What Are China’s Cyber Capabilities and Intentions?

Chinese soldiers browse online news on desktop computers at a garrison of the People's Liberation Army in Chongqing in 2013. (AP/Gao xiaowen)

News stories on the cyber threat that China poses appear on a regular basis. Most underscore a view that China is using cyber power to rise and ultimately win global dominance, and that the Chinese government is behind the scenes in many malicious cyber activities. Though many of the allegations focus on the tension between China and the United States on cyber espionage, these actions are unlikely to cause armed conflict since almost all capable actors conduct cyber espionage.

Suspicions of intentions and capabilities of cyber warfare, however, could drag the US and China into arms races, and even hot wars, due to the role cyber tools can play in military operations. Given the risks, it is necessary to examine China’s views on cyber warfare from a narrative that is different from what most readers are familiar with.

Context for China’s Views on Cyber Warfare

China’s academic discussion of cyber warfare started in the 1990s when it was called “information warfare.” Impressed by how the US military benefited from the application of high technologies in the Gulf War—and subsequent operations in Kosovo, Afghanistan, and Iraq—China began to realize that there is no way to adequately defend itself without following the changes in the forms of war in which high technologies, mainly information technologies, play more critical roles.

In 1993, two years after the Gulf War, the Chinese military adjusted its military strategic guideline which set “winning local wars in conditions of modern technology, particularly high technology” as the basic aim of preparations for military struggle (PMS). In 2004, one year after the Iraq War, the military’s PMS was changed to “winning local wars under conditions of informationization.” The basic understanding, as elaborated in China’s National Defense in 2004, is that “informationization has become the key factor in enhancing the warfighting capability of the armed forces.”

The first time that the Chinese military publicly addressed cyber warfare from a holistic point of view was in the 2013 version of “The Science of Military Strategy”—a study by the Academy of Military Science. It emphasized that cyberspace has become a new and essential domain of military struggle in today’s world. A similar tone appeared in the 2015 Ministry of National Defense paper entitled “China’s Military Strategy.”

While the latter document modified the basic point for PMS to “winning informationized local wars,” it also addressed cybersecurity for the first time in an official military document. It defined cyberspace as a “new pillar of economic and social development, and a new domain of national security,” and declared clearly that “China is confronted with grave security threats to its cyber infrastructure” as “international strategic competition in cyberspace has been turning increasingly fiercer, quite a few countries are developing their cyber military forces.”

Based on the above approach that China is taking to cyberspace and its own national security, a few conclusions can be drawn. The first is that China has not developed its cyber capabilities in a vacuum. Rather, they have developed them as a response to the changing cyber warfare approaches and practices of other countries, especially those of the US and Russia. The second is that the Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries.

Core Aims of China’s Cyber Warfare

Though there is no commonly accepted conception of cyber warfare, one made by a RAND Corporation study is frequently quoted by Chinese military analysts: cyber warfare is strategic warfare in the information age, just as it was nuclear warfare in the 20th century. This definition serves as the foundation to argue that cyber warfare has much broader significance to national security and involves competition in areas beyond the military, such as the economy, diplomacy, and social development.

Again, China’s Military Strategy describes the primary objectives of cyber capabilities to include: “cyberspace situation awareness, cyber defense, support for the country’s endeavors in cyberspace, and participation in international cyber cooperation.” The strategy frames these objectives within the aims of “stemming major cyber crises, ensuring national network and information security, and maintaining national security and social stability.”

Of these objectives, an essential one is national security and social stability. As shown by several incidents, such as the protests after Iran’s 2009 presidential election, the Arab Spring, as well as Occupy Wall Street and the London Riots of 2011, social media plays a vital role in helping to plan and carry out such protests and movements. The Chinese government’s monitoring of the internet and social media is based on its potential use as a platform to disseminate information that could cause similar social unrest to spread, which could lead to large-scale social and political instability.

Another essential objective, in common with all states, is defending critical information infrastructure. China is more and more dependent on information networks in all aspects, including in defense. Although it has a large-scale technology industry and possesses the potential to compete with the US in some, most of its core network technologies and key software and hardware are provided by US companies.

China uses the term “eight King Kongs” to describe the top internet companies in its domestic supply chain: Apple, Cisco, Google, IBM, Intel, Microsoft, Oracle, and Qualcomm. Heavy dependence on these companies’ products makes it necessary to work towards developing the domestic technology industry and its capabilities, and to thereby make the country’s internal internet infrastructure more secure. It also makes China believe that its primary mission in cyberspace is to ensure information security of critical areas, which is inherently defensive and non-destructive.

Many, including the US government, have accused the Chinese government and military of cyberattacks in which intellectual property has been stolen. In this regard, there are several distinctions to make clear. The first is between those cyberattacks that aim to destroy, and cyber espionage for intelligence collection. The second is to make clear those forms of cyber espionage that are related to national security concerns and those for economic interests. And the last is between malicious cyber activities that one government or military should take responsibility for, and those that are attributed to a government or military based on less-than-reliable key indicators of where activities originate.

The implications of distinguishing clearly are great and there is a need for far lengthier analyses and studies. Looking at the issue briefly, most accusations levied at China are related to the latter distinction. Until today, there is no irrefutable evidence to show China has been involved in cyberattacks that aim to destroy or have destroyed. While cyber espionage for national security concerns is a common action conducted by most countries, cyber espionage for economic benefit is an accusation continually made against the Chinese government and military. However, there are reports indicating a notable decline in commercial cyber espionage allegedly attributed to Chinese sources, at least in the first few months following an agreement reached between Chinese President Xi Jinping and US President Barack Obama in 2015.

The overall defensive perspective of the government is ultimately in line with China’s strategic guidelines and its understanding of the general characteristics of cyber warfare. China has consistently said that it adheres to the strategic guideline of Active Defense, as elaborated in the 2015 defense paper. Guided by these principles, the primary stated goal in cyber warfare is to enhance defense capabilities in order to survive and counter after suffering an offensive cyber strike.

Some observers may conclude that it is more worthwhile to invest resources into cyber offense since cyberspace is offense-dominant. However, the principle that the best defense is a good offense is not applicable in cyberspace. As argued by PLA Senior Colonel Li Daguang, after the first round of a cyberattack, the targeted side can respond with a precise counter-attack as long as it has a strong defense. The attacker will then suffer unfavorable outcomes if its defense is not good enough. From this perspective, it is wiser to make efforts in building up a strong defense.

Is China’s Cyber Capability as Formidable as Imagined?

As mentioned, cyber warfare encompasses far more areas than the military and intelligence gathering. It is therefore logical to measure one country’s cyber capability by a more comprehensive evaluation, which at least includes: technological research and development (R&D) and innovation capabilities; information technology industry companies; internet infrastructure scale; influences of internet websites; internet diplomacy and foreign policy capabilities; cyber military strength; and comprehensiveness of cyberspace strategy. If evaluated along all these criteria, China’s cyber power largely lags behind that of the US.

Aside from China’s disadvantages in critical technological self-sufficiency as mentioned above, it is not as advanced in other aspects as well. According to the ICT Development Index (IDI), which is based on 11 indicators to monitor and compare developments in information and communication technology across countries, China respectively ranked 80th, 81st, and 82nd among 176 states in 2017, 2016, and 2015.

Part of China’s low influence on the global internet is due to the fact that its primary languages are not widely used on the internet outside the country. Though there are a massive number of Chinese speakers throughout the world, Chinese languages are only used by 1.7 percent of all websites, while 53.9 percent use English.

China’s internet is also one of the most regularly attacked. According to a report published in February 2019 by Beijing Knownsec Information Technology, China suffered the highest rate of distributed denial of service attacks (DDOS) in the world in 2018—an average of over 800 million a day. Scanning and backdoor intrusions made up the majority of the attacks and about 97 percent were conducted by domestic hackers. However, a growing percentage came from overseas, mostly from the US, South Korea, and Japan. Among all the attacks originating overseas, those that targeted government and financial websites largely outnumbered those on other targets.

Similar statistics can be found elsewhere. However, it is not the intention here to describe how vulnerable China is, but to emphasize that a more comprehensive and objective assessment of China’s cyber power is in urgent need. As Joseph Nye argued, exaggerated fears about growing Chinese power can become a cause of conflict. The same logic applies in cyberspace, especially at a time when China-US bilateral relations are seeing sharp twists and turns.

Lyu Jinghua is a Visiting Scholar in the Cyber Policy Initiative at the Carnegie Endowment for International Peace and a retired colonel from the Chinese People’s Liberation Army.