Cyber espionage - the Chinese way

We reviewed the Chinese intelligence community structure, the way they collect data and, as a result of the first two, also tackled the monolith myth of China in order to explain why most things you hear about Chinese cyber activities do not make sense nor survive any closer analysis. Now it is time we have a look at Chinese cyber capabilities and their use.

This is Part 4 of the four part series:

  1. Chinese intelligence structures
  2. The Chinese way of collecting data
  3. [China: the monolith myth]((
  4. This post

Rapid rise, asymmetric going on symmetric and information warfare

China has in a quick succession went from the underdog on the cyber scene to one of the leaders of the pack. In 1996, when public internet was allowed in China, there were only 2 million users. Now, in April 2014, there are about 620 million internet users in China. For comparison: that’s twice the total population of the USA. Chinese quickly grasped that the internet is the new way to do business, whatever business they’re in. PLA recognised the power of the internet and in 1998, two short years after internet became publicly available, two Chinese colonels wrote a seminal work for the time: Unrestricted Warfare. At the time of its publishing the book caused a stir in the US because it identified US military’s dependence on ICT networks as its major vulnerability - something that PLA could target and exploit in asymmetric warfare. PLA’s strategy for use of electronic and cyber warfare has since evolved dramatically. First, because it is no longer an underdog: >The PLA is pursuing a highly ambitious cyber-warfare agenda that aims to link all service branches via a common ICT platform capable of being accessed at multiple levels of command and has created three new departments of Informatisation, Strategic Planning and Training to bring this agenda into being.

Moreover, PLA took the opposite direction on cyber, technology and information superiority to the US since late 1990s: US started with the information warfare concept in the 1990s, then slowly rejected the softer aspects of it and focused solely on network-centric warfare and electronic warfare. PLA started with network-centric warfare and electronic warfare and started incorporating information warfare concepts to arrive at information confrontation concept today.

Cyber espionage and conflict

A lot of available information in China deals with cyber warfare (to use Western term), but there’s precious little talk about cyber espionage. Cyber espionage is the topic is tightly linked with China in the Western sphere of influence, thanks to operations such as Titan Rain, Aurora (with later revelation that it was, in fact, counter-intelligence job) and Ghost Net.

Like Russia, so too China considers war to be the final stage on the conflict continuum. Stages on the conflict continuum can be roughly divided into:

  • meddling in other country’s internal affairs via purely informational means (including meeting Dalai Lama, supporting Tibetan independence, supporting Uighur plight, …)
  • social conflict (increased terrorist, ethnic separatist, extremist activity);
  • armed conflict;
  • war.

What this means for Chinese understanding of cyber conflict is that “support for separatist movements”, I.e. Tibetans, Uighurs, etc. ranks on the conflict continuum, whereas industrial espionage is a simple legal issue. To China industrial espionage, even state-sponsored, is just way of conducting business, if illegal. Hostile information activity on the other hand is squarely on the conflict continuum. The West takes the opposite view, but there aren’t enough people versed and understanding both views to build a bridge.

Industrial-scale industrial espionage

There is no doubt that entities in China are indulging in large scale industrial espionage of a variety of industries across the globe. But, >the overall picture is reminiscent of China’s earlier humint-driven efforts to collect foreign science and technology. There is still a significant ‘Wild East’ aspect, characterised by an apparent absence of effective co-ordination and the involvement of a multiplicity of actors with different motivations.

Two distinct groups of targets of Chinese espionage are:

  1. Covert science and technology (RSA, Lockheed-Martin, etc.)
  2. Political and economic intel on foreign governments and NGOs and opposition groups outside China.

The former is focus of 3/PLA, whilst the latter is traditional MSS ground. Since China’s intelligence services maintain a distinct culture of isolationism from other services it is not unthinkable that both 3/PLA as well as MSS have developed their own cyber espionage capability.

Former head of NSA, General Alexander said that China operates an industrial-scale cyber espionage aimed at the US government and US industries. So far Chinese spies have yet to show that it has the ability to actually process and put to its own benefit all this stolen information. In the end, the two cases that are used as examples of Chinese industrial espionage (yes, only two well documented cases after all this time) the AMSC wind turbine affair and the Nortel long-term espionage serve best to explain the difference. In the AMSC case the industrial espionage was performed by the erstwhile business partner that managed to steal not just the code but also the coder. This dealt a significant blow to the organisation and it all happened in a really short period of time.

In the Nortel case the adversary had access to the internal network and all the information Nortel had for at least a decade with no significant impact to Nortel stemming from the breach and espionage itself. It was Nortel’s poor business practises and lack of competitiveness that did it in.

It is unknown how much China’s Standing Committee (and the Party bureaucracy) can do about the cyber espionage undertaken by Chinese intelligence services and other parties in China.

The two top priorities for the Chinese Community Party are maintaining economic growth and domestic stability and averting any challenges to the leadership of the Party. Reigning in cyber and other espionage, if it is contrary to the top two priorities, is out of the question.