Strategic Implications of the PRC Cyber Threat

By Seth Poling, University of Chicago

Introduction 

Cyberspace has become embedded in the fabric of large swaths of the globe. Individual actors, groups, and governments use cyberspace to store, process, and transmit billions of data points daily. Some of these data are more valuable than others. Consider a firm’s research and development blueprints for a new automobile or aircraft, or an organization’s proprietary software that enables it to operate more efficiently than its peers. Such intellectual property can provide private actors with real advantages in the marketplace. Taken together, this knowledge is the lifeblood of modern economies. This is not a hypothetical concern: countries that connect to cyberspace have seen a dramatic rise in income and productivity.^[1] However, the downside is that this data is also vulnerable to espionage or outright theft by state-sponsored cyber actors. 

Argument

This analysis concentrates on one of the most notorious state actors in cyberspace: the People’s Republic of China. My theory is that the PRC employs aggressive cyber techniques, tactics, and procedures for strategic advantage in the international system. To demonstrate this, I will focus on one likely target of PRC aggression located in the United States. This theory will be corroborated by examining a single distinct event from the unique Dyadic Cyber Incident and Campaign Dataset (DCID) involving a Chinese state-sponsored cyber intrusion into American defense firms, among others, to gain access to American military drone technology. The DCID is a quantitative dataset of roughly 430 cyber incidents between rival state actors–which a more detailed explanation will come later. 

Strategic advantage and the cyber campaign

Before analyzing the dataset, it is imperative to describe what strategic advantage is and how it can impact the global distribution of power. According to cybersecurity scholars Richard Harknett and Max Smeets, strategic advantage is “an outcome in which a relative change occurs in the bilateral, regional or global distribution of power in the favor of the actor engaged in the cyber campaign.”^[2] Although there are a variety of ways to measure international power, economic and military factors will be the focus for this analysis. It is also worth acknowledging that no single PRC cyber intrusion will necessarily shift the distribution of power in its favor.^[3] Framing each PRC intrusion cumulatively in terms of a campaign–a continuous set of cyber and non-cyber actions–can have strategic effects that impact power balances. As Emily Goldman says, “gains in cyberspace are cumulative.”^[4] As I argue, the Chinese Communist Party’s goal is to shift military and economic power in its favor through a sequence of cyber campaigns aimed at commercial and defense organizations in the United States. 

CCP’s ambitions for emerging industries 

Xi Jinping and other CCP leaders want to control cyberspace to protect national security; Xi has consistently said that “without cybersecurity, there is no national security.”^[5] This policy stance is about staying in power and protecting institutions and assets, but it signifies how important cybersecurity is to CCP leadership. Chinese cyberspace must be defended, as Xi says, but what he does not say is the extent and scale of CCP-sponsored cyber activities targeting not only American organizations but those around the world for strategic resources.^[6] The CCP uses cyberspace to steal key technologies and catch up in developed industries.

The Chinese Communist Party is seeking to gain strategic advantage in a number of key technologies and critical industries of the future in order to catch up and surpass the West.^[7] Numerous Communist Party plans, including Made in China 2025, and Space Science & Technology in China: A Roadmap to 2050, and the Fourteenth Five-Year Plan, have outlined key industries as priorities to gain market share in. They envision global dominance in alternative energy, biotechnology, and advanced semiconductors. Emerging technologies like artificial intelligence and quantum information systems are also on the list.^[8] China, through the Ministry of State Security and People’s Liberation Army, employs offensive cyber operations as a strategic tool against foreign targets that possess strengths in these fields. In essence, the CCP deploys aggressive cyberspace techniques to steal foreign technologies in order to reach economic parity with advanced economies, like the U.S., which enables it to erode pre-existing economic and security strengths.

Case study: Chinese cyber operations 

It can be argued that one reason the US-China relationship has become increasingly competitive and, at times, adversarial is because of the CCP’s behavior toward American corporations in cyberspace. Unlike the massive military buildup and development of nuclear weapons between the US and the Soviet Union during the Cold War, the competition between the US and China during the twenty-first century will be about shaping the rules and standards of international commerce and new discoveries in science and technology.^[9] Crucially, the country that is able to translate these discoveries into real-world applications at scale, and set global standards for their use will have an edge in the remainder of this century. This is not to suggest that military power will be less of a concern between both countries during this century. Instead, as Joseph Nye writes, employment of military force may be less likely given the complex US and China interlinkages that would make it costly for either to attack the other.^[10] 

Dataset event selection process 

Accordingly, I selected an event from version two of DCID in order to illustrate the PRC’s objectives. DCID focuses on rival states and contains a record of 429 cyber incidents in total. According to the DCID codebook, each pair of rival states engaged in cyber conflicts has “two states involved, on opposite sides of the cyber incidents and campaigns.”^[11] The pair this analysis focuses on is the U.S. and China. I came to these pairings after filtering for key attributes in the dataset through a three-step structured procedure. First, I identified China as the initiator state (710) and found the pair column for US-China (2710). Second, I filtered for cyber objectives that met the criteria for strategic advantage, which the dataset codes as short-term espionage (2) and long-term espionage (3). These cyber objective variables are arguably the most important, given that these events most closely match the definition of strategic advantage mentioned previously. 

