China’s cyberspace operations were once considered “sloppy,” but its online capabilities have grown rapidly over the past decade into a dangerous threat regarded as equal to U.S. military digital skills, a congressional report warns.
Under Chinese President Xi Jinping, China’s military and government-reorganized agencies now boast sophisticated cyberwarfare tools and powerful espionage that the U.S. says have been used to steal trillions of dollars in proprietary and secret information.
“China has engaged in a massive buildup of its cyber capabilities over the past decade and poses a formidable threat to the United States in cyberspace today,” the bipartisan report by the U.S.-China Economic and Security Review Commission said last week.
Tens of thousands of Chinese military hackers are preparing for war against the United States. The report said China has 10 times more troops devoted to offensive cyberattacks than does U.S. Cyber Command.
“As a result of these long-running efforts, China’s activities in cyberspace are now more stealthy, agile, and dangerous to the United States than they were in the past,” the 785-page report concludes.
The commission report provides the government’s most detailed public assessment to date of China’s cyberspace operations, policies and actors. A key finding is that China is devoting greater numbers of people and resources to operations as part of a plan announced by Mr. Xi for China to become a “cyber superpower.”
The People’s Liberation Army employs as many as 60,000 troops to support cyberwarfare missions, “dwarfing the number of cyber operators associated with U.S. Cyber Command’s Cyber Mission Force by a factor of 10,” the report said.
The number of Ministry of State Security cyberspace personnel is not known, but civilian militia groups that work with the PLA and the Ministry of State Security estimate that it’s in the “thousands or tens of thousands,” the report said.
Beijing also is applying more of its cyberspace forces to prepare for offensive attacks than Cyber Command. The researchers for the congressionally chartered panel found that 18.2% of the PLA army’s Strategic Support Force focuses on offensive operations. Just 2.8% of U.S. Cyber Command units are devoted to offensive cyberwarfare operations.
The Pentagon is working to bolster its cyberwarfare capabilities but “is limited by manpower and resources,” the report said.
Cyber Command plans “persistent engagement” that would impose costs on China for malicious cyberactivity, contest its cyber forces in wartime, and disrupt cyber intrusions into U.S. and allied networks in peacetime, the report said.
However, experts told the commission that the PLA’s 10-1 advantage in cyberwarfare personnel “could give the PLA an edge over U.S. cyber forces if a surge in malicious Chinese cyber activity overwhelms limited U.S. personnel,” the report said.
Even as Beijing bulks up, U.S. defenses against Chinese cyberattacks, both in government and the private sector, are fragmented, and agencies have struggled to improve security. Military networks also are vulnerable to Chinese attacks because each service has its own systems and defenses.
Slightly more than half of the military’s 133 Cyber Mission Force teams are devoted to defending Pentagon networks, the report said.
“China’s formidable cyber capabilities call into question the U.S. government’s preparedness to protect its networks from a major Chinese cyberattack,” the report said.
Critical U.S. infrastructure systems are also vulnerable to Chinese cyberattacks. Most infrastructure is owned by private companies, and the government’s ability to defend electrical grids and communications, financial and other online networks is limited to sharing information on potential threats.
“To prevail in the long-term competition with China, policymakers must find ways to impose greater costs for malicious cyber activity and strengthen domestic cyber defenses while upholding the liberal values the United States has historically championed,” the report concludes.
Regarding cyberspying, the report said Chinese theft of sensitive data and technology has already weakened the United States. China’s intelligence services are using millions of records of Americans pilfered electronically from U.S. databases to target U.S. officials and others for blackmail and recruitment as spies.
In perhaps the most notable incident, Chinese hackers obtained access to an estimated 22 million records from the federal Office of Personnel Management in 2015 and hacked travel and financial data on millions more from the hotel company Marriott and from Equifax, the report said.
The Ministry of State Security, China’s lead civilian intelligence service, is now in charge of cyberespionage and has retooled its cyberattack capabilities. It is now the world leader in identifying software vulnerabilities — a key offensive tool to gain remote access to computer networks for sabotage or data theft.
