China’s digital prowess is an immediate and high-level threat to the United States. It cannot be stated more plainly. How our loss of cyber security occurred over the last two decades is, perhaps, more disconcerting as the US and other democracies had plenty of warning. The Western world chose to relegate the issue to a “future potential challenge” status that it believed could be overcome by creating a friendly relationship with the communist giant. Since China’s opening to the democratic West, Beijing has failed repeatedly to abide by the rules-based international order. The West, in turn, has failed to hold China accountable for its actions. The free world is paying a high price and it may be too late to stop China.
Kinetic warfare is only one type of combat. In our digital world today, vast armies work from home behind computer screens. The digital threat mounted by China’s military since Xi Jinping assumed power is real, growing, and in some areas surpasses the United States’ capability to defend against it. Although China’s hacking teams have been hard at work since the early 2000’s, Xi first prioritized cybersecurity (AKA cyberwarfare) as a policy in 2014. He ordered increased funding for cybersecurity research and recruited talented young Chinese in universities, the bureaucracy, and security services who could wreak havoc throughout the digital world.
“The Chinese state has systematized cybersecurity education, improved students’ access to hands-on practice, promoted hacking competitions, and collected vulnerabilities to be used in network operations against China’s adversaries, according to CyberScoop’s Dakota Cary. These better resourced and trained teams, he says, put companies at risk of further compromise and create an additional imperative for the US and allied nations to improve defenses of government networks. In 2014 Xi formed the Cybersecurity and Informatization Leading Small Group inside the CCP.
Less recognized at the time was that China secretly was fashioning their cybersecurity on the American intelligence community’s Centers for Excellence model. After analyzing the United States’ National Initiative for Cybersecurity Education, Beijing established a board of academics from universities across the country. The government developed a list of core competencies needed by Chinese students graduating with a cybersecurity degree and rolled out a full curriculum to be followed by the country’s top universities. By 2014, only two years after prioritizing and funding the initiative, the government under Xi’s direction established a new agency call the Cyberspace Administration of China (CAC). This allowed the Chinese Communist Party’s (CCP) Cybersecurity and Informatization Committee of the CCP Central Committee (CIC) to present the effort as a government operation to global businesses and foreign agencies.
“One of the CAC’s first acts was to publish a National Cybersecurity Strategy for China,” according to Cary. Two of the regions developing programs, he notes, were modeled on North Carolina’s Research Triangle Park. China’s National Cybersecurity Talent and Innovation Base is in Wuhan. There is a 15-square-mile campus with a fourth of it dedicated to the National Cybersecurity School, the Offense-Defense Laboratory, the Combined Cybersecurity Research Institute, and supporting computational, data storage and cyber range facilities, says Cary. “The remainder of the campus,” he adds, “offered tax incentives to people and businesses wishing to set up shop next to the base.” Central government policymakers made the project a national asset in late 2016 but didn’t stop there. A year later another provincial project was nationalized in support of the cyberwarfare effort. The Guiyang National Big Data Cyber Range now hosts cybersecurity competitions, industrial hardware for OT hackers, and apparently enough server space to count as “big data,” says Cary. Unlike the democratic West, the CCP and the central government can quickly co-opt so-called private infrastructure to serve the country.
To keep the effort moving China adopted a program in 2017 that mirrors the Center for Academic Excellence-Cyber Operations certification awarded by seven US agencies, including the National Security Agency and Department of Homeland Security. Today it runs hundreds of cyber hacking competitions to identify new “national resources” to be China’s digital warriors and software vulnerability researchers. The competitions are modeled again on the US Defense Department’s DARPA (Defense Advanced Research Projects Agency) which hosts a Grand Cyber Challenge. A recently released report, authored by several of the world-class cybersecurity schools in partnership with the Chinese Academy of Sciences, the Ministry of Education, and the cybersecurity firm Beijing Integrity Technology, describes the current landscape, according to Cary. The authors of the report, he says, “expect China’s deficit of cybersecurity experts to fall to 370,000 by 2027 — likely seen as a big success since 2017 estimates put the then-deficit at around 1.4 million.” Within the next decade the West can look forward to seeing the results of a mass of well-trained Chinese civil servants working behind computer screens. Their only goal: take down the West’s digital infrastructure. No kinetic warfare is necessary.
Daria Novak served in the U.S. State Dept.
Illustration: Pixabay