Past is Prologue to China’s Cyber StrategySecurity Intelligence Researcher
Surfing the Western media headlines lately ends up on the same rocky shore: China has hacked some prominent business or financial institution or some supposedly unassailable U.S. government agency. We should all be tired of a pedantic approach that blames our own insecurity on a country many security professionals don’t know or ever will understand.
More troublesome, there seems to be a fundamental disconnect at high levels of U.S. policy-making when it comes to understanding the motivations behind China’s cyber-rattling. This is not only putting American diplomatic efforts in jeopardy but also placing American corporations at risk and threatening to cast a cold war mentality throughout the cyber realm.
In May, our law enforcement officials didn’t like what they believed—but couldn’t actually prove—were wholesale cyber-espionage efforts from inside China targeting American businesses. So the U.S. charged five Chinese military officers with cyber crimes. This was the worst thing we could have done. Because any sort of potential military relationship-building accomplished up to this point was basically castrated with this particular action. We essentially told the Chinese, “We can’t figure out what to do. We can’t work with you because we don’t understand Chinese, nor do we understand your culture, so we’re going to charge your military officers.” Then we put the indicted officers’ pictures on wanted posters, just like we do with jihadists and terrorists. That only succeeded in sending the signal to China that we think they are terrorists.
And now we have American businesses inside China that are feeling the wrath of this, specifically technology companies. The Chinese government has barred the procurement of Apple products; there is a ban on using IBM servers in the banking industry; and Microsoft has been warned that it “should strictly abide by Chinese laws.”
The no-man’s land of cyberspace is proving to be as challenging for U.S.-Chinese relations as the more traditional political landmines of trade and human rights.
For example, a report from the U.S. Office of the National Counterintelligence Executive says “Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” yet that same sentence ends with, “but the Intelligence Committee cannot confirm who was responsible” for such acts. Attributing China as our primary cyber-adversary in this new asymmetric binary battlefield is pointless. Dealing with unattributed hacking arrives at an irrefutable conclusion that all information security professionals should realize: It is an exercise in infinite futility. It is much easier to demonize a country such as China for cyber-naughtiness than to understand it culturally, historically, linguistically and diplomatically.
The U.S. needs a cyber-adversary it cannot see, touch and feel. Keeping the enemy at keyboard’s length is easier than direct kinetic confrontation in the physical world. The People’s Republic of China serves that purpose… for now.
Having recently spent ten days as a guest of the Chinese, I can tell you that we have it all wrong when it comes to China and cyberspace. The U.S. is at a watershed moment when comes to dealing with the current Chinese regime led by President Xi Jinping. To understand the current cyber-dilemma with China, look in the rearview mirror of history to 1900 and the Siege of Peking (Beijing) during the Boxer Rebellion. At the the time, foreign troops of the Austrians, British, French, Germans, Italians, Japanese, Russian and the U.S. occupied China’s capitol in self-assigned quarters. Today, China likewise feels besieged in cyberspace.
In November 2009, the U.S. Department of Defense militarized the cyber domain by creating the Cyber Command. The Chinese viewed this militarization of cyber as a prelude to a foreign invasion in their domestic binary battle space and a direct affront to their Chinese Internet sovereignty, a foreshadowing of things to come from the U.S. circa 1900 and the Battle of Beijing.
‘Back to the Future Scenario’ Plays Out in Chinese Cyber Strategy
Now fast forward to the 21st Century looking at the Siege of Peking from a Chinese perspective and you’ll get a glimmer of why the Chinese have asserted themselves in cyberspace by establishing their own cyber-sovereignty without the interference of foreigners.
Countering the U.S. move, in 2010, China’s then-President Hu Jintao convened a special military tribunal and issued a presidential decree, that his hand-selected military leaders of the General Staff Directorate were to build a Chinese equivalent of the U.S. Cyber Command. Hu ordered the creation of an Information Assurance Base to maintain China’s version of a pure Chinese Internet. The intent was to create a Chinese command to handle cyber threats as China enters the information age and to strengthen the nation’s cyber-infrastructure.
Under the current diplomatic, political leadership of China, President Xi has maintained and accelerated the cyber policies of his predecessor, Hu Jintao. This decree was that China would have the ability to create and maintain an adequate and confident cyber defense against foreign invaders in the cyber domain. As Hu Jintao was leaving office he proclaimed that the People’s Liberation Army would “strive to basically complete military mechanization and make major progress in full military IT application by 2020.” And that they “should attach great importance to maritime, space and cyberspace security.”
Hu Jintao’s remarks outlined critical pieces of current Chinese cyber-military force capacity building that provide unambiguous clues to China’s intentions.
These fundamental Chinese cyber principles are:
- Train a new type of high-caliber military personnel in large numbers, intensively carry out military training under-computerized conditions, and enhance integrated combat capability based on extensive IT application;
- Implement the military strategy of active defense for the new period, and enhance military strategic guidance as the times so require;
- Strengthen national defense to safeguard China’s sovereignty, security and territorial integrity and ensure its peaceful development;
- Enhance the capability to accomplish a wide range of military tasks, the most important of which is to win local war in an information age.
Keep in mind the Chinese preparedness against all cyber enemies both foreign and domestic and you begin to understand the current day Chinese perspective when it comes to information security. The conclusion here is that Chinese must prepare for cyberwar and defend their nation against foreign cyber invasion, not the other way around.