SWJ Primer: Chinese Cyber Espionage and Information Warfare
History / Introduction
The first conflicts between the United States and China over cyberspace were strictly freelance affairs (Harold, 2016). Following real-world events, such as the bombing of China’s embassy in Belgrade in 1999 and the EP-3 incident off Hainan Island in 2001, hackers on both sides labored to deface websites in each other’s countries (Harold, 2016). The results were little more than minor annoyances but served to create and reinforce the impression within the United States that China primarily used proxies to carry out cyber-attacks both small and large (Harold, 2016).
It was in 2002 when the real cyber race began when the United States started to incorporate cyber warfare into its war doctrine (Rubenstein, 2014). During this time, the “National Security Presidential Directive, which outlined strategies, doctrines, procedures, and protocols for cyber warfare (Rubenstein, 2014). This was followed by the Information Operations Roadmap, published by the Department of Defense in 2003, which started to incorporate cyber warfare preparations, such as training military personnel in cyber defense, as part of normal military operations” (Rubenstein, 2014). Also, in 2003, the Communist Chinese Party Central Committee and the Central Military Commission approved the concept of ‘Three Warfares,’ a People’s Liberation Army non-military information warfare tool to be used in the run-up to and during hostilities (Iasiello, 2016). Collectively, the ‘Three Warfares’ allow China to enter any fray, whether in peace or war, with a political advantage that can be used to alter a public or international opinion. They are psychological warfare, public opinion/media warfare, and legal warfare (Iasiello, 2016).
In 2003, the first significant case of Chinese cyber espionage was launched against military and government targets (Rubenstein, 2014). Titan Rain refers to the wave of attacks on United States defense networks that targeted confidential national security information (Iasiello, 2016). The Titan Rain attacks are considered particularly dangerous because an attack can be completed in only 20 minutes and in a single day it was able to target high¬ profile targets such as NASA, the US Army Information Systems Engineering Command, the Defense Information Systems Agency, the Naval Ocean Systems Center, and the US Army Space and Strategic Defense Installation (Iasiello, 2016).
Chinese Cyber Attacks
While Titan Rain was the first significant case of Chinese cyber espionage, it certainly was not the last. Over time, expert U.S. assessments have concluded that China’s cyber operations have evolved to be a much more substantially centralized operation, with military and intelligence organizations in command-and-control roles (Rubenstein, 2014). An example of this centralized operation is the involvement of the People’s Liberation Army (PLA) in cyber espionage and information warfare. China’s PLA includes a special bureau under the intelligence department specifically for cyber intelligence, and it enlists programmers right out of college (Rubenstein, 2014). According to recent intelligence reports, the PLA is not only capable of advanced surveillance and espionage, but also possesses malware that can take down foreign electricity or water grids (Rubenstein, 2014).
China’s reputation as an aggressive actor in cyberspace was cemented with the penetration of Lockheed Martin’s F-35 Lightning II program that aimed to exfiltrate several terabytes worth of data (Jinghua, 2019). In another series of attacks, known as Shady RAT, researchers at McAfee discovered signs that showed the industriousness of Chinese hackers (Jinghua, 2019). The researchers found a server that housed stolen files from 74 hacked firms, all cached for later delivery (Jinghua, 2019). Most, but not all, of these firms were in the United States, and their businesses ranged from industry to commercial real estate (Jinghua, 2019).
In addition to these cases, back in 2011, Huawei (a Chinese telecommunications firm) was banned by the United States government from bidding for the tender for the United States emergency communications network because of their potential involvement with the Chinese government in cyber espionage against the United States (Mason, 2017). Lastly, in 2013, a report by the Mandiant, a cybersecurity company specializing in forensic investigation, presented copious evidence that at least one group within the PLA, unit 61398, was involved with more than 100 different intrusions into 20 different sectors of the United States economy dated back to as far as early 2006 (Harold, 2016). The results of the report were vital to cybersecurity experts because it was the first public argument that economically motivated cyber espionage (EMCE) could be traced not only to China but to the Chinese government (rather than to freelance hackers) (Harold, 2016).
