20 March 2015

China (Finally) Admits to Hacking

March 18, 2015

An updated military document for the first time admits that the Chinese government sponsors offensive cyber units. 

China’s military has finally pulled back the curtain on its cyber strategy, admitting for the first time that it (like countries around the world) has cyber units set up not only for defense, but for attack.

Officially, China’s line has always been that its government does not sponsor any form of hacking. Those denials rang hollow to foreign experts, however, who pointed both to evidence of Chinese cyberattacks and to the sheer folly of a country of China’s size and global importance not including cyberespionage in its intelligence-gathering arsenal.

Now Beijing may finally be ready to drop the charade. The updated edition of The Science of Military Strategy,an authoritative analysis of China’s military thinking, includes references to China’s cyber-warfare units. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” Joe McReynolds of the Center for Intelligence Research and Analysis told The Daily Beast. “[T]hey’ve come out and said, ‘Yes, we do in fact have network attack forces, and we have teams on both the military and civilian-government sides.’”

The Science of Military Strategy, published in Chinese in 2001 (and translated into English in 2007) is a staple reference not only for Western scholars but for senior PLA strategists and decision makers, explains Andrew Erickson, an expert on Chinese military affairs at the U.S. Naval War College. The updated edition was published in Chinese in December 2013 but only recently became available to foreign analysts. China is well aware that the book is widely studied by foreign experts as well as Chinese military thinkers, meaning the reference to cyber-attack forces was likely a carefully considered decision.

McReynolds said China has dedicated cyber units operating in both the military and the civilian sphere. Within the PLA, China has “specialized military network warfare forces” for carrying out both offensive and defense cyber operations. China also has cyber specialists within civilian organizations, including the Ministry of State Security and the Ministry of Public Security, “authorized by the military to carry out network warfare operations.”

China has previously acknowledged that its military employs cyber experts – for example, a story about a 30-person “Blue Army” of PLA cyber-specialists made headlines in 2011. However, China continued to insist that its cyber capabilities were 100 percent focused on defending Chinese networks, rather than probing foreign systems for information or weaknesses. “The Blue Army’s main target is self-defense. We won’t initiate an attack on anyone,” a senior PLA official insisted when news of the unit’s existence broke.

Foreign Ministry and Defense Ministry spokespeople have likewise consistently and categorically denied that the Chinese government sponsors hacking activities of any kind. Now that The Science of Military Strategy has stated otherwise, “[t]hey can’t make that claim anymore,” McReynolds said.

The news that China does, in fact, have units of cyber spies won’t be “earth-shattering” to foreign experts, James Lewis, an expert on China’s cyber strategies at the Center for Strategic and International Studies, told The Daily Beast (see here for more from Lewis on China’s cyber activities). However, the new openness on the part of the PLA could have long-lasting implications if it does turn out to be part of a policy shift.

The U.S. government has been seeking to entice more PLA transparency on cyber issues by openly explaining its own cyber-strategy. Those overtures hadn’t paid off – China continued to block any real discussion by denying it partakes in any cyber-espionage activities. The acknowledgement of offensive cyber units in The Science of Military Strategy may mean that Beijing is increasing cyber transparency, which could pave the way for discussions on the issue.

No comments: