Last month, the private cybersecurity firm Mandiant issued a report claiming to directly link the Chinese military to cyber espionage against American and other western economic targets. The detailed report alleges that People’s Liberation Army (PLA) Unit 61398 is stealing business and technological secrets in support of China’s twelfth five-year plan for economic development, but also suggested Unit 61398 is only one of many units engaged in the theft of sensitive U.S. economic data.
If true, these allegations would confirm the long-held suspicion among many analysts that the Chinese government is involved in economic cyber espionage.
Although significant in its own right, the PLA’s apparent involvement in cyber espionage has broader implications. In particular, the allegations against Unit 61398 and other recent developments highlight the emerging great game in cyberspace across the Asia-Pacific—as well as the growing link between competition in cyberspace and traditional geopolitics.
The interconnected nature of the Internet has allowed cyber espionage to impose economic costs that are historically unique, creating enormous pressures for states and other organizations to respond. In the case of the United States, gauging the cost of cyber espionage to the economy is difficult. Although intelligence reviews point out that estimates range from $2 billion to $400 billion each year, NSA Director General Keith Alexander has said that cyber theft of economic information represents “the greatest transfer of wealth in human history.”
Moreover, these economic cybersecurity challenges originate disproportionately from the Asia-Pacific, the emerging global power center and increasing focal point of American security policy. A 2012 report by the Internet firm Akamai alleges that 51 percent of cybersecurity breaches worldwide originate in the Asia-Pacific, with one third of global totals originating from China.
While verifying such claims is inherently difficult, these figures roughly correspond to other reporting efforts. For example, the Department of Defense claims that the Asia-Pacific accounted for 43 percent of attempts to illegally access sensitive information in the defense industry. Additionally, an unclassified 2011 intelligence report characterized the Chinese as the “the world’s most active and persistent perpetrators of economic espionage.”
But the emerging great game in cyberspace for access to sensitive data stretches across both sides of the Pacific. China in particular is feeling increased pressure. In response to the Mandiant report, the Chinese Ministry of Defense spokesman Gang Yenshang claimed that of attempts to hack PLA military websites, nearly 63 percent originated from the United States.
Despite the already historic nature of cybersecurity challenges there are a number of signs that cyber tensions across the Pacific are likely to intensify. More troubling, these tensions are breaking out of cyberspace and generating new risks for regional geopolitics.
First, Beijing and Washington appear to be inching closer towards history’s inaugural large-scale cyber arms race. In Beijing, the PLA is continuing its efforts to be able to “win local wars under conditions of informationalization” by mid-century. This includes developing military cyber capabilities to help achieve information dominance during conflict—a theme that is repeated in authoritative Chinese military texts. In Washington, the Pentagon is proceeding with a number of high-level cyber initiatives. Over the next few years, the Department of Defense plans to increase its cyber personnel by five-fold. The military is also funding aggressive research projects like DARPA’s “Plan X,” which aims to achieve major breakthroughs in military cyber technology.
While neither state’s military cyber programs are directed exclusively at the other, there is no doubt that the threat perception between Beijing and Washington plays a substantial role in developing military cyber power on both sides.
But the potential effects of these developments are not confined to the military dimension of the Sino-U.S. relationship. Instead, there is growing potential for feedback between the competition for military advantage in cyberspace and the conduct of economic cyber espionage. Given the apparent Chinese military involvement in economic espionage in cyberspace, future increases in the capabilities of Chinese government cyber actors—like PLA Unit 61398—would translate into greater ability to steal economic data from foreign economies. Therefore, as competition with the U.S. military drives the PLA to become more capable in cyberspace, an unintended consequence for Washington may be undermining U.S. economic cybersecurity.
Second, cyber tensions between Washington and Beijing are becoming more strongly linked to the broader bilateral relationship. Following the release the Mandiant report, the New York Times reported that the Obama administration views Chinese cyber intrusions as “so intense that they threaten the fundamental relationship between Washington and Beijing.” Far from a knee-jerk reaction, this follows former Secretary Clinton’s initiative over the past year to elevate the significance of cybersecurity at the U.S.-Chinese Economic and Security Dialogue.
Beyond words, the Obama administration is already injecting cybersecurity objectives into its major actions in the region. The administration’s recent Strategy on Mitigating the Theft of U.S. Trade Secrets is a case in point. The strategy, which was released on the same day as the Mandiant report, focuses heavily on cyber theft. Among its many provisions, the document highlights the importance of “trade secret protections” in the Trans-Pacific Partnership (TPP), a free-trade agreement being negotiated by the United States and ten other Asia-Pacific economies.