With the West still reeling from Russian attempts to influence political processes (and scrambling to tighten its cyber defences before its next election cycles), the mainstream European and American media have let another threat shift out of focus. The idea that Moscow has managed to influence events without the use of Cold War-era tools such as infiltrators and defectors has proved alarming enough to allow a different danger from the east remain forgotten or unrecognized.
At Silicon Valley’s RSA Conference of early March, Rob Joyce, the NSA’s senior cyber security adviser, evaluated the two greatest cyber security threats in an apt and succinct fashion. “I kind of look at Russia as the hurricane, coming in fast and hard,” he told journalists in attendance. “China is climate change: the effects are long, slow, pervasive.”
At the same conference, Chris Krebs of the Department of Homeland Security echoed his NSA counterpart’s concerns. “Russia is trying to disrupt the system,” he said. “China is trying to manipulate the system to its long-term advantage.”
It might appear strange that Chinese cyber aggression has not been subject to the same intense media scrutiny as its Russian equivalent, especially as much of President Trump’s election rhetoric centered on dealing with Beijing’s subversive foreign and economic policies; this is stranger still when one remembers that Chinese hacking was a concern for US politics even as far back as the presidential elections of 2012, long before Russia’s own cyber attacks shook the columns of Western power.
Perhaps a more coherent Western awareness of Russian and Chinese cyber attacks might have been achieved if they were assessed, discussed and evaluated as part of a greater Eastern threat to European and American cyberspace. The dangers posed are, of course, as different as Moscow and Beijing’s political approaches to the outside world (indeed, to expand and adapt Joyce’s analogy, Russia’s foreign policy might be described as a sledgehammer, with Beijing more of a scalpel), but the severity of both dictate that neither is more cause for concern than the other.
In recent years, Russia’s foreign policy has been extremely aggressive, deploying military forces to no fewer than three countries and sanctioning assassinations of public opponents both at home and abroad. China’s oppressive behavior has been more domestic, with the exception of customary saber-rattling over Taiwan. However, while it may not be invading its neighbors in the style of its Russian allies, its economic and commercial interests are still a cause for concern.
Beijing has invested billions in infrastructural projects in Africa, a soft power play that may well merit comparisons to the empires of Europe that now belong to history. Countries that receive the benefit of Chinese money (including Kenya and Ethiopia, which received railway developments valued at $3.2 billion and $475 million respectively, along with Guinea, which was granted a hydro-electric dam valued at $526 million) are now demonstrably inclined to vote in favor of Chinese-proposed motions at the UN Assembly, a stark change from the Cold War, when most of Africa followed the lead of the United States. Having secured political influence over much of the continent, the Chinese government has also paved the way for investment from the private sector: Chinese companies investing in Africa are showing substantial profits, as Western enterprises once did when labor and costs in China itself were cheap.
This commercial aggression has extended to the cyber realm, with China being repeatedly accused of promoting hacking efforts to steal American intellectual property. Indeed, a US government study in 2017 estimated the total cost of Chinese hacking to be between $255-600 billion in counterfeit goods and pirated software and patents. Later, in December 2018, the US, UK, Australia and New Zealand together declared that China was behind a twelve-year hacking campaign that led to the acquisition of patents and private information from corporate IP addresses in twelve countries, affecting almost every professional field in the world.
This is not, of course, to say that China’s cyber attacks are entirely without a military edge. Plans of the F-35 5th generation fighter aircraft were suspected of being stolen by Chinese hackers, with Beijing allegedly then adapting parts of the design for its own stealth interceptor model, the J-20. In addition, as of October 2018, the US Navy broke a longstanding tradition of not publishing the names and roles of its senior officer corps due to fears that they may become targets of Chinese cyber assaults.
However, defending and responding to Chinese threats is more complicated than responding to Russian interference. Sanctions placed on Moscow have little overall effect on the West, but China is a major trading partner; it is already becoming something akin to a superpower, and so the prospect of sparking a trade war (or, indeed, taking any hostile action that might lead to an actual war) against a rising and increasingly integral part of the global economy would hardly be punitive, and may only increase the number of Beijing-sponsored cyber attacks.
With the USA bracing itself for a turbulent 2020 election, it is not beyond the realms of possibility that insidious Chinese hacking will slip further out of sight from the Western public and media, especially in light of the focus on online Russian attacks in the previous presidential race. Yet with Xi Jinping having consolidated his power for the foreseeable future (and perhaps beyond), Beijing’s cyber aggression is likely to remain as firmly entrenched as the country’s leader; a comparison that is arguably as accurate as it is concerning.