“Sophisticated Chinese cyber-espionage campaigns in recent years have compromised greater numbers of sensitive targets within the U.S. government and the private sector than ever before, raising questions about [China’s] insight into U.S. vulnerabilities that could be exploited for coercion or disruption during a crisis or a war,” the report said.
The Ministry of State Security exploits software vulnerabilities known as “n-days” and “zero days” that are discovered by thousands of researchers and militia teams devoted to finding the flaws. According to the report, China used more zero-day attacks than any other nation from 2012 to 2021.
One flaw allowed the ministry to break into iPhones to spy on minority Uyghurs in western China, where the central government’s repressive policies have been widely criticized.
Last year, Microsoft revealed that a zero-day flaw in its Exchange email software gave hackers access to as many 280,000 computer networks, including at least 30,000 in the United States. Targets included municipal governments, small businesses, health care providers and manufacturers.
China’s People’s Liberation Army also has set up the Strategic Support Force, a unit that blends cyber, information, psychological and electronic warfare forces into a single military branch.
“The Strategic Support Force is at the forefront of China’s strategic cyberwarfare operations and plans to target both U.S. military assets and critical infrastructure in a crisis or in wartime,” the report said.
The U.S. is not the only target of China’s beefed-up cyberspace abilities. Networks in Taiwan and the electrical grid in India have experienced critical infrastructure attacks in recent months.
China greatly enhanced its cyberwarfare power after officials in Beijing observed how U.S. military operations in the 2003 invasion of Iraq relied extensively on information technology. That led to the PLA’s drive for “informatization” weaponry and capabilities.
Information warfare in a future conflict will be built on power in cyberspace, the report said.
“The battlefield spans not just the physical domains of land, air, and sea but also space, cyberspace, the electromagnetic spectrum and the human mind,” the report said.
The Strategic Support Force’s use of cyber and other information warfare will target enemy political systems, economies, scientific and technological bases, culture and foreign policies. In the opening stage of a war, military strategists say, Chinese hackers will conduct “blinding cyberattacks on an adversary’s computer networks [that] can paralyze its combat processes at the outset of a conflict, thereby ensuring one’s own information dominance.”
The Chinese will use “network warfare” against military and civilian targets, including command and control networks, air defense networks and civilian infrastructure.
The report said some experts who testified to the commission believe the United States remains more powerful than China in the cyberspace realm for now, but others told the panel that China is already an equal based on newly developed tools that rival or exceed those the U.S. military can field.
The Office of the Director of National Intelligence stated in its 2021 annual threat assessment that Chinese cyberattack capabilities are “substantial” and “at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.”
The report said most analysts ridiculed Chinese government cyberattacks a decade ago for their “simplicity and sloppiness.” The tactics included email “phishing” to gain login credentials and the use of flash drives to infect target computers with malware.
Now the Chinese are deemed on par or more powerful than the United States in terms of cyberspace capabilities after adopting advanced tactics such as vulnerability exploitation and the use of third parties to disguise the activities.
In 2014, China’s ruling Communist Party under Mr. Xi created the Central Cybersecurity and Informatization Leading Small Group. Four years later, the unit was enhanced and renamed the Central Commission for Cybersecurity and Informatization, which now controls all information strategy and policy.
New regulations required all companies in China to assist in cyberwarfare and cyberespionage activities. That’s one reason Chinese-owned internal platforms such as the wildly popular TikTok site have received sharp scrutiny from the Trump and Biden administrations.
China’s drive for superpower status in the cyberspace realm was spurred by the 2010 discovery of the Stuxnet computer virus, which damaged Iranian nuclear centrifuges, and National Security Agency contractor Edward Snowden’s 2013 leak revealing NSA penetrations into Chinese networks. China also built up tools to squelch online opposition to the Chinese Communist Party and to identify and silence dissidents.
• Bill Gertz can be reached at email@example.com.
Copyright © 2022 The Washington Times, LLC.