Growing the availability of domestic cybersecurity competitions serves China’s security services with a stream of vulnerabilities for use in hacking operations. In response, the Chinese government instituted a policy that mandated software vulnerability researchers disclose any vulnerabilities found to the Ministry of Industry and Information Technology within 48 hours of discovery. Additionally, China’s Ministry of Public Security rolled out a policy that controlled researchers traveling abroad for foreign competitions. To compensate for the restrictions, the Ministry of Education and the China Information Technology Security Evaluation Center collaborated to launch the Information Security Ironman competition in 2016. To capture the magic and compensation of international software security competitions that Chinese vulnerability researchers can no longer travel to, China’s infosec community launched the Tianfu Cup in 2018.
China’s deficit of cybersecurity experts will likely fall to 370,000 by 2027, down from around 1.4 million in 2017, as the education system produces more and better prepared cybersecurity experts. Policymakers advocate for students to gain more hands-on experience, and a recently released report outlines the “4+3 Method” of cyber confrontation skills and development. The approach harmonizes the preceding seven years of public policy in China and promotes the production of cybersecurity experts with key competencies in actual confrontation, software vulnerability discovery, combat impact assessment, and engineering and development skills. Lastly, if China succeeds in creating a self-contained computing ecosystem, that could change the landscape of competition by increasing the speed and persistence of operations.
China’s Xi Jinping and Russia’s Vladimir Putin recently concluded their three-day meeting in Moscow, where they signed two agreements that affirm their partnership and set out plans for economic cooperation. This included ten documents on economic cooperation, stretching until 2030. However, the Washington Post reports that the two leaders did not discuss the potential interplay and fusion of their information technology-driven hybrid warfare efforts directed at the West.
Both countries, including their current autocratic leaders and the legions in their official “IT Armies” and non-state actors resident within their sovereign boundaries, are known to be masters of the dark arts of kompromat, information warfare, and narrative warfare – increasingly in the digital domain. Hybrid warfare is defined as an interplay or fusion of conventional as well as unconventional instruments of power and tools of subversion. At the intersection of this interplay and fusion, novel information threat vectors are found, which is the hallmark of hybrid warfare.
The complexity and uncertainty we all feel at the hands of multiple global parallel crises, including the war in Europe, are fundamentally driven by the unintended consequences of unimaginable use cases of information and communications technology (ICT) to nefarious and destabilizing ends. The ICT-driven hybrid warfare landscape has been digitally carpet bombed by both the Chinese and Russians, and it is burning and smoldering at this point.
This post aims to provide an update on the ICT-driven hybrid warfare landscape and put unique, underreported issues at the center of your risk awareness, which were not discussed at the meeting in Moscow by China and Russia or covered by the global media.
Last year, the topic of hybrid warfare efforts was widely discussed around the time of the invasion of Ukraine. This included strategic risks, subversion, and innovation in information technology. Some of the most trafficked research and analysis in this area included the following:
We Are In The First Open Source Intelligence War
In this article, it is noted that we are witnessing the world’s first war where open-source intelligence is providing more actionable insights than classified sources. The article explores what this shift means for governments, businesses, NGOs, and citizens.
No, The World Is Not Destined to Live Under PRC or Russian Rule
This article explores the rise of China’s military, economic, and technological power and the threats that need to inform decisions by government and business leaders. This includes the most powerful cyber espionage operation on the planet, extensive human and technical intelligence operations, and China’s intention to continue to grow its power.
Dr. Scott Shumate Profiles Russian President Vladimir Putin
This special edition OODAcast features Dr. Scott Shumate, who has over 30 years of experience evaluating national leaders, terrorists, spies, and insiders. In the episode, he shares his unique perspective on Russian President Vladimir Putin, discussing whether he is a rational actor or suicidal, and if he will escalate to cyber-attacks.
Russia Downed Satellite Internet in Ukraine – Western Officials
In this article, it is reported that Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline at the onset of the Russia-Ukraine war. This digital assault against Viasat’s KA-SAT network in late February occurred just as Russian armor pushed into Ukraine.
These articles delve into the world of hybrid warfare and the impact of information technology on modern warfare. They provide a unique perspective on the threats posed by countries such as Russia and China, and how they are leveraging technology to gain power and influence. It is crucial to stay informed about these issues as they pose significant risks to governments, businesses, NGOs, and citizens.
The chief technology officer of $US50 billion ($67 billion) cybersecurity giant CrowdStrike has warned that Russia is still likely to launch large-scale cyberattacks against the West in response to sanctions and accusations of war crimes. Although predictions about Russian retaliation have so far proved wide of the mark, Australian Mike Sentonas said cyberwarfare had still played a significant role in the campaign, starting with early attempts by Moscow to destabilize Ukraine.
For the latest insights on the breadth and scope of Russia’s IT-driven hybrid warfare efforts, the Digital Forensic Research Lab (DFRLab) analyzed upwards of 10,000 articles from Kremlin and pro-Kremlin media that used false and misleading narratives in the run-up to Russia’s invasion of Ukraine in late 2021 and early 2022. This analysis was detailed in a report titled “Narrative Warfare and the Invasion of Ukraine” by the Atlantic Council. These narratives were used to provide a justification for the attack, obfuscate operational planning, and deny responsibility for the war.
Russia’s pre-war propaganda and incitement to violence violate its obligations under the International Covenant on Civil and Political Rights (ICCPR). However, it remains a question whether those narratives would constitute a crime under international law. While international law does not prohibit disinformation and other “ruses of war”, Kremlin disinformation published in the lead-up to the invasion may be evidence of planning or preparing for an act of aggression. Disinformation narratives that started prior to the invasion and continued afterward may be evidence that Russian or Donbas officials knew the invasion was inconsistent with the United Nations (UN) Charter and constituted a “manifest violation” of it.
It is important to identify and archive these narratives, given the Kremlin’s vast propaganda ecosystem across traditional, digital, and social media. Additionally, holding Russia and its proxies accountable for their actions is crucial, as cyberwarfare plays a significant role in their hybrid warfare efforts. The warnings by cybersecurity giant CrowdStrike of further large-scale cyberattacks against the West in response to sanctions and accusations of war crimes should be taken seriously.
The Tianfu Cup, a China-based hacking competition, has rapidly grown in popularity and has become a critical component of the Chinese Communist Party’s (CPC) strategy for developing cyber capabilities. According to Cyberscoop, the CPC views the competition as a critical tool for identifying and nurturing talented hackers for the party’s cyber teams. In recent years, Chinese teams have dominated international hacking competitions, including the Def Con 29 Capture the Flag competition, which was won by a Chinese team called Katzebin. During the August 2021 OODA Network Monthly Meeting, a network member raised a question regarding the participation of Chinese teams in international competitions, given recent restrictions imposed by the CPC on such activities.
The Tianfu Cup has played a critical role in building the CPC’s cyber capabilities and identifying talented hackers for their cyber teams. Cyberscoop reports that the competition has received sponsorship from several Chinese technology companies and that the CPC is investing in programs to train and recruit hackers, including a “Hacker Academy” launched by President Xi Jinping. The academy has been tasked with developing China’s offensive cyber capabilities, and participants are trained in a variety of hacking techniques, including zero-day exploits and social engineering.
China’s cyber capabilities have grown significantly in recent years, and the CPC’s investment in training and recruitment programs has played a significant role in this growth. The country has been accused of conducting several high-profile cyberattacks, including the 2015 breach of the US Office of Personnel Management, which exposed the personal information of millions of government employees. The CPC’s investment in the Tianfu Cup and other programs highlights their continued commitment to building their cyber capabilities and leveraging technology as a tool for national power.
In light of China’s significant investment in cyber capabilities and its growing dominance in hacking competitions, questions regarding the role of cyberwarfare in international conflicts are becoming increasingly relevant. It is essential for governments and businesses to be aware of the potential threats posed by state-sponsored hackers and to take proactive steps to protect themselves against cyberattacks.
