U.S. Data Security against Chinese Counterintelligence
The North Atlantic Treaty Organization (NATO) acts as one of the largest intergovernmental security alliances in the world, with a total of 30 nations spanning most of Europe and North America. Founded in 1949 after WWII, NATO aims to safeguard the freedom and security of its member states against foreign threats through collective security, by adapting political and, if necessary, military means.
Considering the escalating armed conflict between Ukraine and Russia, NATO protection serves as one of the greatest deterrents against Russian aggression. As such, non-member states, namely Finland and Sweden, after centuries of neutrality, have reconsidered joining the alliance.
On July 4th, 2022, Finland and Sweden completed accession talks at NATO's (North Atlantic Trade Organization) Headquarters in Brussels. The decision for accession comes after the 2022 Russia-Ukraine War, during which Russia launched a full-scale armed invasion of Ukraine. Since then, hundreds of thousands of people have been killed, millions of Ukrainians have fled, and the country has sustained tens of billions of dollars worth of damage.
Following the invasion, Europe promptly began to ramp up defenses in case of further Russian encroachment, as well as calling on major alliances, namely the EU and NATO, to unify and collectively sanction Russia through every relevant international regime, ranging from excluding Russia from the SWIFT financial infrastructure, to banning the national team’s membership in UEFA. As the war continued, the threat of extended hostility from Russia was more imminent than ever, ultimately leading Finland and Sweden to submit an application for accession on May 18th, 2022, a historical shift from their centuries-long proclamation of political and military neutrality.
- The expansion of NATO within Europe acts as a deterrence against Russia
- Possibility of Russian retaliation against major actors such as Finland, Sweden, and the U.S.
Finland and Sweden’s accession would expand NATO territory within Europe, but more notably along Russian borders. Currently, the only two NATO states that share a border with mainland Russia are Estonia and Latvia, which share a combined 316-mile-long border. In comparison, Finland shares an 800-mile-long border with Russia and is in close proximity to various critical Russian population centers and metropolises, most notably St. Petersburg.
As such, NATO expansion within the region would mean greater access to Russian formations and intelligence, but Russia may in turn respond with force or threat with the use of force. As a result, NATO membership within the Nordic region is a double-edged sword that NATO will have to wield carefully. Finland and Sweden may become key actors in deterring Russian aggression, a role that they, historically, have played many times.
After the Cold War, counterintelligence as a means of warfare or state-sponsored espionage peaked even after moderate use in the past. China, in particular, involved itself in weaponizing “information” against foreign entities starting from 1983, the year establishment of the Ministry of State Security, which is “responsible for conducting counterintelligence and foreign intelligence activities, as well as political security for the PRC,” became realized quickly.
The MSS’s focus on “identifying and influencing the foreign policy of other countries”, including the United States, by seeking to obtain information on political, economic, and security policies that might affect the PRC, became increasingly clear. In collecting this information, they would use it with regard to the military, scientific, and technical operations of the PRC.
Before 1994, state entities tied to the PRC, such as the MSS, primarily relied on Human Intelligence Programs and Activities, as access to the internet was limited before 1994. Later, China placed a heavy focus on developing its internet and technological infrastructure.
The 2009 Chinese White Papers on National Defense reveal that the Chinese government suggests that in order to be part of a “harmonious world of enduring peace and common prosperity,” China should invite foreign nations to “cooperate” or collaborate in “defense-related science, technology, and industry.”
Emboldened by this new vision for technological pursuit, China’s embedded data-driven technology and cybersecurity as a part of its military strategy, as noted by the three biggest divisions of intelligence agencies in China: The People’s Liberation Army (PLA), Technical Reconnaissance Bureaus (which was later restructured into the SSF), and The Ministry of State Security (MSS).
