China has made significant efforts to try to stop cyber espionage, but it's proving a difficult task.

Download this essay (PDF)

Despite criticism from skeptics, China is trying to honor its “no commercial hacking for profit” commitments as first promised in an accord with the United States, and later reaffirmed at the November 2015 G20 summit.  Recent news reports cited that in a show of good faith, China had arrested hackers per the U.S. government’s request prior to meeting with President Obama in September.  While detractors believe that commercial cyber espionage hasn’t really stopped, recent Chinese efforts show a government trying to get a handle on its large spying apparatus that could include hired and independent contractors acting autonomously in addition to its other resources.  While complete cessation may never occur, significant timely reduction demonstrates Beijing’s willingness to work with the United States as a partner and not a pariah, and provides a foundation from which the two governments can move forward on other cyber security areas where incongruity persists.

China’s Cyber Spying Apparatus – Too Large to Manage?

According to recent press reporting,[1] cyber spying perpetrated by the Chinese military against U.S. commercial targets waned substantially after the Department of Justice indictment of five People’s Liberation Army (PLA) officers for cyber-enabled commercial espionage.  While this represents significant progress toward curbing bad behavior by a state whose nefarious cyber theft was termed “pervasive”[2] by the Director of National Intelligence, some believe that China’s foreign intelligence service is still engaged in these types of activities.  According to one security vendor,[3] as of mid-October 2015, hackers associated with the Chinese government have targeted seven U.S. companies (five technology, two pharmaceutical) since September.

Still, despite these proclamations, there are those U.S. officials taking a pragmatic approach to the cessation of China’s cyber spying for commercial gain, such as the deputy commander of U.S. Cyber Command,[4] who believes the effort will take time. According to the same press report, led by its president, China began applying pressure on its military to cease its economic espionage refocusing it on operations that support ensuring the country’s national security interests.   This is encouraging for a state that has perpetually denied any involvement in hacking.

China is suspected of having successfully infiltrated the networks of as many as 141 organizations from 15 nations and in nearly two-dozen critical industries including tech, financial services, government, and defense since 2006,[5] an effort that would take considerable resources to perform. The Chinese military, which has approximately 15 units known as technical reconnaissance bureaus[6] that have a signals/cyber collection mission, is only one part of equation.  The PLA has a strong militia system,[7] as well, in which active reserves augment almost every area of military operations.  Added to the mix are several civilian organizations that are believed to have a cyber mission such as the Ministry of Public Security (MPS), as well as the Ministry of State Security (MSS),[8] which has been linked by some to the 2015 Anthem breach.[9]  Added to the mix are academic[10] and research institutes[11] that may also be pursuing their own cyber espionage efforts.

While this may seem monolithic in scope, and a surprise to some, for China watchers, Chinese interest in this area is not novel, although it has been evolving.  Discussions on network warfare were included in China’s 2013 Science of Military Strategy,[12] an authoritative study of Chinese strategic thinking. Identifying PLA, MSS/MPS, and “non-governmental” forces involved in these types of activities.  Indeed, the need for these forces is reaffirmed in China’s 2015 military strategy in which it identified “information society” (cyber power) as the departure point of international security.”[13]

Of note, according to the same press report,[14] some portion of the vast Chinese cyber espionage operations looks to have been conducted by military personnel independent of the government’s direction, and perhaps, knowledge.  Like independent contractors looking for buyers for their merchandise, these individuals provided stolen information to companies, further blurring the lines of what constitutes state culpability in these types of activities, and further complicates controlling them.  There has been steady reporting reflecting the continued convergence of the tactics, techniques, and procedures (TTPS) used by cyber criminal and cyber espionage actors, such as employing spear phishing and using the same malware, for example.[15]  Despite having a steadily increasing military budget, inflation has impacted any benefits, contributing to significant corruption among its ranks,[16] which may help explain “moonlighting” practices and this cross pollination of criminal and espionage TTPs.

