Chinese State Sponsored Hacking: It’s Time To Reach an Effective and Lasting Bilateral Agreement on Cyberwarfare

For the past several years, China has denied any role in the exploitation of U.S. networks.Yet mounting evidence suggests China is involved in widespread hacking activity. In many cases, the sources of these attacks are difficult to trace, and therefore challenging to deter under current U.S.-Chinese cyber agreements.

Both states signed a no-first-use agreement back in 2015, and some have argued the Chinese Communist Party’s control over hackers inside its own country is quite minimal. Given this, China’s claim that such attacks occur without the express guidance and sanction of central authority seems at least plausible.

Yet the 2015 agreement required and achieved a significant level of cooperation between the US and China, and proves that the two countries are capable of engaging in productive discussions on cyber warfare. It is also in their mutual benefit to do so. The spirit of that agreement, if it can be revived, could allow both countries to commit to the effective limitation of cyber attacks, rogue or otherwise.

The Scale Of Chinese Cyber Warfare

"Cyber theft of commercial secrets and hacking attacks against government networks are both illegal; such acts are criminal offenses and should be punished according to law and relevant international conventions," Chinese president Xi Jinping told the Wall Street Journal.

Chinese President Xi Jinping speaks during a news conference in the Great Hall of the People in Beijing November 12, 2014. (Kevin Lamarque/Reuters)

Despite these assurances, however, we have the following: "The Chinese government appears to believe that it has more to gain than to lose from its cyber espionage and attack campaign. So far, it has acquired valuable technology, trade secrets, and intelligence,” according to a 2015 report from the U.S.-China Economic and Security Review Commission. “The costs imposed have been minimal compared to the perceived benefit. The campaign is likely to continue and may well escalate,” the report concludes.

The U.S. has accused China of accessing the networks of commercial, research, industrial, and military organizations. In 2007, the U.S.-China Economic and Security Review Commission told Congress, China is “the single greatest risk to the security of American technologies.” There is no shortage of evidence for the threat China poses in this regard. In the last few years, the following cyber incidents occurred and were traced back to China:

  • In 2010, Google reported it had been targeted by attacks originating in China. At least 34 other companies have reported cyber espionage originating from China.

  • In 2014, the Senate Armed Services Committee found Chinese hackers had accessed the networks of U.S. technology companies and airlines involved in the transportation of military troops and equipment.

  • In 2015, the U.S. Office of Personnel Management reported a breach of its records affecting 21.5 million people.

Alternatively, China has accused the U.S. of hacking its networks, which the U.S. denies. According to documents leaked by Edward Snowden, the U.S. National Security Agency has been committing cyber espionage against Chinese businesses, politicians and universities since 2009.

Plausible Deniability

Western nations have frequently accused China of aggressive cyber attacks, but although these attacks can be traced to computers in China, it is difficult to prove they are state-sponsored. Chinese Information Operations and Information Warfare contains the idea of “network warfare.” Though the relationship of this concept to the West’s understanding of “cyber warfare” is complex, there are many similarities between the two ideas, and, as The Jamestown Foundation notes, “network warfare” basically means cyber warfare. According to Foreign Policy magazine, China may have an army of hackers composed of 50,000 to 100,000 soldiers.

Chinese cyber operations and training (Digital Trends)

China divides its cyber resources into three main categories:

  1. “Specialized military network forces”: units of the military branch that carry out attacks and defense

  2. “People’s Liberation Army (PLA)-authorized forces”: cyber warfare specialists, including the Ministry of Public Security and the Ministry of State Security

  3. “Non-governmental forces”: civilians who carry out attacks and defense

Because many hackers fall into the last category, deterring them becomes difficult. As James Mulvenon, a Washington-based specialist on the Chinese military, told Time, “It's a serious problem that at the moment we don't have a solution to, because our inability to attribute the source of the attack fundamentally undermines our efforts at deterrence. If you can't identify the attacker, you can't deter them." 

An Example: Naikon

Nevertheless, some attacks originating with the Chinese military itself have been traced. According to research from defense firms ThreatConnect and Defense Group, China’s People’s Liberation Army Unit 78020 has been directly connected with a hacking operation called Naikon. Naikon has allegedly attacked networks associated with U.S. allies and commercial competitors of China. Some of these targets include Thailand, Singapore, the Philippines, Malaysia, Indonesia, and Cambodia. These attacks aimed to mine geopolitical intelligence from high-level government and corporate employees, according to Kapersky Labs.

In 2015, the Wall Street Journal reported the focus of Unit 78020 is the South China Sea, which is rich in resources, contains disputed territory, and over which the Chinese government recently asserted territorial claims. The U.S. has many military and commercial allies in this region, and a vested interest in protecting the trillions  of dollars in trade transiting the region each year. In this context, the aggressive intelligence gathering by the Chinese is of obvious concern.

Some of the major trade routes crossing the disputed area in the south Chinese sea. (Peace Options)

Rogue Attacks

China and the U.S. are supposed to be following a 2015 No First Use policy, meaning neither country will be the first to target the other in cyberspace.This agreement does not, however,  prevent breaches of industry or personal information. According to former U.S. Director of National Intelligence, James Clapper, intelligence gathering is not considered an attack unless data is destroyed. In other words, it is not illegal to collect intelligence—in fact, the U.S. openly admits to doing the same thing.

President Xi maintains his stance that the Chinese government is not involved in alleged attacks, saying “The Chinese government will not engage in commercial theft or encourage or support such theft by anyone.” In light of recent events, however, these statements don’t sound very convincing. The problem is existing agreements on cyber warfare are only enforceable if attacks are traceable to military infrastructure, and this makes them almost useless in the face of anonymous attacks the Chinese government can plausibly deny.

It is possible,  given the economic gains that can be achieved through cyber attacks, that some of the recent attacks occurred outside the control of the Chinese government. Further, these rogue cyber attacks threaten the financial stability of both the U.S. and China.

The Need For Further Agreement

It was the mutual realization that financial stability was at stake that led to the 2015 agreement, in which both countries recognized a mutual interest in limiting cyber attacks. The bilateral spirit of this agreement must now be rejuvenated. The Carnegie Endowment for International Peace and others have called upon states to “explicitly commit not to engage in offensive cyber operations that could undermine financial stability, namely manipulating the integrity of data of financial institutions, and to cooperate when such incidents occur.”

It remains to be seen whether or not the current administration’s approach to  China will bring further progress in terms of limiting cyber attacks. As Captain Adam Greer, writing for The Diplomat, notes, “The current administrations now have an opportunity to leverage continuing dialogue to strengthen, expand, or even redirect the agreement onto pressing and perhaps more tractable matters—the protection of global financial data.”

Ultimately, extending the terms of the 2015 agreement to explicitly ban attacks, to encourage co-operation in hardening financial institutions against them, and perhaps even mandate bi-lateral responses should they occur, would be in the mutual interest of both the U.S. and China.


Sam Bocetta is a retired engineer who worked for over 35 years as an engineer specializing in electronic warfare and advanced computer systems. Past projects include development of EWTR systems, Antifragile EW project and development of Chaff countermeasures. Sam now writes for Gun News Daily as an independent correspondent, and works as a part-time cybersecurity coordinator at AssignYourWriter.


Have a response or an idea for your own article? Follow the logo below, and you too can contribute to The Bridge:

Enjoy what you just read? Please help spread the word to new readers by sharing it on social media.


Header Image: Financial Times