US Vs. China - A Different Kind of Cyberwar

The potential for cyberwarfare between the United States and Russia is openly discussed and, if not actually defined, is well understood.  But few people talk about China and cyberwar. The reason is simple. China is already engaged in its own form of cyberwarfare, but one that does not readily fit into the West’s perception of war and peace. 

China, the world’s oldest surviving civilization, is taking the long view which, it always tends to do. It has no interest in winning short-term battles; its focus is on winning the long-term war.

The USSR was not defeated by the might of the US military, but the power of the US economy. In striving to keep up or surpass the military strength of the West, the USSR was effectively bankrupted into dissolution. China sees a greater likelihood of success against the West by similar means than by open warfare, whether that be kinetic or cyber.
In front of the same Senate Judiciary Committee, assistant attorney general John Demers described the Chinese economic policy as ‘rob, replicate, and replace’. “The playbook is simple,” he said. “Rob the American company of its intellectual property. Replicate the technology. And replace the American company in the Chinese market and one day in the global market.”

It has been alleged that this playbook is visible in the histories of Canadian telecommunications company Nortel and China firm Huawei. Nortel had been a successful global company. But in 2004, senior security adviser Brian Shields discovered Nortel’s systems had been comprehensively hacked. This started in 2000 and continued for ten years.

Shields believes the hacking was undertaken by Chinese government hackers on behalf of Huawei. “This kind of thing is not done by just average hackers. I believe this is nation-state activity," he later said. 

There is no proof that Huawei was involved in or profited from the Nortel hacks. The fact remains, however, that Huawei rapidly prospered on the world stage while Nortel declined and filed for bankruptcy protection in January 2009. If Shield’s suspicions are correct, this would be a perfect example of ‘rob, replicate, and replace’.

The China version of Cyberwar
The battle for economic supremacy is primarily if not entirely being fought in cyber. Given the West’s promise of retaliation for anything that meets its definition of cyberwarfare, China is largely avoiding the sort of destructive activity more usually ascribed to Russia, such as the attack on France’s TV5Monde and Ukrainian power companies, and North Korea’s attack on Sony, and WannaCry.

Since the aim is economic supremacy, and since the state controls everything that is done in China, it would be reasonably accurate to describe Chinese cyber activity as different aspects of a single overall campaign motivated and controlled by China Inc. To defend against this campaign, it is important to understand how China seeks to advance its economy, and how effective Chinese hackers have become.

Understanding China Inc and its cyber priorities is an important first step in defending against Chinese cyberattacks. This requires an understanding of the legal framework underlying China’s approach to cyber operations, the quality of Chinese cyber operators, and the targets and reasons for specific cyber operations.

The Legal Framework

VerSprite’s geopolitical risk team explains the legal framework. “Several pieces of legislation govern China’s cyber operations,” it told SecurityWeek. “The 2015 National Security Law was an initial comprehensive piece of legislation to articulate China’s overall strategy. The 2017 National Intelligence Law specifically empowered the two parts of the secret police apparatus, the Ministry of National Security (guoan) and Internal Security Bureau of the Ministry of Public Security (guobao).”

However, to these activities we must add the operations of the People’s Liberation Army (PLA; that is, the Chinese military). It was Mandiant’s 2013 report on APT1 that first awoke the US to the severity of Chinese hacking operations. Mandiant is now part of FireEye. 

Although the report initially met with both cynicism and criticism, its veracity was later confirmed when the US government indicted five Chinese officers from Unit 61398 of the Third Department of the PLA.

China’s Cyber Expertise

In 2012, Trend Micro published an opinion piece titled, Peter the Great Versus Sun Tzu. Although it nowhere specifies this refers to Russia versus China, it created an impression that Russian hackers have greater expertise than Chinese hackers. The impression that Chinese hackers are not very clever has lingered, but needs to be revisited.

VerSprite points out that comparisons are odious, or at least onerous, noting that sophistication is not always necessary to achieve a required end. “The low-tech Twitter and Facebook misinformation campaigns, attributed to Russia, which took advantage of both platforms’ glaring vulnerabilities, were enough to achieve basic goals of spreading disinformation and causing confusion.”

But it also points out that China has a stated goal of wanting to close the gap with the US in terms of cyber capabilities. The implication is that China is aware of any shortcomings and has a project to improve its cyber ability.

Examples of major hacks attributed to China include that of the US Office of Personnel Management (OPM) in 2015, with the loss of detailed information on more than 21 million federal employees and federal employment applicants; and the more recent hack of Marriott hotels leading to the loss of details on 383 million individuals. While in both cases China Inc is the primary suspect, there is no absolute proof. Accurate attribution in cyber is very difficult, and there are undoubtedly false flags left by hackers to confuse forensic analysis. 

China Inc’s targets

China does not wish to provoke open conflict with the US; either cyber or kinetic. But in order to be stronger than the US economically, it must first close the gap in both business technology and military technology. This means that its cyber operations must be sophisticated, targeted and non-destructive.

Critical Infrastructure

China Inc is unlikely to do anything too overt or dramatic with US critical infrastructure, that would interfere with its long-term strategy. But it would be naïve to think it is doing nothing. “At a minimum, we must expect that China is seeking to map, model, and understand how to attack US critical infrastructure. Doing so requires some level of reconnaissance,” comments TruSTAR’s Kurtz.

This is likely standard practice for every cyber-advanced nation in the world that accepts it has potential adversaries.
However, there are less dramatic elements to critical infrastructure than nuclear facilities, power grids and water supplies.

In Summary

While the West worries about the potential for cyberwar with its traditional foe, Russia, it fails to realise that cyberwar with China is already happening. But this is cyberwar conducted on China’s terms, it is not the traditional view of warfare. China Inc is conducting a low and slow cyberwar, attempting to stay under the radar of recognition in the same way that individual hackers use low and slow techniques to remain hidden.

If this analysis of the long-term goal of China Inc is correct, then the threat from Chinese cyber operations is more dangerous and insidious than commonly thought. The policy is not one of direct confrontation but more designed to slowly maneuver the global economy until dominance shifts from the US to China.

It benefits China Inc if the world continues to believe it has only low-level cyber expertise. “It is important for companies, information security professionals, and network defenders,” says Moriuchi, “to move beyond this stereotype of second-rate Chinese state-sponsored cyber operations and realize the scope, capabilities, and true threat in order to successfully defend their networks.”

Security Week:
   
You Might Also Read:

China’s Hackers Have Stolen EU, US & Global Secrets:

British Telecom Is Stripping Huawei Out Of Its Network:

 

« Blockchain Transforms The Internet of Things
Google Search Results Spoofed To Create Fake News »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.