China played a “catch-up” game in terms of technology ever since, but, the country decided to take it to a further extent: cyber attacks. After just a decade, reported cases of Chinese cyberattacks were making their way, with the infamous case in 2003. The operation Titan Rain, a string of cyber operations that compromised a number of agencies within the U.S. and UK governments, breached the unclassified networks of the U.S. Departments of State, Homeland Security, and Energy, and UK defense and foreign ministries.”
It was an event that catalyzed a decades-long effort by the U.S. government to reduce the breadth and scope of Chinese cyber operations against U.S. targets. However, despite these efforts, the push from China to interfere in foreign privacy and infrastructure has greatly expanded.
As stated, China’s first large-scale cyber attack was “Titan Rain” in 2003, which targeted American and British government databases. Since that time, China has continuously ramped up its hacking capabilities. In the following years, China continued cyber strikes against both the US and NATO. These attacks caught the attention of American intelligence, as in 2009, in a classified National Intelligence Estimate (the consensus of 16 American intelligence agencies), China was regarded as one of America’s top online enemies.
The attacks on the American internet continued through the 2010s but shifted to more commercial interests. This was signified in Operation Aurora, a coordinated cyberattack against American companies like Google, Yahoo, Morgan Stanley, and more. The goal of these attacks was to steal personal information from companies. Google disclosed that they were a victim of the attacks and confirmed hackers had acquired the Gmail accounts of some Chinese human rights activists.
The public blaming of China for the cyberattacks was highly significant because it broadcasts the dangers of cyberattacks to corporations to a wider audience. In the wake of these attacks, Google ended work in China.
This corporate espionage led to the Obama administration indicting five Chinese military hackers in 2014. The hackers were members of PLA Unit 61398, the unit blamed for many of the security breaches. In 2015, China hacked into the American Office of Personnel Management (OPM), which compromised the personal data of millions of federal workers. In the attack, more than 5.6 million fingerprints were stolen. In response to the hack, Obama threatened sanctions against China.
These threats led to an agreement between the US and China, where China agreed to cease the industrial hacking of US companies. The agreement served its purpose, as in the year following the attack, Chinese hacking activities dropped significantly. However, attacks rose again during and after Trump came to office. An example of this is in 2017, when Equifax announced that it had been hacked, exposing the personal information of 147 million people. Four Chinese military hackers were charged with the attacks.
Concerns regarding Chinese counterintelligence efforts hit the headlines once again earlier this year in early February after residents of Northwest Montana reported seeing a balloon on the horizon. Shortly after initial reports, the U.S. Department of Defense announced that the foreign object was a Chinese surveillance balloon, supposedly capable of conducting signaling intelligence operations.
Due to concerns about the possible fallout, officials hesitated in taking the balloon down, until, on February 4th, a U.S. fighter jet was sent to shoot it down off the coast of South Carolina. According to the Chinese Ministry of Defense, the balloon was indeed Chinese; however, it argues that it was a “civilian airship used for research, mainly meteorological purposes" that had been blown off-course.
Therefore, the Ministry claims the US ``seriously violated international practices and set a very bad precedent." With little constructive dialogue between the two parties, fears arise that miscommunication regarding the event could spiral into a greater ordeal. In most instances, China has denied the usage of cybertechnology to hack or infiltrate government or commercial data. For instance, in mid-2021, the White House publicly blamed China for an attack on Microsoft's Exchange email server software that “compromised tens of thousands of computers worldwide, allowing hackers to gain access to sensitive data.”
However, China rejected the accusations and demanded that all charges be dropped. According to Chinese spokesman Zhao Lijian, “China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks.”
In regards to the Chinese Spy Balloon, the US intelligence services have “linked the Chinese spy balloon to a vast surveillance program run by the PLA”, and “US officials have begun to brief allies and partners who have been similarly targeted”. According to The Washington Post, the surveillance program, which has operated for several years, has collected information on military formations in nations of “emerging strategic interest to China including Japan, India, Vietnam, Taiwan, and the Philippines.”
