Cybersecurity

Cyberspace plays key role in growing US-China tension

The growing tensions between the U.S. and China have had a major impact on various sectors, including cyberspace, which is now becoming an integral part of modern warfare.

As the two powers continue to spar over trade, technology, sanctions and Taiwan, cyber is increasingly being used by the two nations to achieve some of their goals in the defense, economic and political realms. 

Just last week, U.S. intelligence agencies released a joint advisory based on a Microsoft report that found a Chinese state-sponsored cyber actor, known as Volt Typhoon, has been accessing credentials and network systems of critical infrastructure organizations in parts of the U.S., including the territory of Guam, which has a military base of strategic interest to the U.S.

“It’s interesting that China is caught doing it in Guam that certainly fits with their military planning, but this is just the future of conflict,” said James Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies.

Lewis, who wasn’t too surprised by the Microsoft report, said cyberspace is increasingly becoming “part of modern warfare.”

In response to the discovery of Volt Typhoon, lawmakers on the House Homeland Security Committee released a statement last week expressing their worry about the malicious activity.

“We are extremely concerned by the news of Chinese state-sponsored malicious activity against U.S. critical infrastructure networks, and the activity in Guam is especially concerning considering the heightened risk to the U.S. military,” the lawmakers said. 

Volt Typhoon, which has been active since mid-2021, has been targeting organizations in several sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

Microsoft said the hacking group, which mostly focuses on espionage and information gathering, is “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

The lawmakers also said in the statement that “Beijing will stop at nothing to conduct surveillance and infiltrate our networks in their quest to bring America to its knees, and this malicious activity is one more stark example.”

China struck back at the allegations. The country’s foreign ministry spokesperson said the hacking claims were a “collective disinformation campaign” from the Five Eyes countries, referring to the U.S., Canada, New Zealand, Australia, and the U.K, Reuters reported

“No matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking,” the spokesperson said.

The Microsoft report also said the group’s objective is to spy on organizations and gain access to their networks “without being detected for as long as possible,” an assertion experts agreed with.

Eric Noonan, CEO of cybersecurity firm CyberSheath, said one of the concerns from the report is how persistent and patient China is in cyberspace.  

“I think the concern here, in this Cold War with China, is the fact that China is a lot more sophisticated and would presumably be more successful in activating these latent capabilities that are now embedded in many of our critical infrastructures around the globe,” Noonan said. 

Since the release of the report, U.S. officials said the Chinese hackers may still have access to some U.S. networks but are working to make sure that isn’t the case, CNN reported

Rob Joyce, NSA’s director of Cybersecurity, told CNN he was concerned about the “scope and scale” of Volt Typhoon’s activities, which he called “unacceptable.” 

Jason Blessing, a research fellow at the American Enterprise Institute, said the Chinese hackers had a lot of flexibility and room to experiment with the different U.S. networks without raising a lot of red flags that could reveal their presence. 

“[The hackers’ activity] shows a big leap in the care that they’re taking to infiltrate U.S. networks and to try and maintain that presence,” Blessing said. 

“If you look at those skills, that’s a development of both strategic patience and more precise techniques to maintain a covert presence,” he added. 

Lewis said he doubts the recent Microsoft report will escalate tensions between the two countries because the hostility is already so high.

This week, China refused to facilitate a meeting between its defense minister, Li Shangfu, and U.S. Defense Secretary Lloyd Austin as rising tensions continue to unfold over several matters, including trade disputes, Taiwan’s independence and Russia’s war in Ukraine, which China has refused to condemn. 

China’s turndown of the meeting may also have been tied to the fact the U.S. sanctioned Li in 2018 for buying warplanes and equipment from a Russian defense firm.

Lewis also said he doesn’t think that the recent malicious cyber activity uncovered by Microsoft is a prelude to an invasion of Taiwan because this is a fairly normal activity for China to spy and collect information on its enemies. 

“Whether they were planning to invade Taiwan next week, or next year, they’d be doing the same thing,” he said.

In an abundance of caution to protect Taiwan in cyberspace, U.S. lawmakers recently introduced bipartisan legislation aimed to strengthen the island’s cyber defenses and help it counter cyberattacks from China. 

The bill, called the Taiwan Cybersecurity Resiliency Act, would require the U.S. Department of Defense to broaden and strengthen cybersecurity cooperation with Taiwan by conducting cyber training exercises, defending the country’s military networks, infrastructure and systems, and leveraging U.S. cybersecurity technologies to help defend Taiwan.

China, which has become an emerging power in cyberspace, is alleged to have launched about 20 to 40 million cyberattacks every month in 2019 against Taiwan, with some later being used against the U.S., lawmakers said.

Lewis added that the focus at the moment for the U.S. should be on defense and making sure that critical infrastructure is secure from future attacks.

“I think there’s a desire in the administration to warn the Chinese to be careful when they do stuff like this … warning them ‘be careful because we know what you’re doing,”’ he said.