Why does US doubt China amid cybersecurity concerns?

The FBI assesses that a recent series of cyberattacks against the US Office of Personnel Management can be blamed on China. The attacks stole the private details of at least four million current and former US federal employees, including identifying which personnel hold high levels of security clearance. Naturally, China denies any role in the affair.

But therein lies a key advantage of cyber-based espionage: its raw deniability.

Cyber espionage has many advantages over what spies refer to as “HUMINT” (“human intelligence”)-gathering techniques. HUMINT can be a long and frustrating process. Identifying, cultivating and training reliable agents to spy on a foreign power can take years. A cyberhack, however, can gather a million times the data a human agent can in a fraction of the time, while shielding the attacker from the risks of discovery and inevitable diplomatic retaliation.

This isn’t the first time the US has accused China of launching cyberattacks. In February 2013 the US Department of Homeland Security alleged that between December 2011 and June 2012, cyber criminals targeted 23 companies responsible for gas pipelines. The stolen information would be essential in conducting a successful campaign of sabotage directed against the US critical national infrastructure. US analysts suggested that these attacks originated from computer servers in China.

In October 2011 Chinese intelligence was suspected of orchestrating cyberattacks that ransacked vital defence information from 48 US major defence contractors. But, as CNN reported, perhaps the worst incident took place in February 2012 when Chinese hackers allegedly stole classified information relating to the US state-of-the-art F-35 Joint Strike Fighter – one of the world’s most advanced fighter planes.

What is known is that China invests heavily in maintaining a cyber warfare capability. In March 2015 the Chinese government finally admitted to possessing a network of highly trained civilian and military cyber warfare units. Joe McReynolds, a defence analyst for the Center for Intelligence Research and Analysis and author of a book on Chinese espionage, has outlined that China operates a three-tiered network for cyber activity.

Firstly, McReynolds explains, there are “specialised military network warfare forces”, which are used by the Chinese People’s Liberation Army for attacking computer networks. Secondly, China employs specialists in the civilian Chinese Ministries of State Security and Public Security which, according to McReynolds, “have been authorised by the military to carry out network warfare operations.” Finally, there are “external entities” who operate outside the official control of Chinese government. These are rogue hackers employed on highly deniable “hack for cash” basis.

In an announcement today the US Secretary of State, John Kerry, said he had begun to discuss with his Chinese counterparts the development of a code of conduct to agree accepted international behaviours in cyberspace.

It would be naïve to assume any international agreements will have lasting and practical effects in protecting the USA from further cyberattacks. Dedicated and professional intelligence agencies will simply work harder at avoiding detection.

Chris Gilroy