Given the various state and non-state individuals potentially engaged in cyber collection, it should come as little surprise that the volume of theft cannot be turned off at a moment’s notice.  Taking into account overlapping mission areas, competition to deliver, target deconfliction issues, operations currently underway, independent operations, priority and non-priority tasking, it is understandable why reduction of cyber theft may be more of a evolving process than previously anticipated.  This may help to explain the various targets and various types of capabilities observed over the past few years. Further complicating matters, oversight of these groups likely varies depending on the level of state affiliation that exists.

The recent arrest of hackers suspected of conducting the breach against the Office of Personnel Management in 2015 revealed that the hackers in question were criminals and not state-sponsored, according to Chinese officials.[17]  While skeptics doubt that the “real” perpetrators will be the ones prosecuted, it does demonstrate China’s willingness to meet the conditions of its promises to the United States.  It also sends the message that China is a contributing partner in the global fight against cyber crime—crime being the optimum word here—and may open up future discussions to determine what is a global consensus on espionage definitions and characteristics.

Conclusion

This gives hope for cautious optimism in Beijing reducing—not completely stopping—cyber-enabled commercial espionage.  While detractors are quick to point out that the recent “no hack” pledges made by China with other governments, including the joint one made at the recent G20 meeting,[18] are paper promises that have no hope of enduring over a long period of time, they are nevertheless a marked progression toward codifying acceptable—and more importantly, unacceptable—nation state behavior in cyberspace.

This is not to say the United States should grant China carte blanche to stopping cyber espionage activities on their timetable.  Washington should further engage with Beijing on the identification of key deliverable milestones and how they will be measured that would demonstrate Beijing’s commitment to its pledge.  Too much progress has been made to let a knee-jerk reaction derail the agreement.  As cited by one former White House director for cyber security policy at the National Security Council, “The importance of China committing to answer our calls… is a massive, massive change.”[19]  Allow the carrot of diplomatic engagement to run its course as the stick of sanctions always looms near.

References

[1] Ellen Nakashima, “Following U.S. Indictments, China Shifts Commercial Hacking Away from Military to Civilian Agency,” The Washington Post, November 30, 2015, https://www.washingtonpost.com/world/national-security/following-us-indictments-chinese-military-scaled-back-hacks-on-american-industry/2015/11/30/fcdb097a-9450-11e5-b5e4-279b4501e8a6_story.html

[2] Andrea Shaal, “Top US Spy Skeptical About U.S.-China Cyber Agreement,” Reutuers, September 30, 2015, http://www.reuters.com/article/2015/09/30/us-usa-cybersecurity-idUSKCN0RT1Q820150930

[3] Joseph Menn, “China Tried to Hack U.S. Companies Even After Cyber Pact,” Business Insider, October 19, 2015, http://www.businessinsider.com/r-china-tried-to-hack-us-firms-even-after-cyber-pact-crowdstrike-2015-10

[4] Ellen Nakashima, “China Still Trying to Hack U.S. Firms Despite Xi’s Vow to Refrain, Analysts Say,” The Washington Post, October 19, 2015, https://www.washingtonpost.com/world/national-security/china-still-trying-to-hack-us-firms-despite-xis-vow-to-refrain-analysts-say/2015/10/18/d9a923fe-75a8-11e5-b9c1-f03c48c96ac2_story.html

[5] “U.S.-China Economic and Security Review Commission 2013 Report to Congress,” Testimony of the Honorable William A. Reinsch before the Armed Services Committee, U.S. House of Representatives, November 20, 2013, http://origin.www.uscc.gov/sites/default/files/ReinschW-20131120_2013%20Annual%20Report.pdf

[6] Larry M. Wortzel, “The Chinese People’s Liberation Army and Information Warfare,” Strategic Studies Institute, March 2014, http://www.strategicstudiesinstitute.army.mil/pdffiles/pub1191.pdf

[7] Deepak Sharma, “Integrated Network Electronic Warfare: China’s New Concept of Information Warfare,” Journal of Defence Studies, Vol. 4, No. 2, April 2010, http://www.idsa.in/system/files/jds_4_2_dsharma.pdf