Chinese President Xi Jinping has prioritized cybersecurity since coming to power in 2013, with a focus on cultivating talent and funding cybersecurity research. The Chinese state has systematized cybersecurity education, improved students’ access to hands-on practice, promoted hacking competitions, and collected vulnerabilities to be used in network operations against China’s adversaries. As a result, China’s investments in cybersecurity education are bearing fruit and ushering in a new era of digital espionage. From the early 2000s to 2015, China’s hacking teams caused havoc for private companies and U.S. and allied governments, but these better-resourced and trained teams now put companies at risk of further compromise and create an additional imperative for U.S. and allied nations to improve defenses of government networks. This new era of digital espionage will likely have significant impacts on global cybersecurity, as China’s hacker bootcamps continue to produce talented and well-equipped cyber operatives.
China’s interest in developing cybersecurity education and talent is evident in President Xi Jinping’s policies, which show how serious he is about the issue. From the early 2000s to 2015, China’s hacking teams caused chaos for private companies and U.S. and allied governments. After coming to power in 2013, Xi made cybersecurity a matter of government policy and began investing in cultivating talent and funding cybersecurity research. These investments are now coming to fruition, and, as a result, China’s hacking teams are poised to reap the benefits of a nearly decade-long cultivation of cyber talent and capabilities.
China’s focus on cybersecurity education
Chinese policymakers talked about hackers as “the talented few” in the 2000s. U.S. indictments of hackers operating during this period illustrate the point. Xi established his leadership on the issue of cybersecurity by forming the Cybersecurity and Informatization Leading Small Group in 2014. The group demanded that the Ministry of Education evaluate and standardize the content of China’s cybersecurity college degrees. By 2015, the Ministry of Education rolled out the standards nationwide, and universities adjusted their curriculums accordingly.
Investment in cultivating talent
Xi prioritized cybersecurity as a matter of government policy and focused the bureaucracy, universities, and security services on cultivating talent and funding cybersecurity research. The Chinese state has systematized cybersecurity education, improved students’ access to hands-on practice, promoted hacking competitions, and collected vulnerabilities to be used in network operations against China’s adversaries.
China’s leadership in cybersecurity
In 2016, Xi promoted his Leading Small Group to the Cybersecurity and Informatization Committee of the CCP Central Committee (CIC). The move shows the importance of cybersecurity to the Chinese government, and China’s interest in developing cybersecurity education and talent. The investments in cybersecurity education and talent are paying off, and China’s hacking teams are better resourced and trained, putting companies at risk of further compromise and creating an additional imperative for U.S. and allied nations to improve defenses of government networks.
China has invested in its cybersecurity education to cultivate more cyber talents to develop its digital espionage capabilities. In the 2000s, Chinese policymakers viewed hackers as the “talented few,” but finding such talent was a challenge. China’s investments in cybersecurity education are now coming to fruition as they put better-resourced and trained teams on the field. China’s President Xi Jinping established a cybersecurity and informatization leading small group in 2014 to focus the bureaucracy, universities, and security services on purposefully cultivating talent and funding cybersecurity research. By 2015, the Ministry of Education rolled out nationwide standards to evaluate and standardize the content of China’s cybersecurity college degrees, inspired by the United States’ National Initiative for Cybersecurity Education. In 2016, Xi promoted his leading small group to the Cybersecurity and Informatization Committee of the CCP Central Committee (CIC), which became a formal government agency called the Cyberspace Administration of China (CAC) to represent the CIC’s work to other governments and businesses.
