Russia, China, and Cyber Espionage
In the wake of a series of hacks against government and private networks, it is clear that Russia and China are among the most active and proficient nations in regards to cyber operations. One needs to only review the most high-profile breaches to see that many of them are believed to be the work of one of these countries. China is thought to be behind the OPM hack and has been hacking a large number of American businesses to steal trade secrets and intellectual property. Russia almost certainly hacked the DNC and has breached networks at both the White House and the State Department. Clearly, both China and Russia are finding value in cyber operations as a means of achieving their foreign policy goals, and this is likely to create a more perilous cyber environment moving forward.
Simply put, cyber-operations provide too many advantages for either Russia or China to decrease their reliance upon them. As The Cipher Brief has previously reported, cyber-operations are very difficult to conclusively attribute to any given nation. Even in the cases of the OPM hack and the DNC hack, most experts will only say that the code was developed by Chinese or Russian speakers, and that the attacks were launched from within their territory. However, that is not enough in and of itself for formal charges of blame to be levied against either country.
Cyber operations are also an essentially asymmetric tool, in that they level the playing field between nations that may have wide disparities in terms of the effectiveness of their conventional forces. However, this cuts both ways, as the United States also conducts a considerable number of cyber operations in support of intelligence collection. This leads into the third primary advantage of cyber as it relates to espionage, which is that cyber-capabilities make exfiltrating large volumes of information much, much easier than would be the case otherwise.
These advantages translate directly into gains towards foreign policy goals for both Russia and China. Leo Taddeo, Chief Security Officer at Cryptzone, told The Cipher Brief that “while both of them are engaged in both types of activity, I think the emphasis by the Russians is on diplomatic and military information and the emphasis for the Chinese is on business information.” Russia wants access to military and diplomatic information in order to influence events in Europe in a way that is advantageous to its interests.
In contrast, China needs access to foreign intellectual property in order to keep their economy going. According to Justin Harvey, Chief Security Officer at Fidelis Cybersecurity, the Chinese “have reached a point with technology and their economy where it’s been boosted and injected full of our commercial intellectual property, but to sustain that technological advancement requires a lot more infrastructure, education, and people that they don’t have yet.”
Cyber operations have proven to be an extremely subtle and flexible tool that nations can use to pursue their objectives while minimizing the chances of any given action escalating tensions into outright war. For this reason, it is reasonable to assume that Russia will continue to exploit cyber vulnerabilities to aid in intelligence collection and battlefield preparation efforts. There is no incentive for Russia to stop doing either, as both support their goal of countering the United States’ ability to challenge them in Europe.
Likewise, the Chinese will continue to use cyber to gain advantage in terms of economic growth. While there is evidence that China has backed off from cyber-enabled economic espionage against the United States, it has plenty of other targets to pick from in Europe and Asia. And, despite their focus on meeting economic objectives, China will likely continue to engage in traditional espionage as well.
Both nations will almost certainly continue to grow in sophistication and will work to make their actions even harder to attribute, as this will expand the usefulness of their cyber operations. The United States will need to work to keep pace in terms of detection and cyber-forensics if there is to be any hope of establishing credible deterrence against these adversaries.
Luke Penn-Hall is a cyber and technology producer at The Cipher Brief.