ArchiveOODA Original

China Can Walk and Chew Gum at the Same Time in Cyberspace

FBI Director Christopher Wray has testified several times that China is the most prominent cyber threat facing the United States, which he reiterated before Congress in August 2022, further stating that China is its most significant geopolitical foe.  This conclusion is the product of several years of Beijing’s nonstop global campaigns stealing intellectual propertyand sensitive healthcare information, targeting journalists and dissident groups, gaining footholds into critical infrastructure assets, engaging in disinformation and influence campaigns, and trying to set technical standards, dominate Internet governance, and influence how nation states responsibly operate in cyberspace.  To say China is the United. States primary threat is an understatement; given the nature and expanse of its interests in cyberspace, it is reasonable to say that China is the primary threat for Western democracies and values.

China understands the criticality of the Internet in all facets of modern society and statecraft and as such, has initiated an all-out strategy to become the unquestioned leader in all things cyber to include making policy, setting standards, dictating supply chain production, capitalizing on academia and academic exchanges, and partnering with foreign business to the benefit of China.  But cyberspace has allowed China to shine as it has ramped up its cyber operations programs to support its multi-pronged national level strategic objectives that span political, economic, and military aspirations. Cyberspace has facilitated China’s global reach and its continued development of its cyber capabilities has placed China in the upper echelon of a full-scope state cyber actor.

A recent report  assessing state cyber power (based on determinations of (strategy and doctrine; governance; cyber intelligence capability; cyber empowerment; cyber security; global leadership; and offensive cyber capability) listed China as a Tier 2 country along with Russia, right below the United States which occupies the top spot.  While few would disagree with the United States dominance in cyberspace, the fact remains that the gap is steadily narrowing.  One reason for China’s ranking may have to do with its experience with executing state-executed disruptive cyber attacks, which it has avoided doing thus far.  Though it has reaped the benefits of a robust cyber espionage program, it has not yet flexed its cyber muscles, preferring to hold that capability close to its poker-playing vest, and allowing experts and analysts to speculate rather than knowing the answer.

The true expanse of China’s cyber power is visible in the current geopolitical climate that has China at odds with the United States, and the world consumed by an ongoing conflict in Ukraine, as well as increased tensions with Taiwan.  In the former, China plays a supporting role, publicly backing its ally Russia; in the latter, China is on the forefront, mobilized and focused on U.S. stoking the fires of Taiwan independence.  In both instances, China has its cyber forces at work in diverse sets of operations, all with specific purposes that run independent of one another.

In early August, a cybersecurity vendor uncovered a Chinese state-run cyber espionage campaign targeting industrial organizations in both Ukraine and Russia.  Per the vendor’s findings, the attack focused on military industrial complex enterprises, as well as industrial plants, design bureaus, and research institutions, among other entities.  In one instance, the attackers got access to the cybersecurity controls of a target, allowing them the ability to modify endpoint security settings. Although no further details were provided, the type of exploitation involved certainly facilitates sensitive data theft and/or network enumeration for follow-on exploitation or attack.

The fact that these actors compromised Russian targets is noteworthy given the agreement the two governments have not to hack one another.  It also begs the question what kind of data they were looking for given that the need to launch disruptive attacks against Russia seems antithetical to the mutual backing they give each other to counter the West.  Still, these Chinese advanced persistent threat (APT) actors have been targeting Russian targets, perhaps to understand what Russia’s plans are for the Ukraine and the region.

And while China has an interest in the Ukraine outcome, it has a pressing need to ensure any Taiwan resolution goes in its favor.  Recent reporting reveals that China has an aggressive cyber campaign going against Taiwan.  In addition to nuisance cyber attacks during the U.S. Speaker of the House’s recent visit, likely from patriotic Chinese hackers, other more state-run activities against the island have included disinformation and influence operations running tandem to Chinese live-fire military exercises. Reunifying Taiwan is a longstanding China objective and where it may espouse Taiwan’s willing compliance it will settle for forceful integration.

What’s more, even despite these two major ongoing crises, China’s cyber program has not abated, with operations running concurrently with those running during the Ukraine and Taiwan situations.  China APT groups have targeted White House journalists, conducted energy-themed information operations promoting Chinese energy, and Belgian defense and government organizations, to name a few.  This is an impressive display of resource allocation given the seriousness with which China addresses Taiwan.  It appears that not only does China have a substantial cyber force at the government’s disposal, but that it also operates without interruption even during times of great crisis.  This should be telling for the those monitoring the China Threat in trying to determine how Beijing determines operational considerations and adjusts them.

The fact that the United States may be the number one cyber power in the world is of little consequence if a country like China can demonstrate its capability to reduce that advantage by engaging in multiple different cyber activities at once.  Like in the Chinese strategy game Go! (Wéiqí), winning is about gaining enough territory that limits your adversary’s ability to maneuver into a more profitable position. Viewed from this perspective, China’s ongoing global cyber exploitation operations are in effect claiming this valuable real estate. Instead of flexing cyber muscle, China is tactically hampering U.S. cyber power, not just via espionage or network access, but via other cyber-related areas such as governance, standards, domestic legal initiatives, and information-enabled operations.

And this should concern the United States that seems to prefer to react to China’s cyber moves than be proactive against them.  In February 2022, the current Administration ceased its predecessor’s China Initiative expressly created to prevent the Chinese government from stealing U.S.-funded technologies, replacing the targeted legal effort with a broader mission to appease China sympathizers as well as the Chinese government.  The new strategy now covers all nation states, though all pale in comparison with China’s notorious history of intellectual property theft, and volume of global cyber malfeasance.

Diluting these measures is a big step in the wrong direction.  Combined with other pro-friendly China moves like potential tariff removal, selling China oil from the U.S. strategic oil reserve, avoiding further investigations into COVID origins, and potential appeasement over Taiwan crisis, the United States is removing its own playing space on the larger information board.  If it doesn’t watch out, it just might find that it has painted itself into a corner.


Become A Member

Become an OODA Expert Member to:

  • Access all site content including market research, threat assessments and in depth research on the future of technology and global risks
  • Participate in our monthly members-only meetings with OODA network experts for discussion on disruptive technologies, geo-political issues, and security trends
  • Steer our research team comprised of subject-matter experts and analysts to cover to topics of interest to you
  • Access our special secure member only forum and chat system for direct dialog with peers on sensitive topics
  • Get discounted attendance and early invitations to events including OODAcon
  • Receive our OODA Weekly Research Report

For more details on membership benefits see our member’s guide

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.