EP 04: China’s Relentless War of Cyber Espionage & Cyber Attacks against the United States – Part I
China has long been a thorn in America’s side when it comes to nation state attacks, and for some various obvious reasons. China wants to be in the know about everything America does, as China feels threatened by America’s technology might. Their quest for global domination requires China to learn everything they can about how America’s infrastructure works, which means stealing valuable information at any cost.
According to U.S. Senator Mark Warner, Democrat from Virginia, “Especially concerning have been the efforts of big Chinese tech companies – which are beholden to the CCP (Chinese Communist Party) – to acquire sensitive technology, replicate it, and undermine the market share of U.S. firms with the help of the Chinese state.” Republican Senator Jim Risch notes how “China is going to be a major competitor of ours in every way that there is…”
China clearly saw the role of high technology in the aftermath of America’s stunning victory in Gulf War I, in 1991. Impressed by the United States military power, China adopted a strategic policy aimed at “winning local wars in conditions of modern technology, particularly high technology” regarding future military encounters. In 2004, just a year after the start of Gulf War II, China’s strategy shifted to that of “winning local wars under conditions of informationization.” As the Chinese saw it, “informationization has become the key factor in enhancing the warfighting capability of the armed forces.”
China: A Rising Power in Cybersecurity
Then, in 2013, a study by the Academy of Military Science, titled, “The Science of Military Strategy”, emphasized the importance of cyberspace as a new, yet essential domain in today’s growing military affairs. And in 2015, China further expressed the importance of cybersecurity in a Ministry of National Defense paper, titled “China’s Military Strategy,” defining cyberspace as a “new pillar of economic and social development, and a new domain of national security,” while also stating that “China is confronted with grave security threats to its cyber infrastructure” as “international strategic competition in cyberspace has been turning increasingly fiercer…” and “…countries are developing their cyber military forces.”
Two of China’s core objectives for cybersecurity are; (1). national security interests, (2). along with maintaining social order at home. From a social order perspective, China’s leaders are well aware of the power social media can play for billions of people, and the consequential changes that can come about. From the Arab Spring to Occupy Wall Street, China knows full well the power of the Internet in creating change, but potentially also, social unrest. In the eyes of Chinese leaders, they only have to look back to 1989 and the Tiananmen Square protests as evidence of the power of public persuasion.
Who can forget the brave soul who stood firmly in front of a column of tanks as they advanced across the square, shifting his position each time the front tank tried to maneuver around him? The video was smuggled out of China and given to a worldwide audience for all to see. This, all well before the dawn of the Internet and social media platforms such as Facebook, Twitter, and Instagram.
From a national security perspective, protecting its critical infrastructure at home is of top concern for China. Interestingly, while countless publications have been authored detailing China’s cyber assault on the United States, China itself knows full and well that their country is a prime target also. In recent years, the Chinese government has taken steps to better protect its own “critical information infrastructure” (CII). For example, operators of CII are instructed to follow specific security procedures, to store certain data within mainland China, along with utilizing new security review processes when acquiring IT equipment and services.
New Law of the Land
In 2017, China enacted the Cyber Security Law of the People’s Republic of China, commonly referred to as the China Internet Security Law, as further evidence of pushing forward with robust requirements relating to cybersecurity. Notable highlights of the law include the following:
- Clearly states requirements for the collection, use and protection of personal information.
- Frequently mentions the protection of “critical information infrastructure”.
- Requires personal information/important data collected or generated in China to be stored domestically.
- Critical cyber equipment and special cybersecurity products can only be sold or provided after receiving security certifications.
- Enterprises and organizations that violate the Cybersecurity Law may be fined up to RMB1,000,000.
As more Chinese gain access to the Internet and the luxuries of the new digital China, vulnerabilities to cyber threats are increasing also, prompting the country’s leadership to adopt aggressive cyber defense measures as a top priority. China may very well be home to some of the largest technology firms in the world – regardless – they still rely heavily on other companies all throughout the world. Chinese leadership is pushing hard to build a true and viable cybersecurity ecosystem, one that supports cyber defense initiatives at home, while allowing for rapid and growth and expansion abroad for Chinese technology firms.
Recently, one such firm, Qihoo 360, heeded the call for a return to China in hopes of helping further the country’s cybersecurity agenda as a world leader. Qihoo 360 actually delisted from the New York Stock Exchange in 2016, subsequently relisting in 2018 on the Shanghai exchange. And while Qihoo 360 and countless other Chinese tech companies are vying to be leaders on the world stage, they often face heavy criticism for their questionable business activities.
To learn more about cybersecurity and how to protect your organization, visit charlesdenyer.com today and get access to a wide range of world-class resources on all things cyber. Additionally, my companies offer comprehensive cybersecurity, data privacy, and regulatory compliance services & solutions for businesses all across the globe. Book a call with me today at charlesdenyer.com/contact and let’s discuss your needs.