their tracks with relative ease, and the attacks can happen in minutes, if not seconds. Many countries rely on proxies, criminal groups, or patriotic hackers to conduct operations: even if the location of the hackers can be determined, anyone anywhere could have authorized the attack. This conundrum greatly complicates efforts to retaliate and prevent attacks.

Successful attacks are also likely to risk escalation. If, based on past trends, military leaders fear that their networks or weapons systems could be subjected to cyberattacks—which would limit their ability to order forces in the field or to launch weapons—they would have an incentive to use their weapons systems preemptively; such a move would escalate and further destabilize a conflict.

A magnifying glass over a segment of code with a map of China overlaid on top of it
Back-lit keyboard

“We know that foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity, and water plants, and those that guide transportation throughout this country.”

— Leon Panetta, then U.S. Secretary of Defense, October 12, 2012

2.2 Background

The rapid diffusion of information technology has remade economics, politics, and international affairs. It has transformed commerce, making global supply chains possible and generating enormous wealth. It has created social and cultural networks that span the globe, enabling people to overcome distance and share knowledge and ideas. It has provided powerful tools for political organization and protest.

The digital revolution has also created new sources of vulnerability. States, terrorists, and criminals can shut down power, communication, transportation, and financial networks with the click of a mouse, inflicting not just massive economic losses but also death and physical destruction.

The transparency and verification processes that help limit nuclear competition—which deal with physical weapons, materials, and facilities—do not appear to apply to digital weapons. Counting or controlling malware is practically impossible. Moreover, no shared understanding of the rules of state behavior in cyberspace exists—whether, for example, a country is justified in responding to cyberattacks with conventional military force. Major powers, including the United States and China, have been willing to discuss the threats in cyberspace but have been slow to develop a policy framework.

After years of silence, the U.S. government has gradually become more transparent about its development and use of cyberattacks. The 2015 Defense Department cyber strategy, for example, explicitly recognizes offensive missions, directing the Pentagon to develop cyber capabilities that can support military operations. Although experts widely believe that the United States and Israel were behind Stuxnet, the malicious software (malware) designed to slow Iran’s nuclear program by damaging centrifuges at the Natanz nuclear facility in 2009, the United States did not admit any role. In fact, the first public acknowledgment of a U.S. use of cyber weapons came in February 2016, when Pentagon officials announced that U.S. Cyber Command had launched attacks against the self-proclaimed Islamic State. Cyber Command has grown from approximately nine hundred personnel to more than six thousand, and requests for cyber operations in the 2019 defense budget totaled $8.5 billion, an increase of more than 25 percent from 2017.

China and the United States have a history of clashes in cyberspace. According to a Washington Post report, Chinese hackers have stolen information relating to more than two dozen U.S. weapons programs, including the Patriot missile system, the F-35 Joint Strike Fighter, and the U.S. Navy’s new littoral combat ship. The White House, the State Department, the Office of Personnel Management, and NASA have been breached. Attacks on Adobe, Disney, DuPont, General Dynamics, General Electric, Google, Johnson & Johnson, Juniper Networks, Sony, Symantec, and Yahoo have also been publicly reported, and Chinese hackers have reportedly targeted the negotiation strategies and financial information in energy, banking, law, and other sectors.

In response to U.S. claims of Chinese hacking, China has noted that it is also a victim of cybercrime and that the majority of attacks against it originates from internet protocol (IP) addresses in the United States, Japan, and South Korea. Chinese media were quick to echo claims by the former National Security Agency contractor Edward Snowden that the United States hacks targets on the Chinese mainland and in Hong Kong.

In April 2015, President Barack Obama signed an executive order that declared a national emergency to deal with the threat of “significant malicious cyber-enabled activities,” allowing for economic sanctions against companies or individuals that profited from cyber theft. The order threatened to block financial transactions routed through the United States, prevent exports to the United States, and prevent executives of the companies that benefit from the hacks from traveling to the United States.

In August 2015, the Washington Post reported that the Obama administration planned to levy these sanctions against Chinese companies in the lead-up to the summit the following month between Presidents Barack Obama and Xi Jinping. Perhaps because of the threat, the summit produced a breakthrough agreement. Both sides agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” Washington and Beijing also agreed to identify and endorse norms of behavior in cyberspace and to establish two high-level working groups and a hotline between them. After departing the United States, Xi signed similar agreements with the United Kingdom and at a Group of Twenty (G20) meeting in Turkey.

Following the presidents’ September summit, the cybersecurity firm FireEye reported a sharp decline in the number of Chinese cyberattacks but suggested that actors could simply have become stealthier and more difficult to detect. U.S. Assistant Attorney General John P. Carlin confirmed the company’s findings that attacks were “less voluminous but more focused, calculated, and still successful.”

The U.S.-China group on security issues met only once before the end of the Obama administration, but the cybercrime group reported some progress. The two sides established a point of contact and a designated email address, and successfully cooperated on taking down websites with false information. After Donald J. Trump met Xi Jinping in April 2017, Washington and Beijing agreed to a U.S.-China Comprehensive Dialogue that would have four pillars, including one on law enforcement and cybersecurity.

A magnifying glass over a segment of code with a map of China overlaid on top of it
President Obama inspects a computer monitor displaying cybersecurity data

“American companies are being targeted, their trade secrets stolen, intellectual property ripped off … These attacks are hurting American companies and costing American jobs. So this is also a threat to America’s economic security.”

— Barack Obama, president of the United States, February 13, 2015

2.3 Role of the United States

The United States has an interest in ensuring that China does not assert its sovereignty claims over the South China Sea by using force or intimidation. Washington has sought to secure its interest through freedom of navigation operations—sending ships or aircraft into areas that China claims but that the United States considers open to all—as well as increased military exercises with its friends and allies in the region. The United States also has an interest in defining the rules of behavior for cyberspace, where it has tried to strengthen deterrence by building up offensive capabilities, demonstrating its ability to attribute attacks, and indicting foreign hackers. It has also promoted norms of behavior through bilateral agreements and multilateral forums.

The principal policy options available in this case are discussed below. These responses are available individually, in combination, or all together.

