China and the Cyber Great Game
Beijing and Washington have launched a digital arms race that could spill over into other areas.
Last month, the private cybersecurity firm Mandiant issued a report claiming to directly link the Chinese military to cyber espionage against American and other western economic targets. The detailed report alleges that People’s Liberation Army (PLA) Unit 61398 is stealing business and technological secrets in support of China’s twelfth five-year plan for economic development, but also suggested Unit 61398 is only one of many units engaged in the theft of sensitive U.S. economic data.
If true, these allegations would confirm the long-held suspicion among many analysts that the Chinese government is involved in economic cyber espionage.
Although significant in its own right, the PLA’s apparent involvement in cyber espionage has broader implications. In particular, the allegations against Unit 61398 and other recent developments highlight the emerging great game in cyberspace across the Asia-Pacific—as well as the growing link between competition in cyberspace and traditional geopolitics.
The interconnected nature of the Internet has allowed cyber espionage to impose economic costs that are historically unique, creating enormous pressures for states and other organizations to respond. In the case of the United States, gauging the cost of cyber espionage to the economy is difficult. Although intelligence reviews point out that estimates range from $2 billion to $400 billion each year, NSA Director General Keith Alexander has said that cyber theft of economic information represents “the greatest transfer of wealth in human history.”
Moreover, these economic cybersecurity challenges originate disproportionately from the Asia-Pacific, the emerging global power center and increasing focal point of American security policy. A 2012 report by the Internet firm Akamai alleges that 51 percent of cybersecurity breaches worldwide originate in the Asia-Pacific, with one third of global totals originating from China.
While verifying such claims is inherently difficult, these figures roughly correspond to other reporting efforts. For example, the Department of Defense claims that the Asia-Pacific accounted for 43 percent of attempts to illegally access sensitive information in the defense industry. Additionally, an unclassified 2011 intelligence report characterized the Chinese as the “the world’s most active and persistent perpetrators of economic espionage.”
But the emerging great game in cyberspace for access to sensitive data stretches across both sides of the Pacific. China in particular is feeling increased pressure. In response to the Mandiant report, the Chinese Ministry of Defense spokesman Gang Yenshang claimed that of attempts to hack PLA military websites, nearly 63 percent originated from the United States.
Despite the already historic nature of cybersecurity challenges there are a number of signs that cyber tensions across the Pacific are likely to intensify. More troubling, these tensions are breaking out of cyberspace and generating new risks for regional geopolitics.
First, Beijing and Washington appear to be inching closer towards history’s inaugural large-scale cyber arms race. In Beijing, the PLA is continuing its efforts to be able to “win local wars under conditions of informationalization” by mid-century. This includes developing military cyber capabilities to help achieve information dominance during conflict—a theme that is repeated in authoritative Chinese military texts. In Washington, the Pentagon is proceeding with a number of high-level cyber initiatives. Over the next few years, the Department of Defense plans to increase its cyber personnel by five-fold. The military is also funding aggressive research projects like DARPA’s “Plan X,” which aims to achieve major breakthroughs in military cyber technology.
While neither state’s military cyber programs are directed exclusively at the other, there is no doubt that the threat perception between Beijing and Washington plays a substantial role in developing military cyber power on both sides.
But the potential effects of these developments are not confined to the military dimension of the Sino-U.S. relationship. Instead, there is growing potential for feedback between the competition for military advantage in cyberspace and the conduct of economic cyber espionage. Given the apparent Chinese military involvement in economic espionage in cyberspace, future increases in the capabilities of Chinese government cyber actors—like PLA Unit 61398—would translate into greater ability to steal economic data from foreign economies. Therefore, as competition with the U.S. military drives the PLA to become more capable in cyberspace, an unintended consequence for Washington may be undermining U.S. economic cybersecurity.
Second, cyber tensions between Washington and Beijing are becoming more strongly linked to the broader bilateral relationship. Following the release the Mandiant report, the New York Times reported that the Obama administration views Chinese cyber intrusions as “so intense that they threaten the fundamental relationship between Washington and Beijing.” Far from a knee-jerk reaction, this follows former Secretary Clinton’s initiative over the past year to elevate the significance of cybersecurity at the U.S.-Chinese Economic and Security Dialogue.
Beyond words, the Obama administration is already injecting cybersecurity objectives into its major actions in the region. The administration’s recent Strategy on Mitigating the Theft of U.S. Trade Secrets is a case in point. The strategy, which was released on the same day as the Mandiant report, focuses heavily on cyber theft. Among its many provisions, the document highlights the importance of “trade secret protections” in the Trans-Pacific Partnership (TPP), a free-trade agreement being negotiated by the United States and ten other Asia-Pacific economies.
To be sure, inserting trade-secret protections into the TPP is part of a broader attempt to create norms against economic espionage in cyberspace—an effort that spans well beyond U.S. competition with China. Nonetheless, the reality that China leads the international theft of sensitive American economic data makes it difficult to reach any conclusion other than that the move is at least in part directed towards Beijing.
Chinese leaders are predisposed to reach a similar conclusion, only in much stronger terms. A 2011 commentary appearing in the Party-controlled People’s Daily voiced the common view that the TPP is in part intended “to constrain China’s rise,” something partially evidenced to Beijing by the fact that China has not been included in TPP negotiations. While China is not formally precluded from joining TPP accession negotiations, the high standards of the agreement regarding intellectual-property and trade-secret protections make Beijing’s accession effectively impossible given its behavior in cyberspace.
While Beijing’s concerns are overblown, the TPP does demonstrate growing momentum on Washington’s part to use a comprehensive approach outside of cyberspace to protect sensitive data from theft led by Chinese actors. Although such protective measures are not unreasonable, in the case of the TPP they nonetheless insert the adversarial logic of cybersecurity into the logic of economic competition and accommodation.
However understandable, these developments entail notable risk. Common wisdom holds that economic interdependence undergirds political stability between states. But the stabilizing effects of interdependence in the Asia-Pacific may be lessened by extending aspects of U.S.-Chinese security competition, whether cyber or otherwise, into the region’s economic architecture.
While trade-secrets protections in the TPP alone certainly cannot corrupt the stabilizing effects of the region’s economy, relations between great powers would risk exactly that outcome if they make a norm out of using trade as a disciplinary tool for cyberspace or other security conflicts. And if the U.S. government is in the business of norm making, these risks deserve very real and public consideration.
There is no doubt that Washington has to increase efforts to protect the American economy from exploitation in cyberspace. Yet, just as the need for the United States to tackle the historic challenge of cybersecurity is increasing, so too are the risks of missteps. While great powers have had to adjust to each other before, this is the first time that budding great-power competition and cooperation has had to find its way through cyberspace. All the more reason for balance and caution.
Bill French is a policy analyst at the National Security Network. Follow him at @BillyBobFrench.
Image: Chinese propaganda poster (public domain) with arduino (Wikimedia Commons/Hare Jan Kamps, CC BY-SA 3.0).