China Pivots its Hackers from Industrial Spies to Cyber Warriors
China continues to deploy military equipment to contested islands in the South China Sea, raising concerns among regional players and U.S. forces stationed in the Pacific.
A Chinese government strategy document published last month by China’s state-owned news agency Xinhua signals that Beijing is building up its military cyber capabilities. It says that China will “expedite the development of a cyber force and enhance capabilities… to prevent major cyber crisis, safeguard cyberspace security and maintain national security and social stability.”
To be sure, the Chinese document acknowledges that its activities in cyberspace could aggravate tensions with the U.S. and other major powers. It says that “the tendency of militarization and deterrence buildup in cyberspace is not conducive to international security and mutual trust” – seemingly a direct response to the April 2015 Pentagon strategy report strongly emphasizing that the U.S. must build up its offensive capabilities to deter adversaries from engaging in malicious activity in cyberspace.
Given China’s past espionage in cyberspace, its move from economic theft towards militarization in the virtual domain represents a pivot that Washington could regard as threatening. While issues of trade and North Korea are likely to consume much of the discussion during this week's summit between Chinese President Xi Jinping and President Donald Trump, the growth of cyberspace as a battlefield domain could also be a point of focus. What is China’s history in cyberspace in relation to the United States, and what has led to this change in policy?
Chinese leaders perceive cyberspace as a means of advancing economic growth, preserving the Chinese Communist Party, and maintaining stability and national security. Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, argues that Chinese state-sponsored hackers seek to steal foreign technology via cyber espionage, weaken domestic opposition to the regime, and offset U.S. conventional military supremacy.
Despite some instances of political and counter-intelligence collection – such as the 2015 breach of the U.S. Office of Personnel Management and the alleged hacking into the 2008 presidential campaigns of former President Barack Obama and Sen. John McCain (R-Az) – Chinese cyber espionage has focused largely on the theft of intellectual property, trade secrets, and other sensitive commercial information. Its chief aim has been to boost Chinese economic competitiveness.
In 2010, Gen. Keith Alexander, then U.S. Cyber Commander and director of the National Security Agency, said that, “our intellectual property here is about $5 trillion. Of that, approximately $300 billion is stolen over the networks per year.” He called this theft “the greatest transfer of wealth in history.” By 2013, U.S. officials had begun publically decrying China’s economic espionage, only to be faced with denial from Beijing. In 2014, the Department of Justice obtained indictments against five members of the Chinese People’s Liberation Army (PLA), charging them with using computer network operations to commit commercial espionage.
Not long after, the U.S. threated China with sanctions and potential cancellation of a planned summit in September 2015 between President Xi and then-President Obama. Negotiators were quickly dispatched and the event went forward. During the summit both countries announced an accord, commonly referred to as the Xi Agreement, in which they agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
The Xi Agreement was shocking in that China implicitly acknowledged having conducted economic espionage in the past and agreed to stop doing it. Many observers were skeptical that the Chinese would abide by the pact, but a report by Mandiant, now a branch of the American cyber security firm FireEye, found a notable decline in Chinese hackers targeting U.S. companies – which suggests that the Chinese were taking the accord seriously.
However, according to Chris Porter, manager of FireEye’s Horizons team, “while appearing as a significant diplomatic victory for the Obama administration, in reality China simply agreed to stop doing operations that it didn’t want to continue anyway.” He notes that Chinese hackers were often moonlighting as for-hire-hackers, sometimes even targeting Chinese companies. At the time, President Xi was in the midst of a robust anti-corruption campaign while also centralizing power, including in cyberspace, under his control.
Porter argues that “Chinese leaders are heeding a lesson about the limitations of cyber espionage that stems from the fall of the Soviet Union: you cannot steal your way to innovation.” China hopes eventually to become a world leader in cutting-edge research, he says, so it “wants to live in a world where patents are respected and its own claims are viewed as legitimate and untainted by accusations of intellectual property theft.”
Martin Libicki, the Keyser Chair of cybersecurity studies at the U.S. Naval Academy, says that ultimately, “A combination of declining returns and increasing risks on the one hand and the prospects of U.S. sanctions on the other led Chinese President Xi Jinping to agree to end Chinese commercial cyber espionage against first the United States, then the United Kingdom, and finally the other G-20 nations.” Chinese hackers are still conducting some business-focused espionage and recently have intensified their targeting of Russian officials and institutions. But they seem focused on gleaning intelligence on military capabilities and on government officials who interact with business executives.
Furthermore, the Chinese People’s Liberation Army (PLA) elevated cyber operations under the Strategic Support Force in December 2015, placing the virtual domain on par with other branches of the military. “The best guess,” Libicki says, “is that Chinese cyber warfare will be focused on supporting conventional military operations as opposed to assuming an independent role in strategic warfare, as U.S. Cyber Command seems to be doing, or to bolster information operations, as Russia seems to be doing.”
The U.S. may use its cyber capabilities for “left-of-launch” missile defense against North Korea – meaning, sabotaging planned missile launches before they happen – and to disrupt ISIS communications.
By contrast, China is consumed by fears of a massive U.S. military intervention in Asia. Beijing is building up its anti-access and area-denial (A2/AD) military strategy in the South China Sea by adding cyber and electronic warfare capabilities meshed into what is referred to as “Integrated Network-Electronic Warfare.” A report published by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn maintains that PLA units responsible for electronic warfare are taking on the role of running computer network operations as well.
China’s “strategy consists of neutralizing the logistics and communications infrastructure that permits U.S. forces to operate so far from home,” Libicki says, and is “pursuing the ability to corrupt U.S. information systems – notably, those for military logistics – and disrupt the information links associated with command and control.”
Such network and electronic attacks could target the U.S. military or regional allies’ early warning radar systems and could cause blind spots in U.S. command and control systems. The PLA could use these blind spots to deploy sorties or launch ballistic missile strikes. It could deliver these capabilities early in hostilities, integrated with technologies that could sabotage U.S. weapons systems, or even U.S. critical infrastructure, so that U.S. forces could not respond in a timely way.
To accomplish effective cyber attacks on U.S. command, control and communications platforms, or any advanced systems, the PLA would have to conduct cyber reconnaissance ahead of time. China has already begun to probe some potential targets, including elements of the U.S. power grid and review the designs of weapons systems such as the F-35 combat aircraft, the Patriot missile defense system, and U.S. Navy littoral combat ships.
“Because China, like other nations, has had far less practice at cyber warfare than cyber espionage, it is harder to anticipate its intentions and plans,” says Libicki. China’s efforts to augment kinetic assaults with cyber and electronic warfare could escalate a conflict by setting up a scenario in which adversaries might view espionage as a step toward war.
Levi Maxey is a cyber and technology producer at The Cipher Brief. Follow him on Twitter @lemax13.