One of the CAC’s first acts was to publish a National Cybersecurity Strategy for China, which outlined nine “strategic tasks” for policymakers to undertake, including improving talent cultivation. The public strategy document was not particularly prescriptive about how to achieve these tasks, allowing provincial and municipal governments to innovate and compete on policy ideas. Two provincial policy ideas caught the central government’s attention, and China’s National Cybersecurity Talent and Innovation Base in Wuhan became a national asset. The campus, built by provincial officials, sprawls over 15 square miles, with a quarter dedicated to the National Cybersecurity School, the Offense-Defense Laboratory, the Combined Cybersecurity Research Institute, and supporting computational, data storage, and cyber range facilities. The base’s construction held a signing ceremony at the end of 2016.
The CAC’s composition and offices are the same as the CIC but presented as a government agency to foreign audiences, allowing decisions made by the CCP Central Committee to appear as the actions of a government regulatory agency, rather than the Party. The CAC’s role in representing the CIC’s work to other governments and businesses allows for more effective cybersecurity policymaking and regulation. These investments in cybersecurity education have set the stage for a new era of digital espionage, and China’s hacking teams are poised to reap the benefits of a nearly decade-long cultivation of cyber talent and capabilities.
China’s Investment in Cybersecurity Education and Infrastructure
In the early 2000s, China’s hacking teams were causing chaos for private companies and governments across the world, stealing government databases, weapon system designs, and corporate intellectual property. However, President Xi Jinping’s policies indicate that China’s cyber espionage program was only the beginning of its digital prowess. Since coming into power in 2013, Xi has prioritized cybersecurity as a government policy, investing in the cultivation of talent and funding cybersecurity research.
China’s systematic approach to cybersecurity education has created a better-resourced and trained cyber force that is now positioned to reap the benefits of nearly a decade of cyber talent and capability cultivation. These teams put companies at risk of compromise and create an additional imperative for the US and allied nations to improve their defense systems.
One of Xi’s policies was to prioritize cybersecurity and focus the bureaucracy, universities, and security services on purposefully cultivating talent and funding cybersecurity research. In 2015, the Ministry of Education rolled out national standards for cybersecurity education and adjusted curriculums in universities across China. The public strategy document of the National Cybersecurity Strategy for China outlined nine “strategic tasks” for policymakers to undertake, including improving talent cultivation, increasing cybersecurity awareness, and promoting education.
To further support cybersecurity education, China modeled reforms of its cybersecurity degrees on the US National Initiative for Cybersecurity Education. In 2017, China designated some schools as World-Class Cybersecurity Schools (WCCS) to provide the best educational offerings. The designation allows potential employers to quickly assess a graduate’s competencies by association, indicating the program’s quality and content that should be replicated.
China is not only investing in cybersecurity education but is also developing infrastructure, including Guiyang’s Big Data Cyber Range, which hosts cybersecurity competitions and offers industrial hardware for OT hackers, and Wuhan’s National Cybersecurity Talent and Innovation Base. These national projects were adopted by the central government to demonstrate their commitment to cybersecurity.
To attract students to cybersecurity programs, China hosts thousands of capture-the-flag hacking competitions every year. Nowadays, China runs hundreds of cybersecurity competitions, sometimes with thousands of teams.
Overall, China’s investments in cybersecurity education and infrastructure set the stage for a new, more prolific era of digital espionage.
China’s Cybersecurity Competitions and Policies to Promote Domestic Talent
China has made significant efforts to cultivate and train talented hackers domestically, with policymakers seeing competition in cyberspace as a battle for talent. To achieve this, the Chinese government has rolled out policies aimed at increasing cybersecurity awareness and improving talent cultivation.
Domestic Competitions Serve Multiple Purposes
To ensure a steady supply of vulnerabilities for its hacking operations, the Chinese government has created a domestic pipeline of competitions. Software vulnerabilities are seen as a “national resource,” and China has implemented policies to control access to these resources. For instance, researchers can only travel abroad for foreign competitions with express approval of the Ministry of Public Security. Furthermore, the Chinese government now requires vulnerability researchers to disclose any vulnerability they find to the Ministry of Industry and Information Technology within 48 hours of discovery.
