In cyberwarfare, one nation attacks or disrupts another’s operations by hacking into its computer networks. The term covers a wide range of activities, including computer-based attacks on physical infrastructure, cyber-espionage and ransomware.
In a speech last July, FBI Director Christopher Wray said of the cyber-threat from China: “The stakes could not be higher, and the potential economic harm to American businesses and the economy as a whole almost defies calculation.” Similarly, a senior defense quoted in a New York Times article said: “In the cold war, we were focused every day on the nuclear command centers around Moscow… Today, it’s fair to say that we worry as much about the computer servers in Shanghai.”
In 2018, the US established the Cybersecurity and Infrastructure Security Agency (CISA) to deal with this threat and to improve security across all government computer systems. Why just two years ago? As a recent Washington Post article noted “The majority of major destructive cyberattacks have taken place in the past few years… [And] with many militaries… racing to develop and integrate their own offensive hacking tools, the trend of geopolitical aggression seems set to grow.”
When specific US cyberthreats are identified, CISA issues special advisories. For example, in August one advisory warned “organizations researching COVID-19 of likely targeting and attempted network compromise by the People’s Republic of China.” In October, another advisory warned of the threats of increased US-China tension, and described some of the known viruses, worms, and other tactics that have been associated with the Chinese government and their proxies.
In their most extreme forms, computer viruses and worms could theoretically shut down the US power grid and its military Command and Control centers. Or, on a more pedestrian level, cyberwarfare could prevent every American from accessing their bank accounts, and sow havoc throughout our heavily computerized society.
Could China actually do any of these things yet? Answers may appear in classified documents somewhere, but you and I will not know anytime soon. As a Forbes article last year summed it up “Offensive cyber capabilities have long been the most sensitive and nationalistic of government activities, clouded in secrecy and deniability.”
To date, there have been only a few attacks major cyberattacks on infrastructure. The most famous may have been in 2015 and 2016, when Russian computer viruses shut down power plants in the Western Ukraine, and hundreds of thousands of customers lost electricity temporarily. Another candidate for the most famous example is the 2010 Stuxnet virus, which damaged and destroyed Iranian nuclear centrifuges by causing them to spin out of control. Although no country has ever admitted to the Stuxnet attacks, it is widely accepted that two governments were responsible: Israel, and our very own US of A.
Although China has not yet been associated with an attack of this magnitude, China’s hackers have been detected probing a Canadian company that “designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.”
But as a Washington Post review noted, “looking for theatrical cyberattacks means missing the ones that matter most. Cyber-engagements between nations are daily competitions in which the United States, Russia, China and others continually struggle for advantage.”
Perhaps the greatest cyber-threats these days are in the area of espionage. The Chinese government is believed to be behind stealing designs of a number of US weapons systems, including “the F-35 Joint Strike Fighter; the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense; and the Navy’s new Littoral Combat Ship, a small surface vessel designed for near-shore operations.”
Chinese agents now seem focused on stealing intellectual property in a wide variety of emerging industries “including healthcare, financial services, defense industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace), communications, IT, international trade, education, videogaming, faith-based organizations, and law firms.”
In September, the Department of Justice unsealed indictments which charged that “a group of hackers associated with China’s main intelligence service had infiltrated more than 100 companies and organizations around the world to steal intelligence, hijack their networks and extort their victims… These for-profit criminal activities took place with the tacit approval of the government of the People’s Republic of China.” Unfortunately, according to a department of Justice press release regarding this case, “the Chinese communist party has chosen… [to make] China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
The charges against the defendants include “racketeering, conspiracy, wire fraud, money laundering, and aggravated identity theft.” (I would have thought that all identify theft is pretty aggravating, so I had to look up the last term. Turns out it refers to using stolen identities in a felony.) In a new low, the Chinese hackers even conducted “a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.”
The hacking tactics they used were so sophisticated that it is clear that the Chinese government must have been involved.
For example, in some cases the Chinese hackers used “supply chain attacks,” the same approach Russians used in a massive hack revealed a few days ago. According to an article in yesterday’s Washington Post, the Russians first hacked, into “SolarWinds, a Texas-based maker of network-monitoring software, and then slipped the malware into automatic updates that network administrators… routinely install to keep their systems current.” Solar Winds has reported “that nearly 18,000 of its customers may have been affected worldwide,” including servers in the US Departments of State, Treasury, Homeland Security, Commerce, the National Institutes of Health, and maybe others. After getting a classified briefing on Solar Winds two days ago, Sen. Richard Blumenthal (D-Conn.) tweeted that the details “left me deeply alarmed, in fact downright scared.”
So, in a world that already has more than enough problems, we can now add a messy new “kind of guerrilla warfare characterized by continued digital skirmishing between the United States and China, together with a threatening proliferation of intelligence-gathering activities, sabotage and influence.” And, according to a NY Times opinion piece “there is particular danger in cyberwar, with its inchoate rules of engagement, lack of international consensus on the legitimacy of different types of targets, and lack of meaningful experience to underpin the understanding of collateral effects.”
This situation is likely to get worse before it gets better, maybe much worse.
A few years ago, “former FBI director Robert Mueller commented that there are only two types of companies: those that have been hacked and those that will be… Since then, more than 80% of economic espionage cases against the United States have been linked to China.”
And, as Marietje Schaake, International Policy Director at the Cyber Policy Center at Stanford has written in Foreign Affairs, “Perpetual intrusions and cyberattacks suggest that in the battle between hackers and governments, democratic governments are losing.”