The codebook defines the cyber objective of short-term espionage as access to and leverage of “critical information for an immediate advantage.”^[12] On the other hand, the long-term espionage objective is defined as seeking to “manipulate the decision-calculus of the opposition far into the future through leveraging information gathered during cyber operations to enhance credibility and capability.”^[13] By filtering the dataset using this dyad, these two cyber objectives offered a sufficient amount of events to choose from. The final step of selecting specific cyber events was more subjective, but an attempt was made to ensure that the events chosen covered both military and economic entities. 

Incident analysis

Operation BeeBus proves this point, as it has both economic and military implications. From 2011 until their detection in 2013, Chinese state-backed cyber actors infiltrated the networks of several American aerospace and defense firms for defense technology. They pursued intellectual property related to military drones in particular. The cyber actors gained initial access by sending phishing emails with malware-infected PDF and Word attachments that appeared legitimate, according to a 2011 FireEye report.^[14] Based purely on their titles, the files would seem legitimate to an ordinary defense employee, but they were not. After opening one of these files, a DLL injection attack–instead of launching from an executable file–allowed the malicious actors to control the target machines via an encrypted command-and-control (C2) server. The C-2 server enabled the attackers to exfiltrate the intellectual property in chunks over a timeline of several months. 

The PRC cyber group said to be responsible for Operation BeeBus is Advanced Persistent Threat 10 (MenuPass, Red Apollo, or StonePanda) and it has direct links to the Chinese Ministry of State Security’s Tianjin Bureau.^[15] As mentioned, APT 10 was tasked with obtaining American drone technology information.^[16] According to China cyber analyst Adam Cozy, such a tasking is likely to come from the Comprehensive Planning Department of the State Administration of Science, Technology and Industry for National Defense (SASTIND).^[17] SASTIND is responsible for overseeing China's defense industry, supporting universities, defense conglomerates, nuclear programs, and major research projects, while playing a central role in implementing military-civil fusion by funding defense research and laboratories at universities. More will come later about SASTIND and its ties to certain Chinese universities that have been implicated in supporting Chinese cyber activities against the United States. 

Based on open-source reporting on the similarities between Chinese and American drones around the time frame of the intrusions, it would appear as if they were at least targeting General Atomics’ MQ-1 Predator and MQ-9 Reaper drones.^[18] And for the Predator and Reaper, the PLA Air Force’s Wing Loong 1 and Wing Loong 2 (Pterodactyl) each appear comparable, respectively.^[19] Obviously, these two Chinese drones were not copied to look one hundred percent like their American competitors, but the similarities that do exist are striking. 

Besides the physical similarities, we can also investigate the relationships between the defense designer of the Pterodactyl series, the civilian Chinese academic universities, and the Chinese security services—all of which play a role in the CCP’s “military-civil fusion”^[20] strategy. In brief, the aim of the initiative is not only about military enhancements but also productivity returns and achieving deep fusion between civilian and defense sectors through the optimization of national resource allocation.^[21]  Thereby, very little distinction exists between state-owned defense enterprises and traditionally private firms. Some of these ties likely played a supporting role in Operation Beebus. 

To understand which connections may have contributed to BeeBus, the first place to start is with the state-owned Chengdu Aircraft Design Institute (CADI) which is responsible for designing the Wing Loong I and Wing Loong II drones. CADI is a subsidiary of the Aviation Industry Corporation of China, which is supervised by the State-owned Assets Supervision Administration Commission and the Ministry of Industry and Information Technology (MIIT) which coordinates with SASTIND. 

Both AVIC and CADI are instruments of the state and have ties to Chinese universities that are known for supporting Chinese state-backed cyber operations against entities located in the United States. One connection that stands out is CADI’s close relationship with the University of Electronic Science and Technology of China on science and technology projects.^[22] While not directly related to BeeBus, it has been reported that UESTC had enabled several hacking campaigns against the Dalai Lama and other Indian targets.^[23] UESTC is also a university that the PLA recruits significant cyber talent from. 

