China’s national security interests revolve around three core issues: its national sovereignty, the security of its sovereign interests, and its economic growth. Current President Xi Jinping has repeatedly used the word “national security” in speeches before the Chinese Communist Party to underscore its importance to China’s continued rise as a global leader. According to a recent study, Xi added five new areas to its national security interest to the original 11 announced in 2011.
There is little doubt that cyber attacks are used by both state and nonstate actors a medium to support their geopolitical views and positions during times of regional and global crisis. The Ukraine conflict has underscored what has been going on for several years – actors resorting to offensive cyber operations to register their displeasure against an offender and his allies. In the early days, such as when NATO erroneously bombed the Chinese Embassy in Yugoslavia in 1999, or ongoing clashes over disputed territories like Kashmir, foreign policy decisions have been protested via an onslaught of cyber malfeasance. Fast forward to today, and this type of hacktivism has greatly evolved, moving from primarily the work of aggrieved nonstate politically-minded online activists, to more organized groups, sometimes sponsored by a nation state, and even in some cases, directed by them or state agents.
Chinese state-sponsored cyber espionage is nothing notable as Beijing has been long engaged in the most expansive cyber-enabled data theft operation for the past decade. However, its recent activities targeting Russia’s military industries is rather novel and not widespread. What’s more, this is not the first Chinese APT actor that has brazenly targeted its close ally. In May 2022, just a couple of months after Russia invaded Ukraine, another Chinese state-sponsored group dubbed Twisted Panda targeted Russian research institutes belonging to the Russian state-owned defense organization Rostec Corporation. Earlier in April 2022, another group known as Mustang Panda conducted a cyber espionage campaign against Russian officials using European Union documents about the possibility of sanctioning Belarus to entice recipients to click on weaponized attachments.
Recent reporting indicates that the Kingdom of Saudi Arabia has been investing substantially in Israeli cyber companies that produce offensive cyber tools and weapons. Per these findings, its presumed that the use of such technology with help Saudi Arabia identify, track, and surveil dissidents and opponents of the government. A website called Saudi Leaksdedicated to exposing Saudi-related scandals cited inside confidential sources that Saudi officials signed contracts with several Israeli firms in order to obtain highly advanced technologies to support cyber spying. These initiatives are believed to coincide with the Kingdom’s CyberIC plan, a strategy designed to protect the country’s cybersecurity sector. This plan is integral to Saudi Arabia’s Vision 2030, a strategic implantation that has digital transformation as one of its pillars.
There is so much about these cybersecurity bilateral agreements that are not known, as few of the agreements have been fully made public with most known about them coming from public statements. At best, coverage on these agreements is vague at best thereby making it difficult to track and evaluate. Therefore, there needs to be a better accounting of cybersecurity bilateral agreements to understand their utility. After all, most of the global community wants a safe Internet in which to operate, and transparently showing the successes of these agreements would be a huge step toward informing how countries should enter into them, and perhaps most importantly, with whom. Otherwise, they remain symbolic gestures that check the cybersecurity box, achieving limited individual gains in a domain that demands more substantive progress for any real relevance.
The term “splinternet” refers to the increasingly balkanization of the Internet, where the cyber domain is dividing due to a variety of reasons to include but not limited to technology, commerce, nationalism, politics, among others. This segmentation has increased over time as some governments recognized the harm they could suffer as a result of citizens’ unfettered access to free information. As such, they sought to maintain rigid control over what information its geographic sovereign territory could access, process, download, or create. This stands in direct opposition to the globalization that further connected the international community, driving commerce and intertwining economies. Many proponents expected that these economic benefits would continue to increase, and that the international community would continue to embrace an open Internet.
The true expanse of China’s cyber power is visible in the current geopolitical climate that has China at odds with the United States, and the world consumed by an ongoing conflict in Ukraine, as well as increased tensions with Taiwan. In the former, China plays a supporting role, publicly backing its ally Russia; in the latter, China is on the forefront, mobilized and focused on U.S. stoking the fires of Taiwan independence. In both instances, China has its cyber forces at work in diverse sets of operations, all with specific purposes that run independent of one another.
The Department of Homeland Security recently published a joint advisory along with the Federal Bureau of Investigation (FBI) and the Department of Treasury on suspected North Korean state-sponsored ransomware campaign implementing the Maui malware. The campaign has been targeting healthcare-related organizations for the purposes of coercing compromised victims into paying ransoms. These operations have successfully disrupted some important healthcare functionality such as access to health records and imagining services.
A recent report revealed several private sector Indian companies that have been involved in using corporate cyber espionage tactics against entities involved in litigation in an effort to influence their outcomes. What started off as a hacker-for-hire situation, quickly bloomed into an organized commercial endeavor for the hacker, who recruited and grew a small group of Indian colleagues to be hired out to private investigators employed by clients involved in lawsuits. The reporting focused on three particular companies (BellTroX, CyberRoot, and Appin), though there are several more of these cyber mercenary groups whose customers have ranged from multinationals to individuals with personal grievances they are seeking to satisfy.
Recently, the U.S. Senate put forth a bill that would require annual briefings on the relationship between CYBERCOM and the NSA, with concerns being expressed how a dual-hatted leadership impacts either organization. These annual reports would presumably cover important areas such as the division and sharing of resources, how operational risk is being managed, assessments of the operating environment, and the operational effects resulting from the relationship between CYBERCOM and NSA. These reports could be very valuable if CYBERCOM and NSA are separated and under the helm of two different leaders and budget lines. There is a better chance of showing where the organizations are working well together, and where they are not. Problem areas can be more easily identified, and fiscal, material, and human resources reallocated accordingly and fairly.