4 February 2020

Trade Deal or No, China Will Continue Its Cyberattacks

By Lee Clark

Phase One of the U.S.-China trade deal addressed issues including expanding Chinese purchases of U.S. products, regulatory changes, and legal changes for intellectual property (IP) protection. Tensions between the two nations will likely continue through Phase Two of the negotiations, which are expected to focus more on core issues in the dispute, including IP theft, technology transfer, and cyber aggression. Regardless of the final outcome of the negotiations, China’s cyber operations against the United States and its allies will likely continue.

While it is possible that the success or failure of negotiations may contribute to some small variation in targeting and damage scales in Chinese cyber operations, many ongoing activities will continue. China has long engaged in a constant multivector campaign of cyber aggression against the U.S. and allies. This campaign includes but is not limited to:
The use of shell companies to mask cyber operations against global engineering and defense firms;

Data breaches of major global firms and government entities;


Sophisticated cyber intrusions of non-government and law enforcement organizations;

Influence campaigns to prevent dissent and criticism of Chinese state policy from foreign organizations;

Efforts to steal IP and trade secrets from critical industrial sectors;

The race for technological dominance is areas like facial recognition and artificial intelligence.

These activities are valuable for China and carry a low cost. The difficulty with clear and definitive attribution means that most of these events cannot be traced to the Chinese state with certainty. The Chinese government often contracts and conscripts cyberthreat groups as proxies for such operations to obfuscate official involvement. In addition to the attribution problem, the activity carries a social engineering facet. A constant low-level stream of attacks helps normalize and ease operations. When yet another operation is discovered, it is simply added to the pile, written off as business as usual. The compromises are so commonplace that the problem was satirized in the HBO show “Veep.” In the first episode of the show’s fifth season, the president is informed that Chinese hackers have breached U.S. government systems, to which she boredly replies, “Any chance they fixed the WiFi?”

The effect of the trade negotiations on this campaign will likely be on a sliding scale, though no significant or dramatic changes are expected. This is because, as discussed by Brandon Valeriano and Ryan Maness in their Cyber War Versus Cyber Realities, the use of cyberattacks in geopolitical conflicts tend to be restrained because states seek to use cyber abilities to achieve goals without provoking damaging responses or escalation. The goal is typically to gain advantages in information and capabilities without provoking destructive retaliations.

So then, what effect might negotiations have on Chinese targeting and compromising of U.S. and allied entities? If negotiations go badly or fail outright, it is possible that Chinese-aligned threat actors will intensify efforts to compromise U.S. firms, especially firms associated with industries or resources restricted by tariffs. Compromises may be more high-profile or public, possibly including some low-damage compromises of industrial control systems in manufacturing firms and escalated influence operations and direct intrusions on election systems.

However, this escalation will likely be controlled and moderate because of the desire to manage escalation and because altering state behavior through cyber aggression tends to be clumsy and counterproductive due to the difficulty in messaging. High-profile or destructive attacks are less easy to obfuscate and are likely to provoke retaliation. Such a tactic is too blunt to be reliable for effect.

If negotiations go well or succeed beyond expectations, low-level campaigns for information theft and cyberespionage will likely continue as they have for the past several years. However, attacks may be smaller-scale and more subtle, not seeking to draw attention or make a statement. The level of intensity in attacks will likely vary depending on the nature of negotiations into the next year.

Normalization and obfuscation mean that some level of Chinese cyberespionage activity will continue regardless of the success of negotiations because the risks are low and the rewards great. Such activities certainly do not seem to have discouraged the U.S. administration from seeking a trade deal. In addition, diplomatic bodies and U.S. policymakers have thus far been unable to agree upon or act toward a multifaceted strategy to combat the constant cyber campaigns against public and private assets. The U.S. defense establishment has been planning the “pivot to Asia” for years and has announced efforts to expand defenses against Chinese cyber activity, but so far, little progress can be determined.

To successfully counter this behavior over the coming years, a combination of diplomatic efforts, military pressure, incentives, and economic exchange all need to be cohesive and finely tuned, which is unlikely in the current chaotic political atmosphere but possible with an adjustment in prioritization and focus.

Lee Clark is a cyber intelligence strategist currently working on cyber defense in the Middle East. He holds an MA in intelligence and international security from the University of Kentucky’s Patterson School. The tweets at @inktnerd.

No comments: