Adam Segal, Ira A. Lipman Senior Fellow for Counterterrorism and National Security Studies, testifies before the House Foreign Affairs Subcommittee on Oversight and Investigations about Chinese cyber espionage and China's desire to reduce its dependence on the West for advanced technologies.
Communist Chinese Cyber-Attacks, Cyber-Espionage and Theft of American Technology
Chinese cyber espionage has to be understood within the context of China‟s desire to reduce its dependence on the West for advanced technologies, and on the United States and Japan in particular. This goal is laid out in the 2006 National Medium- and Long-Term Plan for the Development of Science and Technology (MLP) which introduced the need for “indigenous innovation” (zizhu chuangxin) to lessen the “degree of dependence on technology from other countries to 30 percent or less,” (down from 50 percent today, as measured by the spending on technology imports as a share of the sum of domestic R&D funding plus technology imports).1 Moving from “made in China” to “innovated in China” is essential to the country‟s future; “Facts tell us that we cannot buy true core technologies in key fields that affect the lifeblood of the national economy and national security,” states the MLP. China will become an “innovation oriented society” by 2020 and a world leader in science and technology (S&T) by 2050."
In pursuit of these goals, China has followed three, often intertwined, tracks: industrial policy, innovation strategy, and cyber and industrial espionage. Industrial policy involves top-down, state-directed technology programs often focused on specific sectors and the government research institutes. The MLP, for example, includes twenty science and engineering megaprojects in such areas as high-end generic chips, manned aerospace and moon exploration, developmental biology, and nanotechnology.
The last strand is the theft of intellectual property either through cyber espionage or more traditional industrial espionage. Since January 2010, Google, Nasdaq, DuPont, Johnson & Johnson, General Electric, RSA, and at least a dozen others have had proprietary information stolen by hackers, although how many of these attacks originated from China is uncertain.4 Attacks are becoming more sophisticated and increasingly rely on spear phishing (targeted attacks that rely on publicly available information) and other social engineering techniques. In the physical world, Chinese nationals have been recently charged in the theft of radiation-hardened microchips and precision navigation devices.
The relationship between the state and hackers is even murkier. As the “Shadows in the Clouds” report on computer exploitation notes, there is an emerging ecosystem of crime and espionage. Espionage networks adopt criminal techniques and networks “both to distance themselves from attribution and strategically cultivate a climate of uncertainty.” Some of the information stolen by the hackers ends up on the black market, some of it, according to the report, ends up in the "possession of some entity of the Chinese government." At the very least, much of the hacking is state tolerated, in many instances it is encouraged, and in some cases of espionage, it is directed by state actors.