{"id":38397,"date":"2018-04-09T14:30:28","date_gmt":"2018-04-09T04:30:28","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=38397"},"modified":"2018-04-09T14:26:44","modified_gmt":"2018-04-09T04:26:44","slug":"careful-wish-change-continuity-chinas-cyber-threat-activities-part-2","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/","title":{"rendered":"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2)"},"content":{"rendered":"
<\/figure>\n

At a time when \u2018cyber anarchy\u2019 seems to prevail in the international system, the emergence in 2015 of US\u2013China consensus<\/a> against \u2018cyber-enabled theft of intellectual property\u2019 initially appeared to promise progress towards order. The nascent norm against commercial cyber espionage that emerged between Xi Jinping and Barack Obama was later reaffirmed<\/a> by the G\u201120. China subsequently recommitted to this proscription in a number of bilateral agreements, including reaching<\/a> a parallel commitment with Australia in April\u00a02017.<\/p>\n

While frail<\/a>, such a norm might be celebrated as a triumph for cyber diplomacy, yet its inherent ambiguities have also created a grey zone that makes non-compliance difficult to demonstrate. At the same time, Beijing\u2019s pursuit of economic security means that priority targets will likely continue to face persistent intrusions from more capable threat actors.<\/p>\n

In fact, based on the technicalities of its terms, there\u2019s fairly limited evidence of Chinese cyber intrusions since 2015 that obviously or blatantly contravene the Xi\u2013Obama agreement.<\/p>\n

Arguably, US diplomacy has contributed to reshaping China\u2019s cyber-espionage operations. However, despite the decline in activities, the results haven\u2019t been entirely as intended. The pattern of activities undertaken by Chinese advanced persistent threat (APT) groups since the agreement reflects China\u2019s exploitation of the leeway in its phrasing. For example, the condition that neither the US nor China will \u2018knowingly\u2019 support IP theft may have encouraged higher levels of plausible deniability in Chinese cyber espionage operations since.<\/p>\n

Notably, in September\u00a02017 the Department of Justice indicted<\/a> \u2018owners, employees and associates\u2019 of the Guangzhou Bo Yu Information Technology Company Limited (Boyusec). Also known as APT3, Boyusec is notionally a private company, but seems to have operated as a contractor on behalf of China\u2019s Ministry of State Security (MSS).<\/p>\n

Despite the apparent redirection of Chinese military cyber forces to develop combat capabilities (see my previous post<\/a>), MSS-linked APTs have evidently remained quite active. But those groups now seem to operate with greater operational security and sophistication, at least compared to the relative \u2018noisiness\u2019 of previous APT groups.<\/p>\n

At the same time, because the Obama\u2013Xi agreement emphasised that cyber espionage shouldn\u2019t aim to provide \u2018competitive advantages to companies or commercial sectors\u2019, there isn\u2019t a clear proscription against intrusions that target US, Australian and international companies so long as the objective can plausibly be justified by strategic and defence interests.<\/p>\n

Even the US has, on occasion, engaged in cyber intrusions against foreign companies, including Huawei<\/a> and Petrobras<\/a>. Those activities might be differentiated<\/a> from Chinese activities on the grounds that the intent was not<\/em> to seek \u2018competitive advantage\u2019. However, the end use of exfiltrated data can be difficult to determine, and Beijing might draw on that US precedent to justify similar targeting for which the aims are ambiguous.<\/p>\n

And because the agreement is limited to activities that advantage the commercial sector, Chinese cyber intrusions that target a foreign nation\u2019s defence industry\u2014or pursue IP related to dual-use technologies\u2014could also be justified as consistent with the agreement. Unsurprisingly, APT activities against such targets have continued<\/a>.<\/p>\n

From that perspective\u2014and with the caveat that, as the findings from the US Section 301 investigation<\/a> in Chinese cyber activities note, \u2018publicly available information necessarily represents only a fraction of all relevant activity\u2019\u2014it appears that only a limited proportion of Chinese cyber threat activities since 2015 violates the agreement clearly enough to justify their being singled out.<\/p>\n

For instance, the Department of Justice\u2019s indictment of Boyusec identified victims that were clearly commercial\u2014Moody\u2019s Analytics, Siemens AG and Trimble Inc.\u2014and emphasised that stolen technologies such as Trimble\u2019s new GPS systems \u2018had no military applications\u2019.<\/p>\n

Also of note, APT10\u2019s \u2018Operation Cloud Hopper\u2019 targeted<\/a> managed IT service providers, enabling<\/a> it to \u2018move laterally onto the networks of potentially thousands of other victims\u2019. That would give it access and the capability to acquire information valuable for intelligence purposes. But some of those activities also targeted industries that have been prioritised under China\u2019s 13th Five-Year Plan or, in some cases, appeared to be designed to advantage Chinese corporate interests.<\/p>\n

Certainly, it\u2019s clear that Chinese cyber intrusions to steal IP have continued, even if there are fewer of them. And adherence to even the technicalities of the Obama\u2013Xi agreement has been incomplete and imperfect at best. According to the Section 301 investigation:<\/p>\n

