James Lewis is Director of the Technology and Public Policy Program at CSIS, Washington, DC. This is the fourth of a five-part series on Asia in the age of cyber threats. Part 1; part 2; part 3.
China may be the leading practitioner (although by no means the only one) of economic espionage in cyberspace. If, as we saw in the previous post, Chinese authorities fear the political power of their own netizens, in contrast, Chinese officials tolerate malicious activity against foreigners and routinely use non-governmental hackers as proxies, as the recently released Mandiant report amply demonstrates. China's cyber espionage may not radically shift the balance of military power, but it indicates a competitive and possibly hostile attitude towards the US.
Chinese government agencies, companies and individuals have expanded their efforts to illicitly acquire technology or gain business advantage into cyberspace. The findings of the Mandiant report aside, several complex economic espionage operations aimed at Western companies originating in China have been uncovered in recent years.
There are interesting parallels between China's five-year economic plans and cyber espionage activities that appear to have originated in China. For instance, China has long sought the means to develop an indigenous computer central processing unit (CPU). Intel Corporation, the world's leading producer of CPUs, was a target of a January 2010 corporate hacking (which also involved Google).
China's cyber espionage reflects Chinese attitudes toward the protection of intellectual property. Currently there is no comprehensive protection of intellectual property in China. That said, there is a growing realisation in parts of the Chinese Government that the lack of strong IP protections does serious damage to China's ability to innovate.
Cyber conflict generally works to China's advantage when compared to the US or other Asian nations. China has integrated the use of cyber techniques into its military doctrine and economic policies far more comprehensively than any other nation in the region. Japan and Australia have focused more on cyber defence. North and South Korea do not yet have the capabilities to engage in the high end of cyber conflict (the ability to inflict physical damage through cyber attack). But although cyber espionage helps accelerate the increase in China's power vis-à-vis other Asian nations and China's own technological and economic growth, it is by no means the major contributor to China's growth.
A number of caveats need be attached to the assertion that cyber competition favours China. First, intelligence successes do not always translate into better performance. And leaders may discount or misinterpret new information that does not fit with their existing concepts or views. Finally, industrial or scientific establishments may not have the capability to exploit fully technical intelligence.
The politics of cyber security in China are not monolithic; agencies and interests groups compete to influence policy. The Chinese have no equivalent to the US National Security Council to ensure policy coordination. This lack of coordination increases the risk of miscalculation in any conflict.
Chinese companies are as much a target as firms in other countries for cyber espionage. China's networks are fabulously insecure – the widespread use of pirated software guarantees that they are easily and routinely penetrated. Chinese officials worry that that the creation of the US Cyber Command may put them at a military disadvantage and they have a long-standing fear that a reliance on US technology creates vulnerabilities in Chinese systems.
The Chinese are also deeply concerned over supply chain security. They are convinced that the US has built 'back doors' into products like Windows and Intel processors, and they do not believe that the US lacks the same controlling relationship with American companies that the Chinese government has with Chinese IT companies.
Photo by Flickr user pixle.