The United States has also blacklisted six Chinese entities that were tied to China’s aerospace programs in response to the February spy balloon. The economic restrictions are followed by the Biden Administration pledging to consider “broader efforts to address Chinese surveillance activities,” as well as make it more difficult for Chinese companies that aid in surveillance efforts to “gain access to American technology.”
While the U.S. is China’s biggest competitor, other nations have also experienced Chinese cyber attacks, particularly in Western Europe and Taiwan. From stealing defense-related intellectual property from Europe to outright cyber-attacking Europe’s industries, China is regarded as a present danger to the EU. For instance, EU Commission President Ursula von der Leyen suggested that China might have been behind cyberattacks against hospitals in Europe during COVID-19 in 2020.
Furthermore, FireEye, a leading cybersecurity firm, suspected that state-backed Chinese hackers exploited networking devices to spy on high-value government, defense industry, and financial sector entities in the U.S. and Europe. More recently, in December 2022, a Chinese-linked hacking group known as Mustang Panda reportedly used lures related to the Russo-Ukrainian War to attack European officials through phishing.
As such, in specific response to the 2021 Microsoft hacking, the White House released a joint statement with the EU, U.K., and NATO condemning China for the cyberattacks, with the US committing to network defense action and cyber operations to safeguard vulnerable systems. Ultimately, the U.S. and its allies are staunch in their opposition to China’s malicious cyber operations and have taken steps to bolster their own software and systems security.
Meanwhile, the hotly contested island – of Taiwan – has been under heightened political and military pressure from China, and cyberattacks are not an exception. According to the Dyadic Cyber Incident and Campaign Data (DCID) categorizing state-sponsored cyber activity between 2000-2020, there have been 13 reported cyber interactions between China and Taiwan, twelve of which were started by China and eight of those which were intended for Chinese espionage.
While these cyber operations are unlikely to cause an escalation, the Council on Foreign Relations points out that China can exploit cyberspace to gain an advantage over Taiwan through information operations and espionage, as well as signal political pressure on Taiwan. Finally, chances of escalation may rise if China’s cyberattacks begin targeting critical infrastructure in Taiwan or are posited as a precursor to a conventional attack.
With tensions between China and the U.S. rising, the consequences of escalating cyberattack missions are more imminent. In fact, Beijing has the legal and political power to compel private Chinese companies to provide access they may have to software and hardware systems used in the United States. Furthermore, both Chinese and U.S. intelligence agencies can launch cyberattacks targeting key infrastructure, causing the collapse of power lines and the internet.
Attacks on critical infrastructure are already increasing. In June 2022, Trend Micro Incorporated announced that new research found “89 percent of electricity, oil and gas, and manufacturing firms have experienced cyber-attacks impacting production and energy supply over the past 12 months”. In the U.S., attacks on a power grid or pipeline would undoubtedly plunge millions of homes and businesses into turmoil.
Furthermore, failure to prevent intellectual property theft and illicit technology transfers could weaken American economic and national security interests. According to the IP Commission report, intellectual property theft already costs businesses in the US over $600 billion annually. Indeed, with access to the right information, both parties have the power to halt key exports, imports, and people-to-people exchanges to inflict economic damage.
The spy balloon has generated pressure on policymakers to take action on an issue that typically flies below the radar of most of the electorate. As Washington evaluates its next steps, it must be sober yet cautious. The U.S. must take more aggressive positive action toward reducing its vulnerability to Chinese cyber espionage.
At the same time, it remains critical that Washington does not overreact to the threats posed. To this end, the U.S. must procure offensive cyber capabilities while avoiding over-investment traps.
Washington must enhance investments in offensive, not just defensive, cyber capabilities.
Investments in cyber defense must, without a doubt, be a top priority of Washington’s military spending. Nevertheless, defensive measures will never be perfected, and thus the U.S. must be able to impose a deterrence-inducing countermeasure. Beijing has long been emboldened to continue its cyber espionage missions because the U.S. lacks the sufficient capability to engage them at the same point in the escalatory ladder.