[8] Shane Harris, “China Reveals its Cyberwar Secrets,” The Daily Beast, March 18, 2015, http://www.thedailybeast.com/articles/2015/03/18/china-reveals-its-cyber-war-secrets.html

[9] “Update: Premera Latest Healthcare Insurance Agency to be Breached,” ThreatConnect, https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/

[10] Dan Vargano, “China’s Universities Linked to Cyber-Spying,” USA Today, February 28, 2013, http://www.usatoday.com/story/tech/sciencefair/2013/02/28/china-universities-cyber/1954205/

[11] “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation,” Prepared for the U.S.-China Economic and Security Review Commission, October 9, 2009, http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-030.pdf

[12] Elsa Kania, “China: Active Defense in the Cyber Domain,” The Diplomat, June 12, 2015, http://thediplomat.com/2015/06/china-active-defense-in-the-cyber-domain/

[13] Greg Austin, “China’s Military Dream,” The Diplomat, June 1, 2015, http://thediplomat.com/2015/06/chinas-military-dream/

[14] Ellen Nakashima, “Following U.S. Indictments, China Shifts Commercial Hacking Away from Military to Civilian Agency,” The Washington Post, November 30, 2015,

https://www.washingtonpost.com/world/national-security/following-us-indictments-chinese-military-scaled-back-hacks-on-american-industry/2015/11/30/fcdb097a-9450-11e5-b5e4-279b4501e8a6_story.html

[14] Andrea Shaal, “Top US Spy Skeptical About U.S.-China Cyber Agreement,” Reutuers, September 30, 2015, http://www.reuters.com/article/2015/09/30/us-usa-cybersecurity-idUSKCN0RT1Q820150930

[14] Joseph Menn, “China Tried to Hack U.S. Companies Even After Cyber Pact,” Business Insider, October 19, 2015, http://www.businessinsider.com/r-china-tried-to-hack-us-firms-even-after-cyber-pact-crowdstrike-2015-10

[14] Ellen Nakashima, “China Still Trying to Hack U.S. Firms Despite Xi’s Vow to Refrain, Analysts Say,” The Washington Post, October 19, 2015, https://www.washingtonpost.com/world/national-security/china-still-trying-to-hack-us-firms-despite-xis-vow-to-refrain-analysts-say/2015/10/18/d9a923fe-75a8-11e5-b9c1-f03c48c96ac2_story.html

[14] “U.S.-China Economic and Security Review Commission 2013 Report to Congress,” Testimony of the Honorable William A. Reinsch before the Armed Services Committee, U.S. House of Representatives, November 20, 2013, http://origin.www.uscc.gov/sites/default/files/ReinschW-20131120_2013%20Annual%20Report.pdf

[15] Kelly Jackson Higgins, “Cybercrime, Cyber Espionage Tactics Converge,” Dark Reading, February 24, 2015, http://www.darkreading.com/analytics/threat-intelligence/cybercrime-cyber-espionage-tactics-converge/d/d-id/1319203

[16] Kyle Mizokami, “Why the Chinese Military is a Paper Dragon,” The Week, September 24, 2014, http://theweek.com/articles/445300/why-chinese-military-only-paper-dragon

[17] Ellen Nakashima, “Chinese Government Has Arrested Hackers It Says Breached OPM Database,” The Washington Post, December 3, 2015, https://www.washingtonpost.com/world/national-security/chinese-government-has-arrested-hackers-suspected-of-breaching-opm-database/2015/12/02/0295b918-990c-11e5-8917-653b65c809eb_story.html

[18] Ellen Nakashima, “World’s Richest Nations Agree Hacking for Commercial Benefits is Off-Limits,” The Washington Post, November 16, 2015, https://www.washingtonpost.com/world/national-security/worlds-richest-nations-agree-hacking-for-commercial-benefit-is-off-limits/2015/11/16/40bd0800-8ca9-11e5-acff-673ae92ddd2b_story.html

[19] Katie Bo Williams, “Chinese Arrest of Hackers Not a First,” The Hill, October 13, 2015, http://thehill.com/policy/cybersecurity/256769-chinese-arrest-of-hackers-not-a-first