CSS Analyses in Security Policy CSS ETH Zurich N0. 224, April 2018, Editor: Christian Nünlist Cybersecurity in Sino-American Relations Cyberspace and cyberespionage represent a source of disagreements and tensions between the US and China. Nevertheless, in 2015, the two powers managed to find an agreement on cybersecurity to stabilize their relationship and reduce risks of misperceptions in cyberspace. By Marie Baezner The relationship between China and the US follows the dynamic of competitive in- teractions between great powers. The two states are in competition militarily, politi- cally, and economically. This relationship has evolved and changed over the years. The China policy of the new US adminis- tration has a more narrow focus than that of its predecessor. President Donald Trump’s administration also lacks an over- arching strategy in dealing with issues re- lated to China. This relationship continues to be regularly punctuated with provoca- tions in the physical world (Chinese terri- torial claims in the South and East China Seas that threaten US allies and partners in the regions) and in cyberspace (cyberespio- nage campaigns). Over the last two decades, the tensions be- The building of the military hacker unit «61398» in Shanghai. Carlos Barria / Reuters tween the two powers have specifically grown over the following issues of cyberse- curity: China and the US have conducted cyberespionage against one another (see list); China’s growing military and cyber Cyberespionage Campaigns tions, the military, information technology capabilities are used in the establishment of The first cyberespionage campaign in the firms, telecommunications, the energy sec- Anti-Access/Area Denial zones; and Chi- US attributed to a Chinese state actor was tor, journalists, and activists. Sensitive in- na disagrees with the US model of internet discovered in 2004 and had targeted the formation and intellectual property were governance. To reduce growing tensions, US Department of Defense and defense stolen. A 2014 report estimated the eco- both states agreed to a binding bilateral ac- contractors. To date, a least 14 cyberespio- nomic loss through stolen intellectual cord on cybersecurity in September 2015, nage campaigns in the US have been at- property to the US economy at US$250 in which they pledge not to commit or sup- tributed to Chinese state actors. In these billion per year. This amount needs to be port economic cyberespionage. campaigns, the targets were state institu- put into perspective, as it does not include © 2018 Center for Security Studies (CSS), ETH Zurich 1 CSS Analyses in Security Policy No. 224, April 2018 Cyberespionage Campaigns The 2015 Agreement Office of Personnel Management had been hacked, the US also warned Chinese au- 2003–2006: Titan Rain – China spying on US 1. Respond to requests for information and thorities that it was considering retaliation military and US institutions. assistance for malicious cyber activities. through economic sanctions and diplomat- 2006–2010:Shady RAT (spying by China). 2. Investigate cybercrime emanating from the ic measures. However, after the revelations signatories’ respective territories. 2007–2009:GhostNet – China spying on of Edward Snowden in 2013, the credibil- Tibetan missions and NGOs. 3. Exchange information on the status of the aforementioned investigations. ity and legitimacy of US actions in cyber- 2008–2014:Hikit – China spying on space were severely diminished among journalists, IT firms, academics, and 4. Refrain from conducting or supporting government institutions worldwide. cyberespionage for economic purposes and both its allies and its competitors. The dis- 2008–2011:Byzantine series – China spying theft of intellectual property. closures added tensions to the relationship on US institutions. 5. Make efforts to identify and promote between China and the US, but mostly cre- 2009–2011:Night Dragons – China spying international norms of state behavior in ated an opportunity to settle the issue of on US critical infrastructure. cyberspace. cybersecurity by exposing both states’ prac- 2009–2010:Operation Aurora – China 6. Create a high-level joint dialog mechanism tices. spying on Google, Adobe, and other IT firms. on fighting cybercrime and related issues. 