Estimating China's cyber strategy

## Chinese cyber offensive is reckless On 2021-07-19, in what it says is unprecedented, the United States -- along with the European Union, United Kingdom and NATO -- have [exposed and criticised](https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/) China for carrying out malicious cyber activities across the world. The most flagrant of these attacks were those carried out against over tens of thousands of Microsoft Exchange servers in 2021-03 by a group designated as Hafnium that has been traced back to the Chinese Ministry for State Security. The pattern of the attack has been called the ["pillaging everything" model](https://www.lawfareblog.com/microsoft-exchange-hack-and-great-email-robbery) that not only indiscrimately compromised all the Exchange servers the attackers could their hands on worldwide, but also left backdoors in all of them that could be exploited by other hackers and cyber criminals. China's MSS is using non-state cyber actors who engage in criminal activities like ransomware and stealing cybercurrencies even as they engage in industrial espionage, intelligence gathering and disruption. Andy Greenberg has [a good explanation](https://www.wired.com/story/china-hacking-reckless-new-phase/) in Wired. Earlier Dmitri Alperovitch & Ian Ward [pointed out](https://www.lawfareblog.com/how-should-us-respond-solarwinds-and-microsoft-exchange-hacks) that while Russian hackers are carrying out cyber attacks within norms, the Chinese are wrecking it. ## My thoughts - The Western position is significant because it puts the weight of several governments behind the attribution of the attacks ultimately to China's Ministry of State Security. The 'non-state actors are responsible' storyline has been thrown into the dustbin. - Why would China adopt a destructive pillaging model? Either because it doesn't want to use cyberspace (not at all likely) or because it wants to reshape the rules. - Inferring higher-level policy from the Chinese hackers' actions, it appears that ==Beijing is using cyber offensives to destabilise international order==. This is consistent with its overall grand strategy of undermining the extant world order that it sees as installed by and favouring the United States and the West. - The current pattern of cyber attacks has three effects: - the specific effect on the chosen target (disruption or espionage) - financial gains for cyber operators (from theft of money, assets, data etc) - undermining of international norms (informal and formal) governing cyberspace and cyberconflict. - Alperovitch and Ward are right: the cyber threat from China must be viewed differently than the one from Russia and other actors. That China ranks lower in cyber capabilities in [[IISS Report on Cyber Capabilities and National Power]] matters less if Beijing's strategy is to make cyberspace unreliable. - Like in other contexts, China's strategy is made out to be astute and inscrutable. While wrecking current order seems to be a good way to weaken US power, Beijing is underestimating the cost to itself. I suspect Cipolla's [[Laws of Stupidity]] are as useful to assess the strategic acumen of China's leaders as are Sun Tzu's Art of War and suchlike. - For the moment, it's important to understand what Beijing is doing and respond accordingly. ## Colophon Status: [[Bean]] Posted: [[2021-07-20]]