Start your day with intelligence. Get The OODA Daily Pulse.

Recently, China’s Cybersecurity Industry Alliance (CCIA) published a report in an effort to further expose the suspected hegemonic practices and “bullying” behavior of the United States in cyberspace.  The report is broken down into six sections based on perceived U.S. behaviors, purportedly drawing its sources from a variety of public and private organizations in an attempt to present an authoritative credibility that paints the United States as the primary obstacle to global cyberspace security.  This report dovetails with a thirteen-section deep-dive written in 2023 in which the CCIA more closely examined alleged U.S. cyber attacks on other countries, essentially trying to show that the United States was guilty of the very same types of activities (e.g., infrastructure attacks, cyber theft, monitoring, cyber weapon development and leakage, etc.) with which it has accused China of being involved.  The timing of this report comes at a time when U.S. intelligence officials like the directors of CISA and the FBI are frequently testifying before Congress on the gravity of the Chinese cyber threat to U.S. interests.

For more than a year, Beijing has elected to use its media to combat such cyber allegations, often raising the United States’ own questionable cyber activities to the international community as proof of hypocrisy and deception and to damage its credibility.  This shift in tactics has elicited the attention of researchers and private sector cybersecurity companies.  Beijing under Xi Jinping has been more aggressive in its public commentary, a move that has separated the three-term president from his recent predecessors.  In fact, it is fairly evident that Beijing has been replicating the United States approach to how it engages China’s cyber activities, using a combination of public and “private” sector reporting to disclose the hostile cyber operations of the United States.  In addition to the CCIA reports, and one from China’s National Computer Virus Emergency Response Center, companies like Qi An Pangu Lab and Qihoo 360 have published similar findings, and even China’s principal intelligence agency, the Ministry of State Security, has published its own report on the matter. 

Critics of these reports will correctly point out a lack of technical evidence to support such claims, and that which is offered is often “old,” citing frequent reference to leaked classified documents (Vault 7 and the Shadow Brokers) and the Snowden revelations as offering nothing new.  However, this would suggest that the West has determined what is acceptable when it comes to accusing governments of cyber malfeasance, which would further underscore China’s assertion that the United States is imposing its values to attain cyber hegemony.  Nevertheless, lack of any substantial technical evidence is a valid argument though it does nothing to detract from the validity of the information, and by extension, what it conveys.  More importantly, the argument does not express why more information is needed to prove the point.  It is quite possible that Beijing does not put forth new information because it does not have it.  Yet this would imply that China’s massive cyber program lacks the capability to detect clandestine cyber operations, or the United States is not conducting them against China.  Perhaps.  Or more likely, Beijing may not see the need to expose its evidence that would expose its own “sources and methods.”  Simply, Beijing may not see the need to do so believing that classified document exposure and whistleblower leaks have given allegations enough bite to the bark.

At this juncture, does anyone assume that any global cyber power is not conducting some level of cyber espionage, surveillance, and monitoring to suit its own interests?  What advantage would Beijing gain by providing additional technical data in the first place?  Since the groundbreaking report on APT-1, there has been a steady delivery of reporting from public and private organizations on the nature of Chinese cyber operations.  Beijing has had the fortune of seeing how their activities are being tracked, monitored, recorded, and attributed.  The same cannot be said for Western understanding of how China may be doing the same on its end.

What’s more is that attribution seems to be less important than it was a decade ago, especially when states seem to be delivering retaliation whether via official assets or nonstate proxies, regardless of “proving” a state culpable of a cyber attack.  Governments do not need to “show their work” to accuse others of digital transgressions, raising the question of the value of doing so in the first place.  Even hunt-forward operations do not mandate that CYBERCOM provide the public technical justification for disrupting an actor somewhere in the process of the attack chain.

There would have to be some tangible benefit to do so, and it looks like Beijing has not found one suitable enough to play that option.  For those stalwart allies who have even been on the receiving end of alleged U.S. surveillance, it is doubtful that new technical evidence would suddenly catalyze them to stop supporting the United States.  For those who believe the United States is a global surveillance state, new technical evidence supporting such a claim doesn’t push the needle with them any farther.  That leaves those governments that have not chosen sides between East and West and are still on the fence.  And this is where the competition for influence plays a substantial role, and why Beijing is so fixed in combating any allegation quickly and publicly.  The United States recently unrolled a new global cybersecurity strategyaimed at trying to blunt the sharpness of Russian and Chinese digital influence in the developing world, an area in which China has had much success.  Beijing knows it cannot be satisfied with letting its economic or technical diplomacy to speak for to win over fence sitters, but must to take the fight to the press with any government accusing China of cyber malfeasance to show itself as equal to its primary competitor.  

And that’s the issue at hand.  There are few that doubt that cyber prowess of either China or the United States, or the fact that both are likely carrying out missions in cyberspace.  However, perhaps Beijing’s gambit is not to show how different the two countries are, but how their activities are actually very similar to one another, with the key division being what’s in their respective national interests.  Like two boxers, Beijing seems content to spar with the United States in the media.  But this fight is not about winning with a knock-out; it’s about winning on points, and while the United States seems to be trying to land a haymaker, China is content with countering with jabs to try and score.

Emilio Iasiello

About the Author

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.