Thursday, February 18, 2016

Role of Cybersecurity in Chinese Foreign Policy

Greetings from the Australian National University in Canberra, where Professor Jon Lindsay from University of Toronto is speaking on "The role of cybersecurity in Chinese foreign policy". Professor Lindsay, has written several papers and is editor of the book "China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain" (2015). He pointed out that the US Government makes a distinction between industrial and security espionage, which China does not necessarily follow. Somewhat more controversially he suggested the term "Advanced Persistent Treat" could be applied to USA's NSA, as well as its Chinese equivalent.

Professor Lindsay contrasted NSA's covert attempts to obtain information on-line with overt moves by China to ensure the Internet is not used internally for anti-state political activities. He pointed out that Chinese law imposes severe limits on what the Internet can be used for.

Professor Lindsay characterized Internet regulation as fragmented. The central state regulation body is under the propaganda ministry, concerned with the content. He commented that as a result cyber-crime, provided it is for economic gain, is less of a priority for government.

Professor Lindsay quipped that there are two sorts of organizations in the USA: those who have been hacked by China and those who do not realize they have. Admitting attributing attacks is difficult, he pointed out that phishing attacks align with the Shanghai working day (where PLA Unit 61398 is based), suggesting this is an industrial scale activity.

Professor Lindsay pointed out that a sophisticated system was needed to handle large amounts of information obtained through industrial espionage. He said that information on how this is done in China is obviously not freely available. However, information on collecting and processing overseas open access information. He made the point that China has been greatly increasing expenditure on the absorption of information, rather than just collection.

Professor Lindsay pointed to a PLA documentary on cyberwar "The Cyber storm has arrived" (2011), which features a fictitious attack on a Falun Gong group in the USA. The point being that a religious group is seen as a threat to the state. His implication was that this is different to western military doctrine. However, this reminds me that one of the US presidential candidates has proposed banning immigrants based on religion, on the assumption they are a threat to the state.

Professor Lindsay pointed out cyberwar increases the "fog of war". Even well resourced nation states will have difficulty conducting such a war. He suggested China had less experience at this than the USA. However, China has very expert IT professionals (I train some of them at ANU in Canberra). It has to be assumed the Chinese military train their IT professionals well. Also China has a military doctrine which is more accommodating of cyber-warfare.

This seminar is part of this week's conference "Securing our Future in Cyberspace", which ends Friday with "Securing our future in cyberspace - next steps".

