1. Katherine Neal
Intelligence Analytics I
Briefing topic: What long term threats does cyberwar between the U.S. and China pose to U.S.
national security? What countermeasures does the U.S. have in place? What sectors of the
U.S. are the most vulnerable to Chinese cyberattack and what scenarios would prompt specific
types of cyberwar?
Issue Definition:
China has been in the news off and on during the past three years for perpetrating cyberattacks
against the United States. This frequency of appearances in the news media has made China
the most notorious country in the world for cyberattacks.
An article from CNN dated November 2014 is titled “The U.S. government thinks China could
take down the power grid”. In the article, Admiral Michael Rogers, then head of the NSA, is
mentioned saying that malware originating from China was detected on government computers
(CNN, The U.S. government thinks China could take down the power grid). The article also
states that according to experts, “a catastrophic cyber-attack that causes significant loss in life
and financial damage would occur by 2025” (CNN, The U.S. government thinks China could take
down the power grid).
In September 2015, on President Xi Jinping’s first state visit to the U.S., he and President
Obama signed an agreement which stated that due to the high volume of Chinese cyberattacks
against U.S. corporations, purely civilian targets could not be subjected to cyber espionage: “No
more hacking one another’s businesses. Military and political espionage? Fair game. Industry?
Hands off” (Fortune, China’s Cyber Spying on the U.S. has Drastically Changed). Every source
mentioned a report by cybersecurity firm FireEye which said that the sheer volume of Chinese
cyberattacks has decreased, particularly against American businesses. “’Since mid-2014, we
have observed an overall decrease in successful network compromises by China-based groups
against organizations in the U.S. and 25 other countries’ the report notes” (The Diplomat, Are
Chinese Cyberattacks Against US Targets in Decline?). The FireEye report is noted within the
article from The Diplomat as stating that between 2013 and 2016, there were 262 total
successful network compromises perpetrated by 72 suspected Chinese groups, and 182 of
these attacks were against U.S. “critical information infrastructure” (The Diplomat).
Hypothesis
Chinese cyberattacks will continue to increase in sophistication, thus making detection more
difficult. This rise in sophistication will lead to an increase in the number of Chinese
cyberattacks against the U.S.
Analysis
2. This decrease in cyberattacks would seemto be related to the agreement which President
Obama and President Xi signed one year ago. This would explain the “overall decrease” in
attacks. However, according to the New York Times and other sources such as The Diplomat
and The Washington Free Beacon, while the daily volume of attacks has decreased, the Chinese
have by no means ceased cyber operations, nor has the U.S. been able to prevent network
compromises. According to these sources, the attacks only appear to have decreased because
the level of sophistication has drastically increased. “The result is that Chinese hackers are now
acting more like Russian hackers: They pick their targets more carefully, and cover their tracks”
(New York Times, Chinese Curb Cyberattacks on U.S. Interests, Report Finds).
The Chinese seemto have decreased cyberattacks, particularly against private businesses,
which could be because the U.S. threatened China with economic sanctions if the attacks
continued (The Diplomat, Are Chinese Cyberattacks Against U.S. Targets in Decline?), which
would make China the first country to be subjected to economic sanctions due to cyberattacks
(The Diplomat).
However, the threat of sanctions has probably had a very limited effect on Chinese policy. The
FireEye report, as mentioned in the New York Times, states that “…the drop-off began a year
before Mr. Obama and Mr. Xi announced their accord” (New York Times, Chinese Curb
Cyberattacks on U.S. Interests, Report Finds). This decrease in the daily number of cyberattacks,
according to FireEye, was simultaneous with a “…stunningly swift crackdown on the Chinese
media, bloggers and others who could challenge the Communist Party” (New York Times,
Chinese Curb Cyberattacks on U.S. Interests, Report Finds). It is possible that the Chinese
appear to be complying with U.S. wishes, while really using the threat of sanctions as an excuse
to crack down on possible dissenters among its citizens.
National Security Implications
The Chinese have been aggressive in conducting cyberattacks against the U.S. for the past
several years. The U.S. wants to end the cyberattacks, particularly against U.S. businesses,
which are the most vulnerable to attack. The Intelligence Community is always on the alert for
system compromises, but overall, the U.S. has a general “deterrence deficit” (New York Times,
Cyberthreat Posed by China and Iran Confounds White House). This is due to the relative
newness of computer hacking as a threat, and the lack of any treaties regulating cyberspace. As
of right now, there are no real countermeasures in place. “…How do you contain a rising power
that has discovered the benefits of an anonymous, havoc-creating weapon that can also yield
vast troves of secret data?” (New York Times, Cyberthreat Posed by China and Iran Confounds
White House). Thus far, the U.S. has generally operated on the defensive: stopping a network
compromise from being successful.
The U.S. should be concerned about a cyberwar if the U.S. and China are in any serious dispute
and the International Community sides with the U.S. This is so because when the Permanent
Court of Arbitrations unanimously sided with the Philippines over the issue of the South China
Sea, China threw a “massive digital tantrum” (The Diplomat, China’s Secret Weapon in the
3. South China Sea: Cyberattacks) in the form of a distributed denial of service (DDoS) attack.
Several key Philippine government websites were disabled in the attack. If the U.S. was named
the winner in a dispute, China may feel that it can conduct the same type of attack against the
U.S., but against the private sector rather than the government: e.g., the power grid.
Forecast
Although overall the number of attacks has decreased, China has no incentive whatsoever to
cease cyberattacks completely. The attacks will continue over the next few weeks—especially
since there are no formalized rules for cyberespionage. The Chinese will likely stay away from
conducting espionage on U.S. private industry as much, but the state doesn’t have complete
control over all hackers. The threat of sanctions against China will likely only play a marginal
role in influencing its behavior.
4. Works Cited
Crawford, Jamie. “The U.S. government thinks China could take down the power grid”. CNN
Politics. November 21, 2014. www.cnn.com/2014/11/20/politics/nsa-china-power-grid/.
Gady, Franz-Stefan. “Are Chinese Cyberattacks Against US Targets in Decline?”. The Diplomat.
June 22, 2016. www.thediplomat.com/2016/06/are-chinese-cyberattacks-against-us-
targets-in-decline/.
Gertz, Bill. “China Continuing Cyber Attacks on U.S. Networks”. The Washington Free Beacon.
March 18, 2016. www.freebeacon.com/national-security/china-continuing-cyber-
attacks-on-u-s-networks/.
Hackett, Robert. “China’s Cyber Spying on the U.S. Has Drastically Changed”. Fortune. June 25,
2016. www.fortune.com/2016/06/25/fireeye-mandia-china-hackers/.
Piipannen, Anni. “China’s Secret Weapon in the South China Sea: Cyber Attacks”. July 22, 2016.
The Diplomat. www.thediplomat.com/2016/07/chinas-secret-weapon-in-the-south-
china-sea-cyber-attacks/.
Sanger, David. “Cyberthreat Posed by China and Iran Confounds White House”. The New York
Times. September 15, 2015. www.nytimes.com/2015/09/16/world/asia/cyberthreat-
posed-by-china-and-iran-confounds-white-house.html.
Sanger, David. “Chinese Curb Cyberattacks on U.S. Interests, Report Finds”. The New York
Times. June 20, 2016. www.nytimes.com/2016/06/21/us/politics/china-us-cyber-
spying.html?_r=0.
Windrem, Robert. “Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets”. NBC
News. July 30, 2015. www.nbcnews.com/news/us-news/exclusive-secret-nsa-map-
shows-china-cyber-attacks-us-targets-n401211.