Building a Robust Education Ecosystem
To train students in cybersecurity, China rolled out its designation of World-Class Cybersecurity Schools in 2017. The designation only provides prestige and does not apparently confirm any additional funding or resources. However, it allows potential employers to quickly assess a graduate’s competencies by association. Additionally, to attract students and fill these programs, China hosts thousands of capture-the-flag hacking competitions every year.
Competitions to Inspire and Bolster Capabilities
To inspire college students, the Ministry of Education collaborated with the China Information Technology Security Evaluation Center to launch the Information Security Ironman competition in 2016. The competition spans every province in China and includes hundreds of universities. Other hacking competitions have sought to bolster China’s capabilities in automated software vulnerability discovery and exploitation.
China has taken significant steps to cultivate domestic cybersecurity talent, and its efforts appear to be paying off. The country’s policies against researchers traveling abroad, mandating vulnerability disclosure to the government, and investments in technologies to find more software vulnerabilities have combined to create a pipeline of cybersecurity talent in China.
The State of China’s State Hackers
A recent report by several World-Class Cybersecurity Schools, the Chinese Academy of Sciences, the Ministry of Education and cybersecurity firm Beijing Integrity Technology describes the current landscape of China’s state hackers. According to the report, China’s deficit of cybersecurity experts is expected to fall to 370,000 by 2027, an improvement from 2017 estimates that put the then-deficit at around 1.4 million. However, the report states that aggregate “production” of new cybersecurity experts will exceed 30,000 per year.
The “4+3 Method” of Cyber Confrontation Skills and Development
The report’s principal purpose is to present the “4+3 Method” of cyber confrontation skills and development, which harmonizes the preceding seven years of public policy in China. The “4” represents four key competencies for cybersecurity professionals: actual confrontation, software vulnerability discovery, “combat impact assessment” (likely a euphemism for security evaluation), and engineering and development skills. The “3” represents three methods of demonstrating the four capabilities: cybersecurity competitions (confrontation, defensive exercises, and vulnerability discovery), “confrontation practices” (cyber range practice and actual network confrontation), and “crowd testing and incident response” (open security testing, software vulnerability awards, security competitions, and technology sharing).
What’s Next for China’s State Hackers?
In the coming years, the policies that led to the report’s “4+3 Method” are expected to produce a larger harvest of hackers than before. China’s hacking teams will no longer be dominated by the gun slingers of the past but instead will be managed by a bureaucracy that has matured over the last decade. As a result, there may be fewer clusters of activities and IOCs emanating from China, and they will be replaced by an ever-growing collection of uncategorized actors. This is due to the agencies managing these operations promoting stealth at scale, implemented by well-trained hackers.
In conclusion, the report suggests that China’s education system is producing more, better-prepared cybersecurity experts, and it advocates for students to gain more hands-on experience. It also highlights the continued expansion of China’s cybersecurity infrastructure and policies aimed at promoting the country’s cyber capabilities.
Despite China’s significant investments in its hacking capabilities, there are still fundamental truths about cyber conflict dynamics that constrain its operations. For instance, the exploitation of a vulnerability may impact one country more than another, depending on shared dependencies like the widespread use of Microsoft Windows. Chinese policymakers have long sought to foster a competitive operating system for the Chinese market to reduce mutual dependencies in hardware and software, but no viable options have emerged yet. However, if China delivers on its ambitions for a more self-contained computing ecosystem, it could change the landscape of competition. The development of such a system could increase the speed and persistence of operations, as compromise would no longer pose a risk of operational blowback. In the meantime, China has continued to invest in the education system to produce more and better-prepared cybersecurity experts, using policies like the “4+3 Method” of cyber confrontation skills and development. As a result, the country’s hacking teams are likely to be composed of an ever-growing collection of uncategorized actors, as the agencies managing these operations continue to promote stealth at scale, implemented by well-trained hackers. In the coming years, the policies that led to the “4+3 Method” will likely produce the harvest of hackers that the Chinese government aimed to create when Xi Jinping first came into power.
Don’t miss interesting posts on Famousbio