6 July 2020

COVID-19 Complicates the US-China Cyber Threat Landscape

By Lee Clark

In February 2020, in an article for The Diplomat, I argued that the U.S.-China Phase One trade deal would not prevent future cyberattacks from China. At the time, the full scale and implications of the coronavirus outbreak was difficult to forecast and integrate into cyber strategy. A month later, COVID-19 was designated a global pandemic, and the crisis went on to generate mass shutdowns, economic chaos, and increased geopolitical tensions worldwide. The central argument of my earlier piece — that some level of Chinese cyberespionage activity will continue regardless of the success of trade negotiations, because the risks are low and the rewards great — remains true. However, events involving the pandemic have overshadowed any potential fallout of the trade negotiations.

U.S.-China relations have deteriorated under the stress of COVID-19 despite hopes for a trade deal and a focus on a warm interpersonal relationship between U.S. President Donald Trump and Chinese President Xi Jinping. In the past few months alone, tensions have been exacerbated by widespread misinformation on the origins of the virus from both Chinese and U.S. official representatives and racist language from the U.S. administration. Trump also decided to end the U.S. relationship with the World Health Organization over accusations that the global body was complicit in China’s misleading reporting in the early stages of the outbreak.


The situation in Hong Kong has further worsened tensions, with the new national security law undermining Hong Kong autonomy. In response, Trump announced measures to remove special policy status for Hong Kong, and Beijing has vowed to retaliate.

Adding more fuel to the fire, the United States is in the middle of presidential campaign season. The campaigns of former Vice President Joe Biden, the presumptive Democratic nominee, and Trump are trading accusations of being soft on China, fueled by reports that Trump asked Xi to help him win reelection and that major donors and advisors to the Trump campaign have financial ties to the CCP.

Amid this downward spiral in U.S.-China relations, Chinese cyber activity in the global space has continued to increase. In June 2020, the Australian government suffered a large-scale sophisticated cyberattack of an undisclosed nature. While Canberra pointedly did not name any suspects, the Australian Strategic Policy Institute states that there is a 95 percent chance the attack was executed by Chinese state-backed threat actors, evidenced by similarities to a February 2019 attack, including reused code. U.S. Secretary of State Mike Pompeo told reporters that he had confronted Chinese diplomats over the attack, raising tensions further.

Rampant misinformation about the pandemic and the attack on Australian government systems demonstrate the influence of ongoing events on the U.S.-China cyberthreat landscape. There are two key changes to this threat landscape as a result of the pandemic, each of which has multiple facets and potential implications.

The first significant change is in motivation, and is likely to exacerbate cyber hostilities. The increase in geopolitical competition and deteriorating dialogue between the United States and China will likely encourage higher profile and more destructive attacks on U.S. and U.S. ally firms in the telecommunications, technology, finance, and critical infrastructure industry verticals. By comparison, the threat landscape in February 2020 allowed for the possibility of Chinese-backed cyber groups focusing on lower-scale and/or less conspicuous cyberattacks. However, the current threat landscape is less ambiguous, as the potential for a good outcome in trade negotiations has been eclipsed by the pandemic. The present tensions, when combined with the context of the U.S. presidential election (which is likely to heavily focus on China’s role in the global order and U.S. interests), virtually erase the potential for deescalation of cyberattacks, at least into the beginning of 2021.

The second key change involves the shifting of global views toward Chinese industry and technology, and carries the potential to ease cyber hostilities. Both the Trump and Biden campaigns have spoken publicly about perceived core issues with increasing Chinese influence on the global order and reliance on Chinese-sourced supply chains for manufacturing and technology. This skepticism extends to multiple facets of the global economy, including academics, telecommunications, and critical industry. With correct messaging and diplomatic maneuvering, there could be potential for the United States to shift the paradigm on Chinese technology and manufacturing power.

A key part of U.S. and global hesitance to respond effectively to the constant low-level stream of cyberattacks is the potential for economic retaliation from Chinese-controlled firms, which have become central to global supply chains in the past few decades. A shift in the emerging norm of accommodating Chinese cyber aggression to avoid economic damage could have far-reaching implications for the international community. Specifically, if the United States and its allies are willing to respond more actively, we could see lower rates of high-profile attacks from Chinese threat actors on U.S. and ally systems; new international agreements and norms governing the use of cyber tools for state goals and doctrines of proportionate responses to the use of such tools; and the denormalization of state-sponsored cyberattacks as a constant unavoidable reality.

There is cause for both concern and optimism in these changes, though both should be tempered by standing realities. So long as risks remain low and rewards remain great, some level of state-backed cyber aggression will continue regardless of shifting international attitudes and rules. In addition, cyber aggression is unlikely to grow too provocative or destructive, as a central benefit of such tactics is gaining advantages without incurring destructive responses. Correctly responding to cyberattacks remains difficult under the most clear and ideal circumstances. Under the shifting global norms and rules during the pandemic and the uncertain situation of the world economy, responding effectively becomes more complex. Add to this a contentious U.S. election, ongoing struggles over AI and 5G dominance, and territorial disputes, and the ability to send a clear message in cyberspace looks nearly impossible. Adapting to this threat landscape will require mature, sophisticated planning and coordination with the full spectrum of tools at the disposal of the United States, including diplomatic, intelligence, military, financial, technological, and sociocultural capabilities.

Lee Clark is a cyber intelligence strategist currently working on cyber defense in the aerospace and defense sectors. He holds an MA in intelligence and international security from the University of Kentucky’s Patterson School. He tweets at @inktnerd.

No comments: