China’s Cyber Strategy: Manipulating the Threat of Chinese Cyber Operations

global cyberspace — Global Cyberspace | Image: How to Hack WiFi http://www.freehowtohackwifi.com/general-wifi-hacking/battlefield-internet-cyber-safety-today/

Alexander Farrow is an A.B. Candidate at Harvard University, concentrating in Government with a focus on national security.

Abstract

In recent years, China has increased its cyber warfare operations, including espionage, direct attacks, and more. Its overall strategy embodies cohesively coordinated international targeting to bolster the state’s raw power. However, China does this in a covert manner, parading a peaceful international image to prevent other nations from forming coalitions against its emerging strength.

Keywords: Cyber warfare, China, balance of power, espionage

Introduction

In spring 2015, the United States government discovered a security breach in the Office of Personnel Management (OPM) computer system. The breach, affecting 22 million Americans, compromised of confidential information from American federal workers who have applied for security clearances; their social security numbers, family connections, and more information were stolen in the breach.¹ The number of aggressive cyber-attacks allegedly originating from China, like the OPM hack, has spiked in recent years.²

China’s deployment of cyber warfare has been contradictory to their international image. From engaging in international institutions to maintaining third-world diplomacy without political stipulations, China has been extremely conscious about its international image.³ If China is sensitive about its international image, why then, does it conduct aggressive cyber operations against other nations? China’s cyber strategy suggests that it minimizes its overall threat perception while simultaneously maximizing its raw power. To logically support this claim, I will construct a threat theory argument and use historical examples to illustrate how threat theory applies to China’s cyber strategy more specifically.

Threat Theory

Threat theory, as a form of psychological realpolitik, incorporates elements of both perception as well as raw power.[4Walt, Stephen. The Origin of Alliances. Ithaca: Cornell, 1987. 17-49.] China, in effect, minimizes its threat perception while maximizing its aggregate power. This, in turn, changes other nations’ perspectives of Chinese foreign policy. In the following sections, I will illustrate this theory more substantially by explaining balance, power, and perceptions.

By definition, balancing is the strategy of counteracting the offensive capacity of another nation.⁴ Furthermore, there are two distinct methods of balancing: external and internal balancing. External balancing most commonly takes the form of coalition-building. If we imagine a situation, for example, in which Nation A contains incredibly vast offensive capacity and intent, Nations B and C have an incentive to balance this power by aligning themselves with each other in a cohesive coalition. Conversely, internal balancing is when a nation increases its own capacity to counteract another nation. For example, if the aggregate capacity of Nations B and C is still not enough to effectively deter Nation A, perhaps each coalition nation will also internally balance by increasing military spending respectively. By doing so, a balancing nation can maximize its chance of protecting its self-interests.

The way that a nation balances against another nation is by manipulating its overall threat. Threat, as international relations theorist Stephen Walt defines it, is a combination of perceptions and raw power. If a nation increases both its threat perception as well as its actual raw power, it can maximize its overall threat. Conversely, if a nation decreases both variables, it appears less threatening to other nations in the international community.

Power indicates how much capacity a nation has to manipulate the international sphere. Power encapsulates both aggregate and offensive power. Aggregate power is the summation of a nation’s resources.⁵ From population to industrial capacity to economic strength, aggregate power is an overall measure of a nation’s capacity to project influence. The United States, for example, prevents balancing by voraciously controlling all resources possible; in this way, it can secure its position as a top aggregately powerful nation. Offensive power, similarly, is the ability to threaten at an acceptable cost.⁶ Modern Russian aggregate power, for example, may not be as high as the United States’ aggregate power. But, its niche is offensive power, Soviet military and nuclear arsenals from the Cold War are still maintained. Russia can project power lethally as it is able to rearm rapidly in periods of conflict. This, in turn, provides Russia with an effective means of deterrence towards hostile countries.

Perception, as I will define it, is how much a nation propagates its power. Even though nations may possess tremendous amounts of power, perception is important to how other nations view their power as a threat. There are two main elements that factor into a nation’s perception level: (1) geographic proximity to other nations and (2) aggressive intention. In terms of geographic proximity, “states that are nearby pose a greater threat than those that are far away”.⁷ For example, the United Kingdom’s primary concern immediately preceding WWII was not so much instability in Brazil but turmoil in Germany. This point is intuitive, as Germany posed a much more tangible and real threat to the United Kingdom. However, I argue rather that geographic proximity is a more relevant factor in other realms of warfare than cyberwarfare. In cyber warfare, there is no added effort to attack a nation by proximity; the World Wide Web connects every nation that has access to it. China attacking Taiwan is as feasible image as China attacking Brazil, in terms of proximity. The world has become one small battlefield.

I define four different types of states: non-threatening, bluffing, hegemonic, and covert states. A non-threatening state maintains low power and perception, as it seeks to minimize its overall international threat. An example of such a state is modern Japan. With no substantial military and no vehement propaganda, Japan relies primarily on the United States’ projection of power for protection; we might expect to find many other nations which free-ride security in this category. The bluffing state maintains low power but a heightening perception. States like Japan often include weak authoritarian nations that have leaders with domestic incentives to bolster perceived capacity. Iraq under Saddam Hussein is representative of this category, as Hussein’s claims of a superior Air Force and hints of weapons of mass destruction from the Iraq War were inflated. The state’s perception of power was greater than its actual capacity. If the domestic politics alternative hypothesis outlined above were true, China would fall under this category. But, as I have shown, the Chinese Communist Party’s efforts to manipulate cyberspace for domestic politics are weak. A hegemonic state is one that boasts its capable power. It is possible that many powerful democratic states, like the United States, may fall within this category. Maintaining a high capacity through industrialization and capitalism, the state boasts its potential through transparent democratic institutions. Finally, a covert state is one that maintains high power but creates a low threat profile in the international community. An example of a convert nation would be Israel, which maintains a tremendous amount of military power but often portrays itself as a helpless victim of Islamic violence in the region. Nations may change their overall threat perception level by manipulating these variables as they see applicable to their national security strategies.

Figure 3: Threat Matrix

(Perception, Power)	Low Perception	High Perception
Low Power	Non-threatening state, no balancing	Bluffing state, some balancing
High Power	Covert state, some balancing	Hegemonic state, high balancing

In terms of cyber operations, China embodies a covert state. It minimizes its perception while maximizing raw power. An advantage of this strategy, of course, is to minimize the potential for other nations to balance against China. By doing so, China can covertly continue to accumulate raw power while appearing non-threatening. This strategy focuses on the international community as a whole, undermining potential American allies by portraying a façade of innocence. This would debase potential balancing with the United States, creating a power void in which China can focus on bolstering its overall power. In the following sections, I will illustrate examples of China’s covert cyber strategy.

Minimizing Threat Perception

China cares about its international reputation historically speaking. The 1996 Comprehensive Test Ban Treaty is the prime example of this phenomenon. The Chinese nuclear weapon community initially opposed the stipulations of the treaty, as China sought to increase its raw nuclear power.⁸ However, after delaying negotiations, China eventually accepted the terms of the agreement. Perhaps this is due to conscientiousness about comforting the international community. Because the Treaty represented a “great international trend”, opposing it would isolate China and perhaps portray it as an aggressive state that seeks nuclear proliferation for its own benefit. This gesture might have sparked external balancing from nations that may have been threatened by China’s nuclear stance, like Japan and South Korea. They, too, might have begun to develop nuclear technology in order to balance against China’s aggressive intentions. Therefore, China, to some degree, is conscientious about the image it portrays in the international community.

As I will illustrate, there are two main tactics with which China manipulates its cyber image: participating in international institutions and disavowing responsibility.

International Institutions

China engages with international institutions to converse broadly about the scope of cyber warfare. While calculatingly not understating the importance of cyberspace, “it seeks to promote vigorous discussion by taking part in academic exchanges with its international counterparts”.⁹ For example, from 2009 onward, China has engaged in bilateral discussion with nations like Japan, in order to define the scope and implications of ‘cyber power’.¹⁰ Chinese diplomats have advocated through international institutions some primary interest points, including freedom of the Internet, the principle of balance, peaceful use, and equitable development.¹¹ Chinese officials have even advocated for the Law of Armed Conflict in the Geneva Convention restrictions to be applied to military cyber warfare. These principles all embody fair and non-threatening intentions to use the framework of the international community and formalize cyberspace. Other nations that observe these positions are less likely to balance against China in cyberspace because of its persona of peaceful cyber-existence. This effort increases perceived transparency on China’s cyberspace strategy, perhaps assuaging the international community’s concern of potential aggression.

Disavowing Responsibility

There are examples, however, when China is caught with its hand in cyber space. But, when China is implicated as a cyber aggressor, often by the United States, it promptly disavows responsibility. It is important to note that the line between military and civilian hacking is often blurred, perhaps intentionally.¹² For instance, this makes it easy for the People’s Liberation Army (PLA) to dismiss evidence that a hacking operation is associated directly with the government or military. However, there are times when the connection to the Chinese government is more obvious. One such instance was when the United States indicted several PLA officers for hacking in 2014.¹³ The United States discovered a tangible connection to the PLA and chose to publically implicate the Chinese military as the sole source of an attack. The United States Department of Justice formalized the indictments, as an accusation by the Department of Defense might have been misconstrued as a military conflict or an act of war. In response, China quickly and promptly disavowed all of the allegations. Additionally, it revamped its committees on cyber regulation, in an obvious effort to portray to the rest of the world a façade of self-control. In that respect, China, by disavowing responsibility, seeks to lessen its cyber threat perception.

Maximizing Raw Power

It is evident that, China has sought to increase its raw power historically. A prominent example is when China adopted a ‘lean to one side’ policy with the Soviet Union. After enduring a revolution, Chinese industrialization was burdened by hyperinflation, unemployment, and low agricultural production.¹⁴ Furthermore, the nation was left extremely weak in defense. Consequently, this left China vulnerable to conquest or subordination to greater powers, like the Soviet Union or the United States. After aligning with the Soviet Union, though, China rapidly developed its economic and military capacity. In that respect, borrowing the Soviet model of industrialization helped China to quickly gain raw power. Although alliances have shifted and dissolved over time, China still maintains – at least in the cyber world – an ardent thirst for raw economic and military power.

Economic Power

Maintaining stable economic growth as the population ages is a major concern for China.¹⁵ Accordingly, industrial espionage is a large factor of offensive cyber operations, with Chinese actors stealing information such as trade secrets and research. Furthermore, these operations are actually, according to Amy Chang, a research associate at the Centre for a New American Security, directly attributable to the government itself – private economic actors are working through the medium of the government to gain an advantage. Not only does cyber espionage focus on stealing developed technology, it also bolsters China’s capacity to stimulate its own research and development. The amount of damage to the United States economy (the main target of industrial espionage) is impossible to pinpoint, but there is plenty of evidence to suggest the costs are fairly high.

One such example of suspected Chinese industrial theft is with the aviation industry. The Department of Defense spent billions of dollars on the Lockheed Martin F-35 Joint Strike Fighter program. As a fifth generation stealth fighter jet, the F-35 is far more advanced than any jet any other nation could conjure; it is advertised as unbeatable. However, in 2013, it was suspected that Chinese hackers stole the unclassified information that formed the barebones for the design.¹⁶ The allegations are only unclassified suspicions, but many questions were raised when the Chinese Air Force mysteriously developed a very similar looking aircraft after the hacks.¹⁷ No other nation has yet developed an F-35 copycat, and China’s prompt replication is most definitely suspicious. In this way, China allegedly stole from the United States billions of dollars of development. Cyber warfare is a cheap tool for expensive toys.