Cyber responses. The United States could pursue a proportionate response that tries to disrupt critical networks within China, such as its banking system, for a limited period. The attacks could also be directed at a target that seems particularly valuable to the Chinese leadership, such as the censorship technology that constitutes the so-called Great Firewall. The U.S. response should be accompanied by some level of attribution, meaning that the United States would need to identify the attackers, and the attack would reveal some of the United States’ technical and intelligence capabilities.

With this option, the United States would essentially be responding in kind, keeping the U.S.-China dispute in the domain (cyberspace) it is already in rather than extending it. Thus, even if the conflict were to escalate, Washington could claim that it was not the instigator. Moreover, the United States would likely be capable of mounting a targeted cyberattack that stood a good chance of producing the desired effect.

Nonetheless, a cyber response has costs and risks. A cyberattack might fail if the defender has already patched the vulnerability. Given China’s extensive connection with the global economy, malware used against China could also quickly spread to the rest of world, infecting U.S. allies and eventually making its way back to the United States. Although limited to one domain, cyberattacks could also escalate rapidly. If attacks damage Chinese defense networks and command-and-control nodes, Beijing could fear that a conventional strike might soon follow and decide to launch conventional strikes on U.S. military assets as quickly as possible. Chinese economic retaliation against the United States is also possible. In addition, other countries could find U.S. claims of China’s guilt unconvincing. Failing to convince others that the Chinese government was behind the attacks would not only limit support for the U.S. response but also undermine Washington’s efforts to develop international norms for behavior in cyberspace.

Punitive sanctions. In April 2015, Obama issued an executive order that laid the groundwork for economic sanctions. Declaring a national emergency to deal with the threat of “significant malicious cyber-enabled activities,” the order enabled the Treasury secretary to sanction individuals and entities involved, directly or indirectly, in cyberattacks. Possible sanctions include freezing their financial assets and barring commercial transactions with them. In the current scenario, the White House could sanction high-level Chinese authorities who it believes ordered the attack and levy economic sanctions on government entities and state-owned enterprises deemed to be connected to the hacks. It could also expel Chinese diplomats from the United States.

Another response would be to indict the individual hackers involved. Although these individuals are unlikely to ever be handed over to U.S. authorities for trial, their international travel would be limited, and the indictments could deter future Chinese hackers who wish to someday travel abroad. As with the cyber response, punitive sanctions would involve identifying the attackers and revealing some U.S. technical and intelligence methods.

It could take a while for economic sanctions to be imposed; it could take even longer for them to bite and affect the target’s behavior. Chinese firms could also skirt financial restrictions by trading with Russia or others, and China could retaliate against U.S. companies that heavily export to China. The U.S. response could appear feckless, undermine deterrence, and embolden other cyberattackers. As with a cyber response, the United States would need to convince others that the Chinese government was behind the attacks. Otherwise, support for U.S. sanctions would be limited, possibly reducing their effectiveness.

Military responses. Washington could increase freedom of navigation operations and the U.S. military presence more broadly in the South China Sea. It would help small states build maritime law enforcement and security capacity and in particular improve the Philippines’ long-term maritime capabilities. The United States would also expand military exercises with states in the region.

Such a response is clear and well within the capability of the U.S. military and would also convey the United States’ resolve. Washington could announce that its military initiatives were in response to the Chinese cyberattacks, or it could refrain from doing so. Connecting the response to the attack publicly might be more escalatory but would have the advantage of marking a clear response to the Chinese behavior, ideally leading Beijing to reduce or end this activity. Not making the connection public would be less provocative but could signal to potential attackers that cyberattacks such as the one against Nasdaq fall below the threshold for a forthright response. Regardless of whether the United States announces the connection, military steps could escalate Chinese reclamation behavior in the South China Sea or lead to an incident that escalates into military conflict. Moreover, U.S. support could also embolden the smaller states to push China harder than they would dare to alone.

Learn More
See More

Case Notes Glossary


ad hoc:formed with a particular purpose, for a given topic or situation rather than a general or ongoing one.
advanced persistent threat (APT):a sophisticated cyberattack campaign usually conducted in phases and premised on remaining undetected in a network for a long time; generally carried out by states intending to gather information.
alliance:an official partnership between two or more parties based on cooperation in pursuit of a common goal, generally involving security or defense.
arbitration:a method of dispute resolution in which the parties submit their claims to an agreed-upon and impartial third party, who renders a decision that the parties agree to obey.
arms race:a competition between rival parties to develop and accumulate weapons. A nuclear arms race between the United States and the Soviet Union was a defining element of the Cold War.
Association of Southeast Asian Nations (ASEAN):a regional organization formed in 1967 to promote cooperation, stability, and economic development in Southeast Asia. ASEAN currently comprises ten countries in the region.


bilateral:undertaken between two entities, generally countries.


centrifuge:a mechanical device used for nuclear enrichment. Nuclear centrifuges contain rotors that spin quickly to separate different forms of the radioactive element uranium. Low-enriched uranium (with a relatively low concentration of a certain form) can be used for nuclear power; highly enriched uranium is needed for nuclear weapons.
command and control (C2):the exercise of authority and direction over military forces from a base or other military platform, such as a ship or plane.
counterintelligence:actions taken by an entity, usually a state, to prevent an enemy or another party from effectively engaging in espionage or sabotage.
cyberattack:intentional and malicious encroachment by an outside actor on computer networks, websites, or other cyber infrastructure; often aims to collect military and political intelligence, steal intellectual property, disrupt the operations of websites or other systems or equipment, or deface or otherwise alter websites; can have military, political, or economic goals; and can be carried out by entities ranging from governments to corporations to hackers.
cybersecurity:the set of practices and processes designed to protect cyberspace, data, computer networks, and information technologies from a cyberattack.
cyberspace:the virtual domain created by the exchange, creation, storage, and modification of data and information through digital networks and the electronic and electromagnetic spectrum. The internet is any set of computer networks that communicate with each using internet protocols, whereas cyberspace is the world of information exchanged through the internet as well as other forms of digital and electronic communication. Relatively new and lacking a shared understanding of the rules of state behavior and norms, cyberspace is an emerging sphere of conflict among states.


distributed denial of service (DDoS):a type of cyberattack that inundates a system or network, often a website, with data. This unusually high traffic makes the network unresponsive to regular users.
drone:an unmanned, remotely piloted vehicle generally used for reconnaissance and combat. Also known as unmanned aerial vehicles (UAVs), drones have become a major instrument in the U.S. campaign against al-Qaeda and other terrorist groups.