Almost always, it would be unreasonable for Washington to respond to, say, a Chinese attack on private data infrastructure with the deployment of military force. Without a credible threat of reprisal, Beijing has little incentive to cease cyber operations.
The U.S. needs not necessarily to engage, but to be able to engage China in the grey zone of cyber conflict. Empirically, offensive responses from the U.S. have sobered nations into compliance with global cyber norms — halting ongoing offensive operations.
Moreover, a deterrence-based approach helps protect private, not just public, information. A sizable portion of American sensitive information critical infrastructure is owned by private companies, meaning cyber defense for government agencies does little to ensure their protection. Offensive capabilities, however, deter attackers from infiltrating both public and private sources.
Policymakers must make sure not to fall into the cyber weapons gap myth.
There seems to be this enduring narrative that the West is far behind China (and Russia) in terms of cyber security and grey-zone tactics. In some cases, this might be true, but by and large, the U.S.’s prosperous private sector ensures it can outperform Beijing — given proper investments. At present, the U.S. invests 5 times more in defensive than offensive capabilities. It is not the case that the U.S. has fallen behind and can’t catch up, but shifting priorities can enable America’s cyber protection better.
Cyber espionage is a national security threat, but we must also be clear about what isn’t happening in cyberspace. Beijing has not carried out comprehensive attacks on U.S. critical infrastructure, and — as America knows well — many forms of espionage are permissible under international law. The U.S. should certainly take steps to protect its data and create more stringent international cyber norms, but an overreaction may trigger an escalatory spiral that produces more harm than good.
The biggest concern is that Washington goes isolationist. A purported solution to the data theft problem has been to engage in aggressive technological decoupling, disintegrating U.S. technologies from Chinese. But, Beijing occupies a very critical space in the future of technological advancement, and attempts by Washington to cut the U.S. out of this new order are ill-conceived. Rather, the U.S. should prefer offense, resolution prescriptions that help aid and protect American data from Chinese espionage efforts. Washington must engage in self-defense, but it cannot step out of the ring entirely.
The Institute for Youth in Policy wishes to acknowledge Brady Zeng, Ahad Khan, Benjamin Chen, and other contributors for developing and maintaining the Policy Department within the Institute.
Share or Cite this Briefhttps://read.yip.institute/mhdiSxc
- Carnegie Endowment. “Conclusion - U.S.-China Technological “Decoupling”: A Strategy and Policy Framework.” 2022. Carnegie Endowment for International Peace. https://carnegieendowment.org/2022/04/25/conclusion-pub-86934
- “CHINA'S EMERGENCE AS A GLOBAL SECURITY ACTOR.” n.d. Mercator Institute for China Studies (MERICS). Accessed February 23, 2023. https://merics.org/sites/default/files/2020-04/China%27s%20Emergence%20as%20a%20Global%20Security%20Actor.pdf.
- “Chinese Hackers Charged in Equifax Breach.” FBI, February 10, 2020. https://www.fbi.gov/news/stories/chinese-hackers-charged-in-equifax-breach-021020
- “Chinese Intelligence Officers Charged with Using Academic Cover to Target Individuals in United States.” 2022. Department of Justice. https://www.justice.gov/usao-nj/pr/chinese-intelligence-officers-charged-using-academic-cover-target-individuals-united.
- “Chinese PLA Unit 61398 Indictments (2014).” International cyber law: interactive toolkit, June 9, 2021. https://cyberlaw.ccdcoe.org/wiki/Chinese_PLA_Unit_61398_indictments_(2014).
- “Connect the Dots on State-Sponsored Cyber Incidents - Operation Aurora.” Council on Foreign Relations. Council on Foreign, January 2010. https://www.cfr.org/cyber-operations/operation-aurora.
