China Reaches into its Cyber Toolkit to Wage Economic Warfare

Samantha F. Ravich
Senior Advisor, Center on Sanctions and Illicit Finance, Foundation for the Defense of Democracies

When Beijing got the word that the United States was accelerating the deployment of its Terminal High Altitude Area Defense (THAAD) system to South Korea as a response to North Korea’s latest missile tests, senior Communist Party officials went, no pun intended, ballistic. The official Chinese news agency Xinhua wrote that the deployment of THAAD will lead to an increased arms race in the region and threatened that more “missile shields of one side inevitably bring more nuclear missiles of the opposing side that can break through the missile shield.”

Meanwhile, the Chinese government has increased the pressure on South Korean private firms operating in China as a punishment and warning for Seoul’s decision. Lotte, a South Korean conglomerate that sold the government a golf course to be used for THAAD, felt the pain almost immediately upon the announcement of its role in the defense battery’s positioning. Chinese authorities shuttered dozens of Lotte stores on the mainland, using the flimsy excuse that the government had just discovered that the stores did not comply with fire regulations. Beyond the closure of the physical stores, Lotte’s website was brought down and Lotte Duty Free suffered a distributed denial-of-service attack originating from Chinese internet addresses. Initial estimates of lost business and damage from these cyber attacks are in the hundreds of thousands of dollars.

Although a small dollar figure compared to the total garnered by Lotte from its 150 chemical plants, supermarkets, and other facilities operating in China, the shot across the economic bow did not go unnoticed in Seoul. South Korea exports to China were worth more than $120 billion last year, about a quarter of the country’s total exports, and it is particularly vulnerable to such coercion.

This is a classic case of cyber-enabled economic warfare – that is, attacks against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.

The United States is not immune from this type of attack. China’s massive and prolonged campaign of intellectual property theft against U.S. firms, often conducted via cyber-enabled technologies, annually costs American companies hundreds of billions of dollars and more than 2 million jobs. This cyber-enabled economic espionage is part of Beijing’s overall campaign to weaken the U.S. economy and, by so doing, the country’s ability to both fund and field defense capabilities. To date, however, administration after administration has viewed each attack individually, as separate incidents, instead of collectively, as elements in a coordinated adversarial strategic plan.

As a result, the U.S. response has been weak and limited to efforts to discuss cyber norms. Indeed, some hoped the September 2015 agreement between Chinese President Xi Jinping and former President Barack Obama would tamp down the cyber attacks emanating from Beijing. While there has been a notable downturn – confirming, in fact, that the cyber attacks were centrally directed – the assaults on the U.S. economic base and technological innovations have not stopped.

Last month, the UK’s National Cyber Security Centre and cyber units at PwC and BAE Systems collaborated to identify a large-scale attack – beginning in 2014 but ramping up in 2016 – against suppliers of IT outsourcing by a group called APT10. Dubbed “Operation Cloud Hopper,” the attackers methodically infiltrated supply chains for IT as a form of one-stop shopping, given that these firms service a wide array of businesses and sectors. According to the report, the IP addresses used in the attacks were traced back to China and, as with other Beijing-sponsored attacks, the hackers operated during the Chinese workday, regularly breaking for lunch at the scheduled hour. The scale and scope of the attack on European and U.S. firms, either directly or indirectly, has not yet been disclosed but what seems clear is that the Chinese government’s assurance and promises to curtail its hacking activities are hollow.

The Cloud Hopper exposé is just another clarion call in a growing cacophony of attempts to get the government and private sector to wake up to the fact that the undermining of the U.S. economy by adversarial states (not just China) and actors is a national security threat of the first order. Last month’s Defense Science Board Task Force on the Cyber Supply Chain report discusses how the Pentagon can be crippled through maliciously inserted cyber and physical vulnerabilities into the weapons and goods that power the U.S. military.

As the Trump Administration begins work on its National Security Strategy, it should not only take note of this new battlefield, but also properly develop and resource the tools and capabilities needed to recognize, understand, and defend against it. While U.S. Cyber Command, the Homeland Security Department, and the FBI play critical roles in this effort, broader skills are also necessary. The Treasury Department brings to the conversation its connectivity to the banking sector; the Commerce Department, its role in creating the conditions for economic growth and opportunity; the CIA, its understanding of adversarial intentions and strategies; and the State Department, its ability to forge and strengthen foreign partnerships to confront such dangers. Each of these agencies must be tasked to do what is needed to prevent any adversary from undermining U.S. national security through the intentional undermining of its economy. Without a more forward-leaning strategy, the Trump Administration will repeat the failures of its predecessors and leave the U.S. private sector to battle foreign adversaries in cyberspace alone.