Edward Snowden:a former National Security Agency (NSA) contractor who provided classified information regarding NSA surveillance programs to the media. His leak of classified information shed light not only on U.S. government surveillance of U.S. citizens but also on U.S. espionage abroad. Snowden was charged by the U.S. government with several crimes related to his disclosure. He was, however, granted asylum in Russia, where he currently lives.
European Union (EU):a supranational organization composed of twenty-eight European countries, formally established by the 1992 Maastricht Treaty. The EU’s objectives include the economic, political, and security integration of its members, accomplished through such methods as removal of trade barriers; free circulation of EU citizens among certain member countries; and use of a common currency, the euro, by nineteen members. The EU is the largest U.S. trading partner and many of its members are among the most important U.S. allies.
exclusive economic zone (EEZ):the maritime area, established by the UN Convention on the Law of the Sea, that extends up to two hundred nautical miles from a country’s shore. Countries have exclusive economic rights to the resources in the waters and seabed of their EEZs. An EEZ differs from territorial waters, which extend up to twelve nautical miles from shore and which are sovereign territory.
executive order (EO):a decision issued by the president that carries the full force and effect of law. An executive order usually instructs government departments and agencies to implement or modify particular policies or procedures.


Great Firewall:the nickname for China’s cyber controls, created to censor, filter, and sometimes block, the flow of data or information to and from the country over the internet. A wordplay on the Great Wall of China, the Great Firewall is a mechanism for government control of the internet.


incumbent:an individual or entity currently in a given position. An incumbent president, for example, might run for reelection against a challenger.
indict:to formally accuse or charge an individual or entity with an offense or crime. In the United States, indictments are often issued by grand juries.
intellectual property:an invention, process, design, text, or other creation originating in a person’s or entity’s creativity; protected by a set of rights pertaining to three major categories: patents, copyrights, and trademarks. An automobile company’s intellectual property, for example, might include designs of cars and components, manufacturing processes, test data, and so on. Such intellectual property is often developed over long periods at great expense and can be immensely valuable.
intelligence:information collected and analyzed by specialists for use by decision-makers. This includes data, photographs, and communications, among other materials, and is collected, often secretly, by individuals and technological methods.
international law:a body of formal rules and norms considered binding among states. It is one of the organized bases upon which states interact with each other in the international system. Sources of international law include treaties, such as formal bilateral defense pacts or the United Nations Convention on the Law of the Sea, and international customs, such as general prohibitions against slavery and genocide, many of which are also formally codified.
internet governance:policies, institutions, and mechanisms under which governments, the technical community, the private sector, and users make decisions about the development and use of the internet.
internet protocol (IP):the protocol or set of rules that govern how data is transferred, sent, or received over the internet. Each computer has a unique numerical IP address that identifies it and helps organize the flow of information among servers, computers, and other devices accessing the internet.
Islamic State of Iraq and Syria:a terrorist organization that grew out of al-Qaeda in Iraq and seeks to impose a caliphate, a form of Islamic government promoted by Islamist fundamentalist reformers. Its leader, Abu Bakr al-Baghdadi, declared the land under the group’s control in Iraq and Syria the Islamic State on June 29, 2014. The group has gained notoriety for barbaric decapitations, immolations, and draconian social laws. It has drawn recruits worldwide with jihadist propaganda disseminated through social media.


Joint Concept for Access and Maneuver in the Global Commons:a U.S. military concept designed to counter an adversary’s ability to use high-tech weapons increase the risk to U.S. forces operating in a given geographic range; aims to defeat enemy missiles, submarines, and cyber capabilities while conducting cyberattacks on enemy equipment (including sensors, networks, launchers, and weapons) in the beginning stages of a conflict.
joint military exercise:a simulation or war game conducted by the armed forces of two or more countries. Purposes can include increasing military preparedness, building trust, and displaying capabilities to adversaries.


land reclamation:the process of creating new land or territory from areas under water. China has engaged in land reclamation activities around reefs of the South China Sea.
littoral:relating to areas along the shore, especially of a sea or ocean.


malware:malicious software designed to hack into or damage a computer or other device without the owner’s knowledge or consent; includes computer viruses, spyware, worms, Trojan horses, and other unwanted software; often aims to steal information stored on a device or to track a user’s activity.
multilateral:undertaken among three or more entities, usually countries. The term frequently describes organizations such as the United Nations (UN).


nationalism:a sense of pride in and loyalty to a national identity, which may or may not correspond to a sovereign state. This identity is often based on common traits such as ethnicity or language.
netizen:someone who habitually engages in activities on the internet; often refers to those engaging in uncensored online discussions on political, social, or cultural issues.
nonstate actors:individuals or groups that do not belong to or act on behalf of a state. This may refer to nongovernmental organizations such as Amnesty International, media outlets such as the New York Times, or terrorist groups such as al-Qaeda.
norm:a broadly accepted principle of behavior that may not be formally written but is generally agreed on and followed by members of a group, such as countries in the international system.
North Atlantic Treaty Organization (NATO):a military alliance among twenty-eight countries on both sides of the Atlantic, from the United States and Canada to Turkey. Established in 1949 by the United States, Canada, and ten western European countries, NATO—sometimes known as the Atlantic Alliance—has grown over the years to include many former states of the Soviet Union. Article 5 of the treaty that created NATO establishes its core principle of “collective defense,” which commits member countries to defend each other if attacked.
nuclear enrichment:a process using centrifuges by which natural uranium is processed into uranium suitable for nuclear reactions. Low-enriched uranium can be used for nuclear power; highly enriched uranium is needed for nuclear weapons. The International Atomic Energy Agency (IAEA) attempts to monitor this process as part of its efforts to ensure that nuclear technology is limited to peaceful uses.