According to Former FBI Director Chris Wray, “there’s no country that’s even close” to the People’s Republic of China when it comes to espionage (Grassley, 2018). General Keith Alexander echoed those comments and called China’s estimated gains from economic espionage of up to $600 billion, “the greatest transfer of wealth in history” (Grassley, 2018). In a press statement released by Senate Judiciary Chairman Chuck Grassley following a hearing on China’s non-traditional espionage against the United States, Grassley states “China is believed to be responsible for 50 to 80 percent of cross-border intellectual property theft worldwide, and over 90 percent of cyber-enabled economic espionage in the United States (Grassley, 2018).
China’s Motives for the Use of Cyber Espionage
To best access China’s motives when using cyber espionage and information warfare, we can begin with the bilateral talks on cyberspace initiated between the United States and China in 2013. These talks were intended to address the issues both countries had regarding cyberspace and cyber warfare. However, the Chinese cut off dialogue in 2014 in reaction to the United States indicting five PLA officers for conducting cyber espionage against United States targets (Harold, 2016).
Discussions between the United States and China on cyberspace did resume in 2015 when both President Obama and Xi met at the bilateral Strategic and Economic Dialogue, and their summit held in Washington later that year (Harold, 2016).
“For the United States, there were three significant issues China needed to address: its EMCE, its potential threat to the United States critical infrastructure, and the mutual risk of strategic misunderstanding. China would response by decrying United States accusations of hacking and claimed they were the victims instead. Also, the Chinese would complain about United States restrictions on market access for Chinese telecommunication firms, and United States funding of internet censorship-circumvention technology and argue for the right of states to control the information that individuals can access within their boundaries (a notion known as cyber sovereignty)” (Harold, 2016).
The discussions were meaningful because it allowed the United States to understand what was important to China, in terms of cyberspace, and what policies China would take on cybercrimes and warfare. In all, the two sides disagreed on the following five areas of cyberspace:
(1) The legitimacy of the use of cyberspace for economic or industrial espionage;
(2) National security uses of cyberspace for more-traditional forms of espionage and intelligence gathering;
(3) The prospective use of cyberspace for military operations;
(4) The putative rights of states to control information access within their borders (referred to by China as cyber sovereignty); and
(5) The issue of how international norms, rules, and the physical architecture of the Internet should be governed (Harold, 2016).
While, the talks ended with both Presidents formally committing that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” China still “remains the world’s principal IP infringer” with The Office of the Director of National intelligence noting “Chinese actors are the world’s most active and persistent perpetrators of economic espionage (White House, 2018).
When accessing all of the above, it is clear that “China remains very concerned, perhaps obsessed, with cyberspace hegemony” (Harold, 2016). The motivation for the Chinese to commit attacks of cyber espionage is to assume a power in cyberspace that no other nation has. “Cyber espionage is consistent with China’s broader approach to intelligence gathering and acquisition of strategically valuable intellectual property” (Harold, 2016). This is evident by China’s Cybersecurity Law, which entered into force in 2017, and “establishes security reviews for products and services, imposes restrictions on cross-border flow of data, requires data localization, and authorizes the development of national cybersecurity standards that exceed the burden and scope of international standards (White House, 2018).
The State of Chinese Cyber Espionage and Information Warfare
According to the U.S.-China Economic and Security Review Commission 2016 Annual Report to Congress: "Although the number of incidents of Chinese cyber espionage detected by FireEye [a cybersecurity firm] has declined, this likely reflects a shift within China away from prolific amateur attacks toward more centralized, professionalized, and sophisticated attacks by a smaller number of actors, rather than a trend toward the cessation of Chinese cyber espionage” (White House, 2018). This shift to more centralized attacks shows the influence the Chinese government is having in attacks involving cyber espionage and warfare. “It is estimated that in the last few years, Chinese hackers have attempted attacks on 2,000 companies, universities, and government agencies in the United States” (Rubenstein, 2014). These attacks have been committed by the roughly 100,000 cyber soldiers China may have at “an estimated cost of $300 billion a year in intellectual property theft from the United States”, according to retired General Keith Alexander (former director of the National Security Agency) (Harold, 2016). Chinese intrusions are so extensive that Shaun Henry, the former head of the FBI’s cybersecurity division, has remarked that, “There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached” (Harold, 2016).