Military Power

Cyber operations also focus on maintaining a military advantage. Firstly, cyber military espionage identifies weak points in other nations’ capabilities. In wartime, cyber espionage is important to identify operational weak points, identifying and targeting infrastructure susceptible to certain direct strikes. Even in peacetime, “the main mission of computer reconnaissance is to collect and analyze the information systems of possible adversaries to identify weaknesses in order to facilitate first strikes”.¹⁸ In that regard, espionage always yields the capacity to bolster military power because it allows a nation to identify striking points. This is important because when a nation finally decides to engage in conflict, it has the capacity to strike first, and strike devastatingly. First-strike advantage is important in overall deterrence theory, as the nation that can attack first has the potential and incentive to wipe the other nation out quickly and more aggressively.

Cyber espionage leads to cyber strikes. Cyber strikes are defined as “[the destruction of] an enemy’s information network systems and network information technologies through the use of denial of service attacks, malware, and deceptions”.¹⁹ These attacks are dangerous because they can directly invade the command and control center of another nation. Disrupting satellites, targeting power grids, and shutting off water supplies are all ways in which cyber offense manifests direct damage on a nation’s infrastructure. In this way, cyber offense truly can incapacitate a society.

There exists very little open-source empirical evidence for the effectiveness of cyber military power. Rather, we must rely upon analyzing professional conversations on the subject. Substantial Chinese military doctrine, for example, spells out the necessity for conducting cyber offense in this capacity.²⁰ In fact, PLA doctrine prioritizes maintaining offensive cyber capacity in order to gain the edge, specifically on the United States. Espionage and striking remain the highest priorities of the PLA’s cyber program, indicating its voracious craving for military superiority. It seems, in this way, that the PLA is fully aware and willing to use cyber warfare to disable another military’s capacity.

Concluding Remarks

I claim that China’s cyber strategy suggests that it minimizes its overall threat perception while simultaneously maximizing its raw power. The purpose of this strategy is to increase China’s economic and military power in relation to other nations. To do so, China maintains a low profile threat perception by actively engaging in international institutions in order to define and regulate the use of cyber space. Using covert cyber warfare, China may very well continue to easily bolster its raw power. Other potential balancing nations should see past the façade, and realize that China’s pervasive informational arbitrage.

References

Chang, Amy. “Warring State: China’s Cybersecurity Strategy.” Center for a New American Security (2014).

Freedberg, Sydney. “Top Official Admits F-35 Stealth Fighter Secrets Stolen”. Breaking Defense. 2016.

Hjortdal, Magnus. “China’s Use of Cyber Warfare: Espionage Meets Strategic Deterrence.” Journal of Strategic Studies IV.2 (2011): 1-24.

Jian, Chen. Mao’s China and the Cold War. 2001.

Kan, Shirley. China and Proliferation of Weapons of Mass Destruction and Missiles: Policy Issues. Rep. Congressional Research Service, 2015.

Levine, M., and J. Date. “22 Million Affected by OPM Hack, Officials Say.” ABC News. ABC News, 2015.

Lindsay, Jon. “The Impact of China on Cybersecurity.” International Security 39.3 (2015).

Pollpeter, K. “Chinese Writings on Cyber Warfare and Coercion.” China and Cybersecurity (2015).

Walt, Stephen. The Origin of Alliances. Ithaca: Cornell, 1987.

Wang, Jianwei, and Jing Zou. “China Goes to Africa: A Strategic Move?” Journal of Contemporary China 23.90 (2014).

Zhang, Li. “A Chinese Perspective on Cyber War.” International Review of the Red Cross 94.866 (2012).

Defense One,. “China’s Copycat Jet Raises Questions About F-35”. N. p., 2016. Web. 23 Jan. 2016.

The content of this article does not represent the positions, research methods, or opinions of the Synergy Editorial Committee. We are solely responsible for reviewing and editing submissions. Please address all scholarly concerns directly to the contributor(s) of the article.