patriotic hacker:an individual who commits a cyberattack against a perceived enemy of his or her country out of a personal sense of nationalism; sometimes operates under the direction of or with support of the state, other times independently.
Permanent Court of Arbitration (PCA):a multilateral institution founded in 1899 to resolve disputes among states, usually by arbitration. The Philippines introduced a case to the PCA regarding its territorial dispute with China over the Spratly Islands in the South China Sea.
politburo:the executive policymaking committee of a communist government, such as that of the Chinese Communist Party, the ruling party of China.


sanction:a tool of statecraft, frequently involving economic measures such as asset freezes and trade restrictions, used to exact a certain behavior or outcome from another party. The U.S. and EU sanctions against Russian companies and individuals that aim to encourage Russia to end its interference in Ukraine are an example.
Shia Islam:one of the major sects of Islam. Though they make up less than 20 percent of Muslims worldwide, Shiite Muslims account for about 70 percent of Bahrain’s population. Other countries with Shiite majorities include Iran and Iraq.
South China Sea:the sea bounded by mainland China to the north, Taiwan to the northeast, Vietnam to the west, the Malay Peninsula to the southwest, outlying Indonesian islands and Borneo to the south, and the Philippines to the east.
sovereignty:supreme or absolute authority over a territory.
special operations forces:elite U.S. military units, such as Navy Sea, Air, and Land (SEAL) teams and Army Special Forces, grouped under U.S. Special Operations Command (SOCOM). They conduct specialized and often sensitive missions that include guerrilla warfare, counterterrorism raids, counterproliferation, and advanced reconnaissance.
Stuxnet:a piece of malicious software, or malware, that targeted Iran’s nuclear program; believed to have been developed by the United States and Israel; designed to damage the centrifuges in Iran’s Natanz facility in order to slow down uranium enrichment and thus the country’s nuclear development. Stuxnet forced Iran to replace some one thousand centrifuges, prompting it to retaliate with further cyberattacks.
Sunni Islam:one of the major sects of Islam, comprising more than 80 percent of all Muslims. Bahrain’s ruling family is Sunni, even though Sunnis are a minority within the country. Countries with Sunni majorities include Saudi Arabia, Syria, and Egypt.
surveillance:a type of intelligence collection that involves the systematic, and often concealed, observation of people, places, and things by visual, aural, electronic, photographic, or other methods. It is a technique used by civilian and military intelligence entities. Examples include drones with video capability, wire taps on communications lines, and malicious spyware.


Taiwan:an island territory off the southeastern coast of mainland China. Occupied by Japan between 1895 and 1945, Taiwan came to constitute the Republic of China (ROC), with its own government, following civil war in China in the late 1940s. The mainland became the People’s Republic of China (PRC) in 1949, and it claims Taiwan as part of its territory. When the United States and Japan established formal diplomatic relations with the PRC in the 1970s, they acknowledged the “One China” formulation—Chinese on either side of the Taiwan Strait maintain there is but one China and that Taiwan is a part of China—to manage ties with Taiwan. The Taiwan Relations Act of 1979 requires the United States to provide for the adequate defense of the island; Japan has no such commitment.
territorial zone:as defined in the 1982 UN Convention on the Law of the Sea, an extension of a country’s sovereignty for twelve nautical miles from its coastal baseline; also known as territorial waters or territorial sea. China has claimed a territorial zone around artificial islands it has built in the South China Sea, a move the United States has opposed by sending military forces within twelve miles of them.
terrorist:a word used to describe an individual, organization, or act that employs violence to incite fear and achieve an objective, usually a political one.


United Nations:an international organization composed of 193 independent member states that aims to promote international peace and stability, human rights, and economic development. The United Nations was established in 1945 and remains the only organization with practically universal membership among the world’s countries. It includes the Security Council, General Assembly, and a range of other bodies; a secretary-general, currently Ban Ki-moon, serves as its leader. The United Nations also has an array of affiliated programs and agencies, such as the United Nations Children’s Fund (UNICEF), the United Nations Development Program (UNDP), and the United Nations Educational, Scientific, and Cultural Organization (UNESCO).
Role Play Sections
Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.

3.1 Role

Welcome to your role as a participant in the National Security Council (NSC)! You should have received an email with your role assignment, but if you did not, you can view your assignment by clicking on the “My Simulations” tab on your account page. At this point, you should have reviewed essential background information about the NSC, read the case, watched the accompanying videos, and perused some of the additional reading. Whether you have been assigned a specific role as an individual or part of a group, or as a general advisor to the president, we suggest you read the case once again to identify material that is particularly relevant to your role or that requires further investigation. After that, you will conduct independent research as you write your position memo and prepare for the role-play.

There are four subsections that follow. Research and Preparation (3.2) will aid your research for the position memo and provide additional reading to guide your research; the Guide to the Memoranda (3.3) provides information about position memos and an example; and the Guide to the Role-Play (3.4) provides more information on the in-class role-play.

You can learn about your role by reading the information provided on your role sheet, which can be found in the Guide to the Role-Play section (3.4).  Review this information thoroughly and often, as your objectives and strategy in the position memo and role-play will be shaped by the institutional perspective of the role you have been assigned (unless you are playing a general advisor). After you finish the role-play and subsequent debrief, you will have an opportunity to share your personal thoughts and recommendations on this case in a policy review memo (Section Four, Wrap-up).

Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.

3.2 Research and Preparation 

Your role sheet contains three parts: a description of your role, issues for consideration, and research leads. The role description details the position you will portray in the role-play. The issues for consideration will guide your thinking and assist you in approaching the case from the perspective of your assigned role. Most relevant, however, are the research leads. Going beyond the reports and articles linked to throughout the case and in the reading list, these research leads provide suggested materials and topics for further research specifically relevant to your assigned role. Below are some tips to review as you prepare for the role-play exercise.