The US Intelligence Community judges that Chinese state-sponsored cyber operators continue to support Beijing\u2019s strategic development goals, including its S&T advancement, military modernization, and economic development.<\/p>\n

This shouldn\u2019t be surprising, given that China\u2019s comprehensive approach to national (or rather \u2018state\u2019) security (\u56fd\u5bb6\u5b89\u5168) explicitly incorporates economic security, as highlighted<\/a> in the 2015 National Security Law (\u56fd\u5bb6\u5b89\u5168\u6cd5). Indeed, for the Chinese Communist Party (CCP) economic competitiveness is integral to the performance legitimacy<\/a> that bolsters regime security.<\/p>\n

Xi Jinping\u2019s public denunciation of \u2018cyber-enabled theft of intellectual property\u2019 is significant\u2014and, from a more optimistic perspective, could encourage a deeper reshaping of China\u2019s behaviour in the long term. Nonetheless, so long as China remains dependent upon foreign technologies to advance its (oxymoronically) indigenous (\u81ea\u4e3b) innovation, the CCP\u2019s commitment to a range of tools to promote technology transfer is unlikely to succumb to diplomatic pressure without major changes in the incentives for Chinese leaders.<\/p>\n

Pursuant to a new strategy for \u2018innovation-driven\u2019 development, China is, however, also seeking to advance truly \u2018made in China\u2019 innovation. In the near future, its reliance upon overseas \u2018innovation resources\u2019\u2014accessed through licit and illicit means of tech transfer, as well as through research partnerships and collaborations\u2014seems likely to persist. However, the ultimate objective is to enable China to emerge as a true leader in disruptive innovation in next-generation technologies, including through major increases in funding for basic research. The outright theft of IP may therefore become less important to Beijing. In the meantime, the Chinese cyber threat will persist, necessitating persistence in cyber diplomacy. Therefore, likely targets of Chinese cyber intrusions should concentrate on bolstering their defences and resilience against risks that will remain persistent, while becoming more sophisticated.<\/p>\n","protected":false},"excerpt":{"rendered":"

At a time when \u2018cyber anarchy\u2019 seems to prevail in the international system, the emergence in 2015 of US\u2013China consensus against \u2018cyber-enabled theft of intellectual property\u2019 initially appeared to promise progress towards order. The nascent …<\/p>\n","protected":false},"author":772,"featured_media":38398,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[52,2138],"acf":[],"yoast_head":"\nCareful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist\" \/>\n<meta property=\"og:description\" content=\"At a time when \u2018cyber anarchy\u2019 seems to prevail in the international system, the emergence in 2015 of US\u2013China consensus against \u2018cyber-enabled theft of intellectual property\u2019 initially appeared to promise progress towards order. The nascent ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-09T04:30:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-04-09T04:26:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"504\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Elsa Kania\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elsa Kania\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg\",\"width\":640,\"height\":504},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/\",\"name\":\"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#primaryimage\"},\"datePublished\":\"2018-04-09T04:30:28+00:00\",\"dateModified\":\"2018-04-09T04:26:44+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/e893a896e6338bcd36a7f5966bf3ccbb\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2)\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/e893a896e6338bcd36a7f5966bf3ccbb\",\"name\":\"Elsa Kania\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/aef4881166be1f93f9dd220822b567e9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/aef4881166be1f93f9dd220822b567e9?s=96&d=mm&r=g\",\"caption\":\"Elsa Kania\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/elsa-kania\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/","og_locale":"en_US","og_type":"article","og_title":"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist","og_description":"At a time when \u2018cyber anarchy\u2019 seems to prevail in the international system, the emergence in 2015 of US\u2013China consensus against \u2018cyber-enabled theft of intellectual property\u2019 initially appeared to promise progress towards order. The nascent ...","og_url":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-04-09T04:30:28+00:00","article_modified_time":"2018-04-09T04:26:44+00:00","og_image":[{"width":640,"height":504,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg","type":"image\/jpeg"}],"author":"Elsa Kania","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Elsa Kania","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/04\/1594411528_1512b1aad5_z.jpg","width":640,"height":504},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/","url":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/","name":"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2) | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#primaryimage"},"datePublished":"2018-04-09T04:30:28+00:00","dateModified":"2018-04-09T04:26:44+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/e893a896e6338bcd36a7f5966bf3ccbb"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Careful what you wish for\u2014change and continuity in China\u2019s cyber threat activities (part 2)"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/e893a896e6338bcd36a7f5966bf3ccbb","name":"Elsa Kania","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/aef4881166be1f93f9dd220822b567e9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aef4881166be1f93f9dd220822b567e9?s=96&d=mm&r=g","caption":"Elsa Kania"},"url":"https:\/\/www.aspistrategist.ru\/author\/elsa-kania\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/38397"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/772"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=38397"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/38397\/revisions"}],"predecessor-version":[{"id":38401,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/38397\/revisions\/38401"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/38398"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=38397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=38397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=38397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}