- “Cyber Conflict Dataset.” cyberconflict. Accessed February 12, 2023. https://drryanmaness.wixsite.com/cyberconflict/cyber-conflict-dataset
- Associated Press. (2023) "U.S. blacklists 6 Chinese entities in response to alleged spy balloon incident," PBS NewsHour, https://www.pbs.org/newshour/world/u-s-blacklists-6-chinese-entities-in-response-to-alleged-spy-balloon-incident
- Bethge, Phillip. “Google Co-Founder on Pulling out of China: 'It Was a Real Step Backward'.” SPIEGEL INTERNATIONAL. DER SPIEGEL, March 30, 2010. https://www.spiegel.de/international/business/google-co-founder-on-pulling-out-of-china-it-was-a-real-step-backward-a-686269.html.
- Brewster, Thomas. “Chinese Hackers Launch Attacks on European Officials in Russia-Ukraine War.” Forbes. Forbes Magazine, March 9, 2022. https://www.forbes.com/sites/thomasbrewster/2022/03/08/chinese-hackers-ramp-up-europe-attacks-in-time-with-russia-ukraine-war/?sh=7efa50545ee
- Britzky, Haley. (2023). "Pentagon releases selfie taken by US pilot showing the Chinese spy balloon in air," CNN, https://www.cnn.com/2023/02/22/politics/pentagon-china-balloon-selfie/index.htm
- Demirjian, Katoun. (2023). "Senate Unanimously Condemns China for Spy Balloon, Joining the House," The New York Times. https://www.nytimes.com/2023/02/15/us/senate-condemns-china-spy-balloon.htm
- Fruhlinger, Josh. “Equifax Data Breach FAQ: What Happened, Who Was Affected, What Was the Impact?” CSO Online. CSO, February 12, 2020. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html.
- Greenemeier, Larry. “China's Cyber Attacks Signal New Battlefield Is Online.” Scientific American, September 18, 2007. https://www.scientificamerican.com/article/chinas-cyber-attacks-sign/.
- Hanrahan, Mark. 2015. “US Decides To Retaliate Against China For Cyberattack: Report.” International Business Times. https://www.ibtimes.com/us-decides-retaliate-against-china-cyberattack-report-2034692.
- “How the US Would Struggle If Hit by Massive Cyberattack.” 2019. Business Insider. https://www.businessinsider.com/cyber-attack-us-struggle-taken-offline-power-grid-2019-4.
- “In Cyber-Defense, Good Enough is Far Better Than Perfect.” n.d. InformationWeek. Accessed February 24, 2023. https://www.informationweek.com/devops/in-cyber-defense-good-enough-is-far-better-than-perfect
- “IP Commission Report - NBR.” Accessed February 13, 2023. https://www.nbr.org/wp-content/uploads/pdfs/publications/IP_Commission_Report.pdf.
- Joske, Alex. 2019. “The China Defence Universities Tracker.” Australian Strategic Policy Institute. https://www.aspi.org.au/report/china-defence-universities-tracker.
- Lewis, James A. 2014. “Explained: Why a U.S.-China "Cold War" in Cyberspace Is Not Happening.” The National Interest. https://nationalinterest.org/blog/the-buzz/explained-why-us-china-cold-war-cyberspace-not-happening-11655.
- Lohrmann, Dan. “Cyber Attacks against Critical Infrastructure Quietly Increase.” GovTech. GovTech, July 31, 2022. https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-against-critical-infrastructure-quietly-increase.
- Mansoor, Sanya. (2023) "Chinese Spy Balloon Path: Where It's Headed in U.S.," Time, https://time.com/6252953/chinese-spy-balloon-path/
- n.d. Titan Rain | CFR Interactives. Accessed February 23, 2023. https://www.cfr.org/cyber-operations/titan-rain.