Research and Preparation

  • Draw on the case notes, additional case materials, and your own research to familiarize yourself with

    • the goals of the NSC in general and of this NSC meeting in particular;
    • the U.S. interests at stake in the case and their importance to national security;
    • your role and your department or agency, including its purpose and objectives in the government and on the NSC;
    • the aspects of the case most relevant to your role;
    • the elements that a comprehensive policy proposal on the case should contain; and
    • the major debates or conflicts likely to occur during the role-play. You need not resolve these yourself, of course, but you will want to anticipate them in order to articulate and defend your position in the NSC deliberation.
  • Set goals for your research. Know which questions you seek to answer and refer back to the case notes, additional readings, and research leads as needed.
  • Make a list of questions that you feel are not fully answered by the given materials. What do you need to research in greater depth? Can your classmates help you understand these subjects?
  • Using the case materials, additional readings, and discussions with your classmates, weigh the relative importance of the U.S. interests at stake in the case. Determine where trade-offs might be required and think through the potential consequences of several different policy options.
  • Conduct your research from the perspective of your assigned role, but be sure to consider the full range of U.S. interests at stake in the case, whether diplomatic, military, economic, environmental, moral, or otherwise. This will help you strengthen your policy position and anticipate and prepare for debates in the role-play.
  • Consider what questions or challenges the president or other NSC members might raise regarding the options you propose and have responses ready.



  • Consult a wide range of sources to gain a full perspective on the issues raised in the case and on policy options. Seek out sources that you may not normally use, such as publications from the region(s) under discussion, unclassified and declassified government documents, and specialized policy reports and journals.
  • Remember: Wikipedia is not a reliable source, but it can be a reasonable starting point. The citations at the bottom of each entry often contain useful resources. 
  • Just as policymakers tackle issues that are controversial and subject to multiple interpretations, so will you in your preparation for the writing assignments and role-play. For this reason, evaluate your sources carefully. Always ask yourself:
    • When was the information produced? Is it still relevant and accurate?
    • Who is writing or speaking and why? Does the author or speaker have a particular motivation or affiliation that you should take into account?
    • Where is the information published? Determine the political leanings of journals, magazines, and newspapers by reading several articles published by each one.
    • Who is the intended audience?
    • Does the author provide sufficient evidence for his or her analysis or opinion? Does the author cite reliable and impartial sources?
    • Does the information appear one-sided? Does it consider multiple points of view?
    • Is the language measured or inflammatory? Do any of the points appear exaggerated?
  • Take note of and cite your sources correctly. This is important not just for reasons of academic integrity, but so that you can revisit them as needed.
  • Ask your teacher which style he or she prefers you use when citing sources, such as Modern Language Association (MLA), Chicago Manual of Style, or Associated Press (AP).

Reading List 


2.1 The Issue

Ian Bremmer, “These 5 Facts Explain the Threat of Cyber Warfare,” Time, June 19, 2015, http://time.com/3928086/these-5-facts-explain-the-threat-of-cyber-warfare.

“Fact Sheet: The Department of Defense (DOD) Cyber Strategy,” Department of Defense, April 2015, http://defense.gov/Portals/1/features/2015/0415_cyber-strategy/Department_of_Defense_Cyber_Strategy_Fact_Sheet.pdf.

“Why Is the South China Sea Contentious?” BBC News, July 12, 2016, http://bbc.com/news/world-asia-pacific-13748349.


2.2 Background

Jose Pagliery, “The Inside Story of the Biggest Hack in History,” CNN Money, August 5, 2015, http://money.cnn.com/2015/08/05/technology/aramco-hack.

David E. Sanger and Mark Mazzetti, “U.S. Had Cyberattack Plan if Iran Nuclear Dispute Led to Conflict,” New York Times, February 16, 2016, http://nytimes.com/2016/02/17/world/middleeast/us-had-cyberattack-planned-if-iran-nuclear-negotiations-failed.html.

Kathrin Hille, “Chinese Tech Companies Have Army-Linked ‘Cybermilitias,’” CNN, October 12, 2011, http://cnn.com/2011/10/12/business/china-tech-cyber-crime/index.html.


2.3 Role of the United States

“Fact Sheet: Cybersecurity National Action Plan,” Office of the White House Press Secretary, February 9, 2016, http://whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan.

David E. Sanger, “U.S. Wrestles With How to Fight Back Against Cyberattacks,” New York Times, July 30, 2016, http://nytimes.com/2016/07/31/us/politics/us-wrestles-with-how-to-fight-back-against-cyberattacks.html?_r=0.

Henry Farrell, “Promoting Norms for Cyberspace,” Council on Foreign Relations, April 2015, http://cfr.org/cybersecurity/promoting-norms-cyberspace/p36358.


Further Reading

Graham Allison, “The Thucydides Trap: Are the U.S. and China Headed for War?” Atlantic, September 24, 2015, http://theatlantic.com/international/archive/2015/09/united-states-china-war-thucydides-trap/406756.

Aria Bendix, “Trump Signs a Long-Awaited Cybersecurity Order,” Atlantic, May 11, 2017, https://www.theatlantic.com/news/archive/2017/05/trump-signs-cybersecurity-order-hacking-election/526407/.

Chris Bing, “Chinese hackers starting to return focus to U.S. corporations,” CyberScoop, November 6, 2017, https://www.cyberscoop.com/keyboy-dde-pwc-microsoft-word-rtf/.

Adam Blenford and Christine Jeavans, “After Snowden: How Vulnerable Is the Internet?” BBC News, January 27, 2014, http://bbc.com/news/technology-25832341.

Christopher Brank, Eneken Tikk-Ringas, “The Cyber Attack on Saudi Aramco,” Survival, April 1, 2013, https://www.iiss.org/en/publications/survival/sections/2013-94b0/surviv….  

Adrian Chen, “The Agency,” New York Times Magazine, June 7, 2015, http://nytimes.com/2015/06/07/magazine/the-agency.html.

“Cybersecurity Law of the People’s Republic of China,” Council on Foreign Relations, July 6, 2015, http://dev-www.cfr.org/internet-policy/cybersecurity-law-peoples-republic-china/p36788.