2009–(believed to be ongoing): NSA 7. Create a hotline to discuss issues related to The solution to decrease this pressure was fourth-party collection – USA spying on cyber activities. found in the development of a bilateral Chinese hackers targeting the US Depart- agreement to initiate confidence-building ment of Defense. measures in cyberspace. In the 2015 Agree- 2010–2014:Operation Shotgiant – USA spying on Huawei. ment, both states agreed to not commit or support economic cyberespionage. The ac- 2011–2013:Operation Beebus – China spying on contractors of the US Department of tect its population and territory from for- cord also included regular meetings be- Defense. eign threats. The US authorities claimed tween representatives of both states’ secu- 2013–2015:Operation Iron Tiger – China that its cyberespionage campaigns were rity agencies to exchange information on spying on US and Asian IT, telecommunica- only about national security and did not cybercrime, and the creation of a hotline to tion, and energy companies. serve any economic purposes. On the other communicate directly on cybersecurity is- 2014–2015:Chinese campaign spying on the hand, the Chinese government denied per- sues (see list). The agreement was consid- US Office of Personnel Management. petrating any cyberespionage. This dis- ered a good step towards the development agreement increased mistrust between the of cooperation between the US and China two powers and the risk of misinterpreting over cybersecurity issues. It was hoped that activities in cyberspace as acts of war. more cooperation on these issues would re- duce the risks of misperceptions (perceiv- At the same time, groups affiliated with the ing a cyberattack as an act of war) and es- damage to the firms’ reputation, the loss in Chinese People’s Liberation Army (PLA) calation (tensions boiling over into a comparative advantages, and investment in perpetrated a large number of cyberespio- conventional war) in cyberspace. The agree- cybersecurity to stop the intrusions. It is nage campaigns. The theft of intellectual ment was seen as a victory for the US, also possible that more companies were af- property enabled the PLA to develop tech- which persuaded the Chinese government fected by Chinese state actors, but did not nologies without having to invest in re- to agree to the distinction between eco- report the intrusions out of fear for their search, but it seems that the PLA had dif- nomic and national security cyberespio- reputation. ficulties to transform the stolen information nage. The Chinese authorities also per- into competitive advantages. This was ex- ceived the agreement positively as they had In 2013, Edward Snowden revealed the US plained by the organizational structure of asked for more cooperation on cybercrime mass internet surveillance program and the PLA, which supposedly prevented the for years. Chinese individuals and firms shed light on the US cyberespionage cam- Chinese military from converting the sto- were regularly targeted by cybercriminals, paigns against China. It showed that the len information. The PLA was overloaded and Chinese authorities complained that US had spied on Chinese information with intellectual property information Western countries were reluctant to col- technology firms, banks, and leaders of the coming from cyberespionage campaigns, laborate in investigations. Communist Party of China. The lack of which could not be used efficiently because data makes it difficult to evaluate the eco- of a strongly compartmentalized bureau- After the Agreement nomic losses caused by US cyberespionage cracy. The fact that technology was con- Since the 2015 agreement, US cybersecu- in China and to assess whether the US still stantly becoming more complex also made rity experts have noticed that the number conducts such campaigns. it more difficult for the PLA to perfectly of cyberattacks originating from Chinese imitate and replicate it. state actors against US economic targets The disagreement between the two powers has significantly decreased. However, they over cyberespionage mainly related to the The 2015 Agreement also observed that attacks from other coun- nature of the campaigns. US authorities The US tried to take a tougher stance tries increased. They advance four hypoth- make a distinction between cyberespionage against Chinese cyberespionage cam- eses to explain this shift. First, they thought for national security concerns and cyberes- paigns. In May 2014, the US indicted five that the 2015 agreement might have forced pionage for economic purposes. The former members of the PLA to show that it would Chinese hackers to use proxies in other is internationally tolerated, but the latter is not let cyberattacks against its firms go un- countries to target victims in the US. Sec- not. Intelligence for national security, as punished. This was mostly a symbolic ond, US experts argued that the agreement opposed to economic reasons, is judged as move, as the five officers stayed in China could have pushed Chinese state actors to being part of a state’s responsibility to pro- and were thus never jailed. After the US become more sophisticated and more dif- © 2018 Center for Security Studies (CSS), ETH Zurich 2 CSS Analyses in Security Policy