- Neumann, Scott. (2021); "The U.S. Has Formally Accused China Of A Massive Cyberattack On Microsoft ," NPR, https://www.npr.org/2021/07/19/1017844801/biden-administration-accuses-china-microsoft-hack
- Norton-Taylor, Richard. “Titan Rain - How Chinese Hackers Targeted Whitehall.” The Guardian. Guardian News and Media, September 5, 2007. https://www.theguardian.com/technology/2007/sep/04/news.internet
- Peterson, Andrea. “OPM Says 5.6 Million Fingerprints Stolen in Cyberattack, Five Times as Many as Previously Thought.” The Washington Post. WP Company, December 5, 2021. https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches/.
- ROGERS, VAUGHN C., and Daniel Ventre. 2016. “The History of Chinese Cybersecurity: Current Effects on Chinese Society Economy, and Foreign Relations.” eRepository @ Seton Hall. https://scholarship.shu.edu/cgi/viewcontent.cgi?article=3260&context=dissertations.
- Rollins, John W, Susan Lawrence, Dianne E Rennack, and Catherine A Theory. “U.S.–China Cyber Agreement - Federation of American Scientists.” US-China Cyber Agreement. CRS Insight, October 15, 2015. https://sgp.fas.org/crs/row/IN10376.pdf.
- Rushe, Dominic. “OPM Hack: China Blamed for Massive Breach of US Government Data.” The Guardian. Guardian News and Media, June 5, 2015. https://www.theguardian.com/technology/2015/jun/04/us-government-massive-data-breach-employee-records-security-clearances.
- Segal, Adam. “The U.s.-China Cyber Espionage Deal One Year Later.” Council on Foreign Relations, September 28, 2016. https://www.cfr.org/blog/us-china-cyber-espionage-deal-one-year-later.
- Shane,Ellen Nakashima. (2023). "Chinese balloon part of vast aerial surveillance program, U.S. says ," Washington Post, https://www.washingtonpost.com/national-security/2023/02/07/china-spy-balloon-intelligence/
- Stolton, Samuel. “Von Der Leyen: Chinese Cyberattacks on EU Hospitals 'Can't Be Tolerated'.” www.euractiv.com, June 23, 2020. https://www.euractiv.com/section/digital/news/von-der-leyen-chinese-cyberattacks-on-eu-hospitals-cant-be-tolerated/.
- Stone, Jeff. 2016. “Meet The Cyber-Industrial Complex: Private Contractors May Get $7B Windfall From Pentagon's Cyberwar On ISIS.” International Business Times. https://www.ibtimes.com/meet-cyber-industrial-complex-private-contractors-may-get-7b-windfall-pentagons-2329652.
- Thielman, Sam. “Obama Prepared to Impose Financial Sanctions on China for Alleged Hacking.” The Guardian. Guardian News and Media, September 24, 2015. https://www.theguardian.com/world/2015/sep/24/obama-china-financial-sanctions-hacking-xi-jinping
- Thornburgh, Nathan. “Inside the Chinese Hack Attack.” Time. Time Inc., August 25, 2005. https://content.time.com/time/nation/article/0,8599,1098371,00.html.
- “The United States, Joined by Allies and Partners, Attributes Malicious Cyber Activity and Irresponsible State Behavior to the People's Republic of China.” The White House. The United States Government, July 21, 2021. https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/.
- “U.S. Charges Five Chinese Military Hackers for Cyber Espionage against U.S. Corporations and a Labor Organization for Commercial Advantage.” The United States Department of Justice, May 19, 2014. https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor.
- “U.S. NATIONAL SECURITY AND THE PEOPLE'S REPUBLIC OF CHINA -- CHAPTER 1.” n.d. GovInfo. Accessed February 23, 2023. https://www.govinfo.gov/content/pkg/GPO-CRPT-105hrpt851/html/ch1bod.html.
- “What Are the Implications of the Cyber Dimension of the China-Taiwan Crisis?” Council on Foreign Relations. Council on Foreign Relations. Accessed February 12, 2023. https://www.cfr.org/blog/what-are-implications-cyber-dimension-china-taiwan-crisis.