Simon Denyer and Emily Rauhala, “Beijing’s Claims to South China Sea Rejected by International Tribunal,” Washington Post, July 12, 2016, http://washingtonpost.com/world/beijing-remains-angry-defiant-and-defensive-as-key-south-china-sea-tribunal-ruling-looms/2016/07/12/11100f48-4771-11e6-8dac-0c6e4accc5b1_story.html.

“Five Things to Know: The Administration’s Priorities on Cybersecurity,” National Archives and Records Administration, https://obamawhitehouse.archives.gov/issues/foreign-policy/cybersecurity.

Bonnie S. Glaser, “Armed Clash in the South China Sea,” Council on Foreign Relations, April 2012, http://cfr.org/asia-and-pacific/armed-clash-south-china-sea/p27883.

Andy Greenberg, “China tests the limits of its U.S. hacking truce,” Wired, October 31, 2017, https://www.wired.com/story/china-tests-limits-of-us-hacking-truce/

Brian Michael Jenkins, “Cyberterrorism and the Role of Silicon Valley,” Rand blog, June 13, 2016, http://rand.org/blog/2016/06/cyberterrorism-and-the-role-of-silicon-valley.html.

Sarah Kreps and Debak Das, “Americans are united on retaliating against Russian cyberattacks,” Washington Post, January 19, 2017, https://www.washingtonpost.com/news/monkey-cage/wp/2017/01/19/americans….

Eric Lipton, David E. Sanger and Scott Shane, “The Perfect Weapon: How Russian Cyberpower Invaded the U.S,” New York Times, December 13, 2016, https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html.

Ewen MacAskill and Rajeev Syal, “Cyber-attack on UK parliament: Russia is suspected culprit,” Guardian, June 25, 2017, https://www.theguardian.com/politics/2017/jun/25/cyber-attack-on-uk-parliament-russia-is-suspected-culprit.

Mark McDonald, “Adding More Bricks to the Great Firewall of China,” New York Times, December 23, 2012, http://rendezvous.blogs.nytimes.com/2012/12/23/adding-more-bricks-to-the-great-firewall-of-china.

Barack Obama, “Taking the Cyberattack Threat Seriously,” Wall Street Journal, July 19, 2012, http://wsj.com/articles/SB10000872396390444330904577535492693044650

Nicole Perlroth and Michael Corkery, “North Korea Linked to Digital Attacks on Global Banks,” New York Times, May 26, 2016, http://nytimes.com/2016/05/27/business/dealbook/north-korea-linked-to-digital-thefts-from-global-banks.html.

Nicole Perlroth, “Among Digital Crumbs from Saudi Aramco Cyberattack, Image of Burning U.S. Flag,” Bits (blog), New York Times, August 24, 2012, http://bits.blogs.nytimes.com/2012/08/24/among-digital-crumbs-from-saudi-aramco-cyberattack-image-of-burning-u-s-flag.

“Remarks by the President at the Cybersecurity and Consumer Protection Summit,” Office of the White House Press Secretary, February 13, 2015, http://whitehouse.gov/the-press-office/2015/02/13/remarks-president-cybersecurity-and-consumer-protection-summit.

Sanctions Related to Significant Malicious Cyber-Enabled Activities,” U.S. Department of the Treasury, last updated December 31, 2015, http://treasury.gov/resource-center/sanctions/Programs/pages/cyber.aspx.

David E. Sanger and Nicole Perlroth, “N.S.A Breached Chinese Servers Seen as Security Threat,” New York Times, March 22, 2014, http://nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html.

Bruce Schneier, “The Story Behind the Stuxnet Virus,” Forbes, October 7, 2010, http://forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html.

Adam Segal, “Cyberspace Governance: The Next Step,” Council on Foreign Relations, March 2011, http://cfr.org/cybersecurity/cyberspace-governance-next-step/p24397.

Adam Segal, “An Update on U.S.-China Cybersecurity Relations,” CFR Net Politics blog, November 17, 2017, https://www.cfr.org/blog/update-us-china-cybersecurity-relations.  

Scott Shane et al, “Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core,” The New York Times, November 12, 2017, https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html?_r=0.

Amar Toor, “The U.S. is Dropping ‘Cyberbombs’ on ISIS,” Verge, April 25, 2016, http://theverge.com/2016/4/25/11501062/us-cyberattack-isis-cyber-command-nsa.

“Vietnam-linked hackers likely targeting Philippines over South China Sea dispute: FireEye,” Reuters, May 25, 2017, http://www.reuters.com/article/us-cyber-philippines-southchinasea-idUSK….

Derek Watkins, “What China Has Been Building in the South China Sea,” New York Times, last updated February 29, 2016, http://nytimes.com/interactive/2015/07/30/world/asia/what-china-has-been-building-in-the-south-china-sea-2016.html?_r=0.

Richard Wike, “6 Facts About How Americans and Chinese See Each Other,” Pew Research Center, March 30, 2016, http://pewresearch.org/fact-tank/2016/03/30/6-facts-about-how-americans-and-chinese-see-each-other.

Sam Wainwright, “Revolutionary Communication Innovations,” CNN, June 10, 2011, http://globalpublicsquare.blogs.cnn.com/2011/06/10/how-connectedness-is-spurring-innovation.

Kim Zetter, “The NSA Acknowledges What We All Feared: Iran Learns From U.S. Cyberattacks,” Wired, February 10, 2015, http://wired.com/2015/02/nsa-acknowledges-feared-iran-learns-us-cyberattacks.


Quotation Sources

Dorothy Denning, “Open and Back Doors: Why Cybercrime Is a Growing Threat,” TEDx Talks video, 15:45, November 9, 2015, http://youtube.com/watch?v=BOn5Nu_TeDQ&t=04m17s.

“Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security, New York City,” Department of Defense, October 11, 2012, http://archive.defense.gov/transcripts/transcript.aspx?transcriptid=5136.

“Remarks by the President at the Cybersecurity and Consumer Protection Summit,” Office of the White House Press Secretary, February 13, 2015, http://whitehouse.gov/the-press-office/2015/02/13/remarks-president-cybersecurity-and-consumer-protection-summit.

Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.

