61Shackelford & Bohm - Securing North American Critical Infra
Katherine Neal_Written Brief 2
1. Katherine Neal
Intelligence Analytics I
Briefing topic: What long term threats does cyberwar between the U.S. and China pose to
U.S. national security? What countermeasures does the U.S. have in place? What sectors of the
U.S. are the most vulnerable to Chinese cyberattack and what scenarios would prompt specific
types of cyberwar?
Issue Definition:
China is one of the largest perpetrators of cyberattacks against the United States. This frequency
of attacks has made China one of the biggest threats to U.S. cyber security for the foreseeable
future.
In 2014, Admiral Michael Rogers, then head of the NSA, said that malware originating from
China was detected on government computers.1 According to experts, “a catastrophic cyber-
attack that causes significant loss in life and financial damage [will] occur by 2025”.2
In September 2015, President Xi Jinping and President Obama signed an agreement which stated
that due to the high volume of Chinese cyberattacks against U.S. corporations, purely civilian
targets could not be subjected to cyber espionage: “No more hacking one another’s businesses.
Military and political espionage? Fair game. Industry? Hands off”.3 All evidence pointed to a
report by cybersecurity firm FireEye which said that the sheer volume of Chinese cyberattacks
has decreased, particularly against American businesses. “’Since mid-2014, we have observed
an overall decrease in successful network compromises by China-based groups against
organizations in the U.S. and 25 other countries’ the report notes”.4 Evidence stated that in the
report, between 2013 and 2016 there were 262 total successful network compromises perpetrated
by 72 suspected Chinese groups, and 182 of these attacks were against U.S. “critical information
infrastructure”.5
Since the agreement, the number of attacks has decreased significantly. The sharpest decline has
occurred in the past two to three months.
Hypothesis:
Frequency of attacks will remain low in frequency in the short term, but will increase in the long
term.
Analysis:
This decrease in cyberattacks would seem to be related to the agreement which President Obama
and President Xi signed one year ago. This would explain the “overall decrease” in attacks.
However, evidence suggests that while the daily volume of attacks has decreased, the Chinese
have by no means ceased cyber operations, nor has the U.S. been able to prevent network
compromises.
2. It is also possible that the sharp decrease of the past several months is due to the complete
restructuring of the People’s Liberation Army (PLA). The PLA is moving from a system of
seven military zones to five.[6][7][8][9] This has resulted in the massive movements of thousands
of troops in all branches of the military. This has likely had a significant impact on cyber
operations.
The Chinese seem to have decreased cyberattacks, particularly against private businesses. This
could be because the U.S. threatened China with economic sanctions if the attacks continued10.
If such sanctions were to be used, China the first country to be subjected to economic sanctions
due to cyberattacks.11
However, the threat of sanctions has likely had a very limited effect on Chinese policy. The
evidence states that “…the drop-off began a year before Mr. Obama and Mr. Xi announced their
accord”.12 This decrease was reportedly simultaneous with a “…stunningly swift crackdown on
the Chinese media, bloggers and others who could challenge the Communist Party”.13 It is
possible that the Chinese is complying with U.S. wishes, but also using the threat of sanctions as
an excuse to crack down on possible dissenters. China is likely complying because it is
expedient to do so.
NationalSecurity Implications:
The Chinese have been aggressive in conducting cyberattacks against the U.S. for the past
several years. The U.S. wants to end the cyberattacks, particularly against U.S. businesses,
which are the most vulnerable to attack. The Intelligence Community is always on the alert for
system compromises, but overall, the U.S. has a general “deterrence deficit”.14 This is due to
the relative newness of computer hacking as a threat, and the lack of any treaties regulating
cyberspace. Thus far, the U.S. has generally operated on the defensive: stopping a network
compromise from being successful.
As far as defense, the U.S. has mainly relied on information sharing between agencies and
private industries. Government agencies are also attempting to strengthen security by
conducting cyber operations to “deter and if necessary defeat aggression in cyberspace”.15
Evidence from the DoD suggests that they will be almost constantly assessing and reassessing
network capabilities and searching for vulnerabilities. The theory seems to be that if we can find
the vulnerabilities in our systems before an outside actor, Chinese or otherwise, we can resolve it
and keep hackers out.