When accessing the risks posed by China in the future, the Worldwide Threat Assessment of the US Intelligence Community report by the Director of National Intelligence to the Senate Select Committee on Intelligence presents multiple threats posed by China, especially regarding cyber operations. The report states that China’s cyber operations will increase to “threaten both minds and machines in an expanding number of ways- to steal information, to influence our citizens, or to disrupt critical infrastructure” (Coats, 2019). The report assesses that China’s intelligence services will exploit the openness of American Society, especially academia and the scientific community, using a variety of means, including improving its cyber-attacks capabilities and altering information online, shaping Chinese views and potentially the opinions of United States citizens (Coats, 2019).
Lastly, under the Online Influence Operations and Election Interference section of the report, the Director of National Intelligence, outlines the following possible targets for China’s future cyber espionage and information warfare activities against the United States:
- Beijing will authorize cyber espionage against key US technology sectors when doing so addresses a significant national security or economic goal not achievable through other means. We are also concerned about the potential for Chinese intelligence and security services to use Chinese information technology firms as routine and systemic espionage platforms against the United States and allies.
- China has the ability to launch cyber-attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States (Coats, 2019).
In conclusion, there is no doubt that China poses one of the greatest espionage and cyber-attack threats to the United States. The Chinese government has committed to becoming the world’s cyber leader and has made no real attempt to hide that notion. When assessing Chinese cybersecurity, we look at the infrastructure the government has built to address cybersecurity. From creating some of the strictest domestic cyber laws in the world to building a cyber army larger than a standing army of most countries, proves that China is establishing a presence in cyber operations. Going forward, it will be necessary for the United States to remain vigilant when it comes to the integration of Chinese technology to our “daily-use” technology and the nation’s critical infrastructure. As China becomes more sophisticated in their cyber operations, the United States must make it a priority to address all cyber concerns that national intelligence agencies have and must make the financial investment to prevent cyber espionage and protect our nations critical infrastructure from attacks.
Coats, D. (2019, January 29). WORLDWIDE THREAT ASSESSMENT of the US INTELLIGENCE COMMUNITY. Retrieved from https://www.dni.gov/files/ODNI/documents/2019-ATA-SFR---SSCI.pdf
Grassley, C. (2018, December 12). Grassley on Chinese Espionage: It's called cheating. And it's only getting worse. Retrieved from https://www.judiciary.senate.gov/grassley-on-chinese-espionage-its-called-cheating_and-its-only-getting-worse
Harold, S., Libicki, M., & Cevallos, A. (2016). Preface. In Getting to Yes with China in Cyberspace (pp. Iii-Iv). Santa Monica, Calif.: RAND Corporation. Retrieved from http://www.jstor.org/stable/10.7249/j.ctt1cx3vfr.2
Iasiello, E. (2016, June/July). China’s Three Warfares Strategy Mitigates Fallout From Cyber Espionage Activities. Retrieved from https://www.jstor.org/stable/pdf/26466776.pdf?refreqid=excelsior:f8438e7335ecdfbfda4835fa1c1af2b8
Jinghua, L. (2019, April 01). What Are China's Cyber Capabilities and Intentions? Retrieved from https://carnegieendowment.org/2019/04/01/what-are-china-s-cyber-capabilities-and-intentions-pub-78734
Mason, B. (2017, October 19). So Who Has the Most Advanced Cyber Warfare Technology? Retrieved from https://www.nasdaq.com/article/so-who-has-the-most-advanced-cyber-warfare-technology-cm861979
Rubenstein, D. (2014, December 15). Nation State Cyber Espionage and its Impacts. Retrieved from https://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage.pdf
White House. (2018, June 01). How China’s Economic Aggression ... - whitehouse.gov. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/06/FINAL-China-Technology-Report-6.18.18-PDF.pdf