3.3 Guide to the Memoranda

A major goal of the Model Diplomacy program is to strengthen your ability to write concise, articulate, and persuasive documents that busy colleagues can absorb quickly. In completing this section and Section Four, you will write two memoranda, or memos. These assignments will improve your writing skills and give you a taste of how U.S. foreign policy is conceived, coordinated, and executed.

What is a memorandum?

  • A memo is a formal, succinct written message from one person, department, or organization to another. It is an important form of formal, written communication in the workplace. A memo is generally short, to the point, and free of flowery language and extraneous information. A memo is typically informative or decision-oriented and is formatted in a way that helps readers quickly grasp the main points.
  • In the National Security Council (NSC), memos consider, coordinate, and articulate policy options. They help analyze, evaluate, advocate, and channel those policy options and decisions within the bureaucracy.
  • Memos also function as historical record. Many memos related to NSC discussions and presidential decisions are filed in government archives. Some are later declassified and released to help people understand how policy was devised at a given time in U.S. history. You can access historical examples of memos online. One such resource is maintained by the Federation of American Scientists and offers links to memoranda and directives that various U.S. presidents have issued.

Position Memo 


  • The first memo everyone (except the president) writes is called a position memo. It is written from the perspective of your assigned role. It presents a set of policy options for consideration by the NSC and recommends one of them to the president. The recommendation, or position, outlined in this memo is the one you will present during the role-play. (Keep in mind you may change your position as a result of the role-play discussion.)
  • The position memo will help your fellow NSC members consider the issue efficiently and facilitate decision-making by the president. Equally important, it will help you clarify your understanding of the case by forcing you to identify the essential facts and viable policy options.
  • If you have been assigned a specific role, remember that you are writing from the point of view of the department, agency, or office you represent. Using your institutional position as a lens, you will outline a set of options to address the crisis. Make sure you take into account the pros, cons, and ramifications of each option as it pertains to your role and as it is informed by your reading of the case materials and further research. Also, anticipate critiques of your proposed policy and incorporate your response into the memo. Doing so will help you prepare for the role-play.

Note: If you are assigned the role of president, you will not write a position memo. Instead, you will write a two-page presidential directive, or PD, at the conclusion of the role-play. You will address the PD, which will follow a memo format, to the NSC members and inform them of your final decision regarding the policy option or options to be implemented (see below).

If your teacher has chosen to assign everyone the role of general advisor to the president, you will not need to write the position memo from a particular institutional position. Instead, you will have the flexibility to approach the issue from your own perspective, incorporating a comprehensive assessment of the crisis into your argument.


Position Memo Guidelines

Total length: approximately one thousand words

  • Subject and background (two short paragraphs): Summarize in the first paragraph the significance of the issue in the context of U.S. foreign policy and national security. Identify in the second the central policy question or questions to be decided. Provide just enough information about the crisis so that the reader understands your memo’s purpose and importance; do not attempt to discuss the case in any depth.
  • Objectives (bullet points): Succinctly state your department’s objectives in the current crisis. These can be general national security objectives (such as preventing war) or more specific goals tied to your department’s mission (such as protecting U.S. citizens). They should be important to U.S. national security, directly tied to the case, and feasible. These objectives should guide the policy analysis and recommendation that make up the rest of your memo.
  • Options and analysis (one paragraph for each option): Present and analyze several options for U.S. policy. Discuss their costs, benefits, and resource needs where possible. To illuminate the trade-offs inherent in complex policy decisions, be sure to acknowledge the weaknesses or disadvantages of each proposed option. No option is likely to be perfect.
  • Recommendation and justification (several paragraphs): Identify your preferred policy option or options and describe how you think it or they could be carried out. Explain your reasoning, keeping in mind that you aim to convince the president to follow your recommendation. Addressing the weaknesses or disadvantages you identified in the options and analysis section can help strengthen your argument.

Click here to see a sample position memo.

Presidential Directive


The format of the presidential directive is simpler than that of a position memo. A directive contains a record of the policy option or options that the president has chosen as well as the accompanying orders to various parts of the government with details on how to carry out these decisions.

  • Start with a short paragraph describing the purpose of the memo. Everyone you are writing to was in the NSC meeting, so only brief context is needed.
  • Explain in numbered paragraphs the decisions you have made, why you have made them, and any details regarding how you want the decisions carried out.
  • Explain the communications strategy for the decision, considering both relevant foreign governments and the public. Also, consider that you may wish to keep certain elements of the decision secret from the public.
  • Include any additional details before you sign.
  • Be sure to include all the information necessary for NSC members to understand and carry out your intentions.

Click here  to see a sample presidential directive.

Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.
Students at a Model Diplomacy simulation.

3.4 Guide to the Role-play

During the simulated NSC meeting, you will meet to debate and discuss U.S. policy options in response to the issues outlined in the case. Consistent with the NSC’s mission to advise the president, you should raise the issues that are most important for the president to consider. This will enable him or her to make the most informed decision on policy options. Though you may or may not agree with this decision, your responsibility as an NSC member is to provide the best possible analysis and advice from the perspective of your role.

Role-play Guidelines

  1. Stay in your role at all times.
  2. Follow the general protocol for speaking.
    1. Signaling to Speak

      1. The National Security Advisor (NSA) will administer the meeting and should decide on a speaking order. Wait to be called on by the NSA.
      2. If you would like to speak out of turn, signal to the NSA, perhaps by raising a hand or a placard, and wait until the NSA calls on you.
    2. Form of Speech
      1. Address the president as Mr. or Madam President and your fellow NSC members in the same fashion (for example, Madam Secretary).
      2. Do not exceed predetermined time limits. If you exceed these limits, the NSA will cut you off.
      3. Frame your comments with a purpose and stay on topic. Remember that you must advise the president so that he or she can reach a decision on a precise policy question.
    3. Listening
      1. Take notes while others are speaking.
      2. Refrain from whispering or conducting side conversations.
      3. Applause and booing are not appropriate. Your words will be the most effective tool to indicate agreement or disagreement.