The U.S. should be concerned about a cyberwar if the U.S. and China are in any serious dispute
and the International Community sides with the U.S. If the U.S. was named the winner, China
would likely retaliate with a massive cyber-attack. The point of contention would likely be over
sovereignty. This is because in the past China has attacked those it believes threaten domestic
stability or regime legitimacy.16
Forecast:
3. Although overall the number of attacks has decreased, China has no incentive whatsoever to
cease cyberattacks completely. The attacks will continue over the next few weeks—especially
since there are no formalized rules for cyberespionage. However, most likely due to the huge
reshuffling of the PLA, the number will remain relatively small. There is also a high likelihood
that this is also due in part to the Sino-U.S. Anti-Hacking Agreement. The Chinese will likely
stay almost completely away from conducting cyber espionage on U.S. private industry, but the
state doesn’t have complete control over all hackers. The threat of sanctions against China will
likely only play a marginal role in influencing its behavior.
4. Endnotes
[1][2] Crawford, Jamie. “The U.S. government thinks China could take down the power grid”.
CNN Politics. November 21, 2014. www.cnn.com/2014/11/20/politics/nsa-china-power-
grid/.
[3] Hackett, Robert. “China’s Cyber Spying on the U.S. Has Drastically Changed”. Fortune. June
25, 2016. www.fortune.com/2016/06/25/fireeye-mandia-china-hackers/. Background.
[4][5][10] Gady, Franz-Stefan. “Are Chinese Cyberattacks Against US Targets in Decline?”. The
Diplomat. June 22, 2016. www.thediplomat.com/2016/06/are-chinese-cyberattacks-
against-us-targets-in-decline/. Background.
[6] Bur, Jessie. “Chinese Cyberattacks on the U.S. are Way Down, and Here’s Why”. September
7, 2016. MeriTalk. https://www.meritalk.com/articles/chinese-cyberattacks-on-the-u-s-are-way-
down-and-heres-why/. October 7, 2016. Analysis.
[7] Deluca, Matthew; Windrem, Robert. “Are Chinese Hackers Slowing Down Their Cyber
Attacks on the U.S.?”. NBC News. July 3, 2016. http://www.nbcnews.com/tech/tech-
news/are-chinese-hackers-slowing-down-their-cyber-attacks-u-s-n601961. October 7, 2016.
Analysis.
[8] Page, Jeremy. “President Xi Jinping’s Most Dangerous Venture Yet: Remaking China’s
Military”. The Wall Street Journal. April 24, 2016. http://www.wsj.com/articles/president-xi-
jinpings-most-dangerous-venture-yet-remaking-chinas-military-1461608795. October 7, 2016.
Analysis.
[9] “For the Chinese Military, a Modern Command System”. Stratfor Enterprises, LLC. February
16, 2016. https://www.stratfor.com/analysis/chinese-military-modern-command-system. October
7, 2016. Visualization/Graphic.
[12][13] Sanger, David. “Chinese Curb Cyberattacks on U.S. Interests, Report Finds”. The New
York Times. June 20, 2016. www.nytimes.com/2016/06/21/us/politics/china-us-cyber-
spying.html?_r=0. Analysis.
[14] Sanger, David. “Cyberthreat Posed by China and Iran Confounds White House”. The New
York Times. September 15, 2015. www.nytimes.com/2015/09/16/world/asia/cyberthreat-
posed-by-china-and-iran-confounds-white-house.html. National Security.
[15] The Department of Defense Cyber Strategy. April 2015.
http://www.defense.gov/Portals/1/features/2015/0415_cyber-
strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf. October 7, 2016.
National Security.
[16] Gady, Franz-Stefan. “Top US Spy Chief: China Still Successful in Cyber Espionage Against
US”. The Diplomat. February 16, 2016. http://thediplomat.com/2016/02/top-us-spy-
5. chief-china-still-successful-in-cyber-espionage-against-us/. October 7, 2016. National
Security.
Gertz, Bill. “China Continuing Cyber Attacks on U.S. Networks”. The Washington Free Beacon.
March 18, 2016. www.freebeacon.com/national-security/china-continuing-cyber-attacks-
on-u-s-networks/. Background.