Raising the Stakes – U.S. Retaliation for Chinese Cyber Espionage Has the Potential for Escalation
September 9, 2015
Following the June 2015 announcement that the U.S. Office of Personnel Management (OPM) had been breached and the personal data of millions of current and former federal employees compromised, a variety of sources have attributed this attack to a Chinese nation state actor, including James Clapper, U.S. Director of National Intelligence. Although the U.S. Government is yet to officially attribute the breach to China, the New York Times recently reported that the U.S. Government is now planning to retaliate against China for the breach. The state run Chinese news organisation Xinhua responded to this report with a confrontational Op-Ed piece which denied any Chinese involvement in the OPM breach and asserted that China reserves the right to counter any and all threats and intrusions and promised to match any attempt at retaliation. As this development represents a potential flashpoint in U.S.-China relations, understanding its causes and broader significance is important for maintaining situational awareness in the area of cybersecurity.
A broader view
Studies of Chinese military and geopolitical activity and Chinese strategic publications such as The Science of Military Strategy (SOMS), a PLA strategy document, indicate that challenging the balance of power by adopting a more assertive strategic posture is currently a key Chinese strategy. This has brought it into conflict with the U.S., which has frequently voiced objections to China’s behaviour but is yet to mount any serious public opposition. Despite this, China perceives the U.S. as a significant threat and is deeply concerned that the U.S., which China knows is militarily superior, will act to contain China. China also perceives the U.S. as a significant espionage threat and prioritises improving its defensive and counterintelligence capabilities very highly. These concerns receive significant attention in SOMS, indicating that they are likely to be relatively high priorities for the Chinese Government. According to SOMS, cyber espionage operations are an important part of this strategy and because the Chinese state sees the U.S. as a significant threat, it is therefore likely that the U.S. is a major target for such operations.
Although China’s current line is that it never engages in any form of offensive network operation or cyber espionage, these claims are contradicted by the extensive discussion of the importance of such operations in SOMS. In addition to operations conducted by the PLA, which are likely to primarily focus on military, government and industrial targets, the Ministry of State Security (MSS) is also strongly suspected of conducting cyber espionage operations against foreign targets. These operations are likely to focus on gathering intelligence on potential threats to China’s internal security. Additionally, there are strong indications that multiple Chinese state organisations, including PLA units, conduct extensive operations against a wide range of commercial organisation for the purposes of economic espionage and intellectual property theft. While these actors’ operations likely service a wide range of objectives, intelligence which might provide China with a strategic advantage over the U.S. is likely to be considered particularly valuable. The OPM breach is therefore consistent with current assessments of China’s intelligence gathering objectives and broader strategic goals.
The risk of escalation
The core significance of this development lies in the potential for escalation. The U.S. Government has publicly stated that it intends to pursue a range of options in retaliating against China and, in response, China firmly asserted that it would match any U.S. measures taken against it. If the Obama administration merely intends to make symbolic gestures in order to appease those in Congress who want to see the U.S. take a harder line on China, then this confrontation is unlikely to escalate significantly. However, if the intention is to take more drastic measures, such as the reported suggestion of compromising the Great Firewall and thereby compromising the Chinese Government’s ability to censor the Internet, then escalation is highly likely, particularly if the U.S. does so publicly.
The Chinese population tends to be relatively nationalistic and a hugely important aspect of modern Chinese nationalism is based around never allowing past “national humiliations”, such as the Opium Wars, the western intervention following the Boxer Rebellion, and the Japanese occupation, to be repeated. Furthermore, the current Chinese Communist Party (CPC) line is that the CPC “rescued” China from a “century of humiliation” when it took power in 1949 and the party derives much of its legitimacy from its self-ascribed role as the protector of China’s sovereignty from outside threats. In the minds’ of the CPC’s leaders any failure by the state to protect this sovereignty, real or perceived, constitutes a direct threat to the party’s legitimacy. Any U.S. retaliation, which could be perceived as an infringement of Chinese sovereignty, is therefore likely to face a robust response from the Chinese Government, which could potentially impact the two countries’ economic interactions and the delicate military situation in the South China Sea.
Although the U.S. has frequently accused China of espionage in the past without causing a serious escalation of tensions, the intention to retaliate has never before been publicly stated. If the U.S. conducts a major operation against China, such as compromising the Great Firewall, then escalation and Chinese retaliation is highly likely. In such a scenario there is a realistic possibility that Chinese actors would conduct attacks against U.S. organisations such as central and local government, military organisations and financial institutions. Furthermore, there is a realistic possibility that an escalation of tensions may lead Chinese hacktivists to independently target the U.S. Such actors are likely to be relatively indiscriminate in their targeting and could potentially direct attacks against a wide range of U.S. organisations. Therefore, if the U.S. intends to engage in a public show of dominance, as multiple prominent U.S. politicians have recommended, there is the potential for the number of attacks against the U.S. by both state and non-state Chinese actors to increase, along with the likelihood of unintended consequences.
Connect with us
Get the Latest Threat Intelligence In Your Inbox
Stay connected with the latest from the Digital Shadows Intelligence TeamSubscribe Here