Role-play Tips

  • There is no right or wrong way to participate in a role-play, but the better prepared you are, the more likely you will be able to advance a position effectively, and the more you and your classmates will get out of the experience.
  • Be patient during the role-play. Do not hold back from sharing your perspective, but be sure to give others a chance to do the same.
  • Where there are competing interests, make the judgment calls that you would make if you were a government official, as informed by your earlier consideration of potential trade-offs. Ensure that the consequences of various decisions are carefully weighed.
  • Where appropriate, find common ground with other members of the NSC during the role-play. With whom might you work in advocating your proposed policies? You may find that combining several policy ideas into a new proposal with broader support is an effective strategy if the debate is at an impasse.
  • Think critically about the strengths and weaknesses of your approach as the discussion continues. It is important to subject your own arguments to the same scrutiny that you apply to those of your fellow students. Rethink your arguments as appropriate to take into account the feedback and counterarguments that other NSC members present.
  • You cannot win or lose the role-play. Instead, you should aim to offer a well-reasoned articulation of your position while making concessions and adjustments where you believe they are warranted.
Line Item
2 to 3 minutes per participant
  1. Present initial positions to the president.
  2. Investigate the nuances of the positions through questioning.
  3. Clarify the central questions to be debated.
Procedural Notes

Each participant presents his or her position statement. If time permits, the president may ask questions to understand each NSC member’s position and bring out the essential questions he or she wishes to debate.

30 to 60 seconds per participant
  1. Clarify the obstacles, risks, opportunities, and threats.
  2. Evaluate the various positions on their merits.
Procedural Notes

This is the debate portion of the role-play, when participants can defend their recommendations against others’ and identify potential areas of compromise or agreement.

30 to 60 seconds per participant
  1. Narrow the options to a few comprehensive and well- focused strategies that the president prefers.
  2. Provide the president with clear recommendations (from NSC members), perhaps as a consensus or through a vote.
  3. Arrive at a final presidential decision 
Procedural Notes

This round should start with the president’s stating one to three preferred options to be fleshed out.

Wrap Up Sections
Obama, Xi Jinping, and Ban Ki Moon.
The UN Security Council

4.1 The Debrief

After the debate and deliberation close, the president will announce his or her decision, to be later finalized in the form of a written presidential directive (PD). If time permits, you will participate in a debrief following the president’s announcement. 

Be active in this debrief. The role-play might seem to be the most challenging part of the experience, but the debrief is equally important. It will reinforce what you learned during the role-play exercise and refine your analytical skills. It will also force you to step out of your role and to view the case from a personal perspective. You will have the opportunity to discuss any challenges you encountered and how you felt about the final presidential decision. The debrief will close with a reflection on the complexities and challenges of crafting foreign policy. This should help clarify your understanding of what you learned and answer any lingering questions. This exercise will also assist you in completing your final assignment, the policy review memo.  

Obama, Xi Jinping, and Ban Ki Moon.
The UN Security Council

4.2 Reflecting on the Experience

The following questions are proposed to guide the discussion in the in-class debrief. This is not an exhaustive list and may vary depending on how your role-play exercise unfolded.  If your class does not hold a debrief, these questions will nonetheless help you reflect on the role-play and write your policy review memo: 

  • Which issues received adequate attention during the role-play? Which, if any, received excessive attention or were left unresolved?
  • Did the group consider long-term strategic concerns, or was it able to focus only on the immediate issue and the short-term implications of policy options?
  • Which U.S. interests did the group or the president prioritize in the PD and why? Were you comfortable with this prioritization?
  • Did time constraints affect the discussion and influence the policymaking process?
  • What techniques did you use to convince others that your policy position was the best option? What were successful strategies employed by others?
  • What were the most significant challenges to your position? Did any make you rethink or adjust your position?
  • Did your points cause anyone else to change his or her arguments or position?
  • What political, economic, and other issues arose that you had not previously considered?
  • How did the simulation change your perspective on foreign policy decision-making?
  • If you could go back, what would you have done differently in presenting and advocating your point of view? 
Obama, Xi Jinping, and Ban Ki Moon.
The UN Security Council

4.3 Policy Review Memo

The policy review memo is your final assignment in the Model Diplomacy simulation. In the debrief discussion after the role-play, you and your classmates went beyond the role you played and thought about the issue from a variety of perspectives. Now that the National Security Council discussion and debrief are behind you, you can consider whether you personally support your recommended policy given the full spectrum of arguments and considerations that arose. Shedding your institutional role and writing from a personal point of view, you will craft a policy review memo that outlines and reflects on the policy options discussed, incorporating and critiquing the president’s decision where appropriate.

If you played the role of president in the simulation, your memo should still reflect your personal opinion. You can comment on the course of action you ordered as president, further justify it, write more extensively on the options you dismissed, or suggest and support alternate options.

No matter which role you played originally, take into account all you have learned. Your instructor will want to see whether and how your understanding of the issue and of the policymaking process has evolved from that expressed in your position memo.

As for the position memo, a sample policy review memo is provided for your reference.

Policy Review Memo Guidelines

  • Subject (one short paragraph): Offer a brief statement about the significance of the issue as it relates to U.S. foreign policy and national security. Provide just enough information about the crisis so that the reader can understand the purpose and importance of your memo. Be sure to include an initial statement of whether you agree or disagree with the president’s decision.
  • Options and analysis (one paragraph per option): Present and analyze the options discussed during the debate, deliberation, or debrief. Discuss their drawbacks, benefits, and resource needs. Be sure to acknowledge any weaknesses or disadvantages of the proposed options.
  • Recommendation and justification (several paragraphs): Identify and explain your preferred policy option or options in more detail. Here, you can explain why you personally favor one or more of the recommendations that you initially presented or the president chose, or different options entirely. If you choose to support the options you presented in your position memo, make sure to justify why you feel yours is still the best position.
  • Reflection (one to two paragraphs): Discuss how your position and the presidential directive are similar; if they are not, discuss how they are different. Use this section to give your thoughts on what the president should have included in his directive, or what you would have done differently. Remember, this is from your point of view; you are no longer advocating on behalf of a department or agency.

Click here to see a full example of a policy review memo.