Long-term implications 

While the PRC could have invested the resources and time to build its own military drones from scratch, it is difficult to imagine they would have come up with such a similar set of designs as their American aerospace counterparts. Indeed, since this specific Chinese cyber intrusion was reported, the PRC has built an arsenal of military drones for its Navy, Army, and Air Force.^[24] Although the PLA has not deployed their drones into combat, they have exported their drones to third-party countries.^[25] Over the last two decades, the PRC has become one of the largest exporters of armed drones (including Wing Loong 1 and 2). They have surpassed the United States, primarily because the U.S. does not engage in the export of its military drones in compliance with the Missile Control Technology Regime.^[26]  

According to the SIPRI Arms Transfers Database, Chinese exports of the Wing Loong 1 and 2 have gone primarily to countries in the Middle East and Africa. Saudi Arabia and the United Arab Emirates stand out, given their status as long-time buyers of mostly American defense equipment.  Yet both nations have become repeat customers of the Pterodactyl series over the last two decades. In 2011 and 2017, the UAE ordered 25 Wing Loong ones and 15 Wing Loong twos, respectively. While the Saudis purchased 15 Wing Loong ones in 2014, and 50 Wing Loong twos in 2017. See Table 1 below:

Conclusion 

The PRC’s theft of American drone technology and the consequent exportation of their modified versions have strategic implications for American defense technology firms' competitiveness in third-party countries that have broader implications for U.S. security in this region. While larger American defense sales remained intact over this period, the United States did not sell military drone technology to either of these countries to compete against Chinese offerings for defense advantage with key partners.^[27]Granted, most Chinese military drones are roughly half the price of their American counterparts, the PRC has proven that it is an able and reliable supplier at scale, and it is doing so while the U.S. is not.^[28] Not pushing back on Chinese drone sales by offering American alternatives was a missed opportunity to shift the regional supply chain of this niche weapon system away from the People’s Republic of China. Depending on the effectiveness of the Chinese Wing Loong variants for Saudi and Emirate defensive needs, American defense relationships may be weakened as a result. Thus, this Chinese cyber intrusion into U.S. defense corporations illustrates how the former’s use of cyber has had military and economic consequences that extend beyond the digital space. 

Endnotes

[1] McKinsey Global Institute, "The Great Transformer: The Impact of the Internet on Economic Growth and Prosperity," October, 2011, https://www.mckinsey.com/~/media/McKinsey/Industries/Technology%20Media%20and%20Telecommunications/High%20Tech/Our%20Insights/The%20great%20transformer/MGI_Impact_of_Internet_on_economic_growth.pdf.

[2] Richard J. Harknett & Max Smeets (2022) Cyber campaigns and strategic outcomes, Journal of Strategic Studies, 45:4, 534-567, DOI: 10.1080/01402390.2020.1732354. 543

[3] Emily O. Goldman, "Paradigm Change Requires Persistence - A Difficult Lesson to Learn," The Cyber Defense Review 7, no. 1 (Winter 2022): 113-118, https://cyberdefensereview.army.mil/Portals/6/Documents/2022_winter/12_Goldman_CDR_V7N1_WINTER_2022.pdf?ver=V_keOtRV1ZmFFOueR_iuzA%3d%3d. 115.

[4] Goldman, “Paradigm Change,” 118. 

[5] Xi Jinping, “Speech at the National Cybersecurity and Informationization Work Conference” (《在全国网络安全和信息化工作会议上的讲话》), April 20, 2018, in Excerpts from Xi Jinping’s Discussions on Strengthening the Country through the Internet (习近平关于网络强国论述摘编), edited by Central Literature Publishing House, Beijing, 2021, 97–98. Translation

[6] Kelli Vanderlee, "China's Capabilities for State-Sponsored Cyber Espionage," testimony before the U.S.-China Economic and Security Review Commission, February 17, 2022, https://www.uscc.gov/sites/default/files/2022-02/Kelli_Vanderlee_Testimony.pdf. 2. 

[7] Rush Doshi, "China's New National Security Laws: Risks to American Companies and Conflicts of Interest," testimony before the U.S. Senate Committee on Homeland Security and Governmental Affairs, September 24, 2024, https://cdn.cfr.org/sites/default/files/report_pdf/Testimony-Doshi-2024-09-24.pdf. 2.

[8] Karen M. Sutter, "Made in China 2025 Industrial Policies: Issues for Congress," Congressional Research Service, August 11, 2020, https://crsreports.congress.gov/product/pdf/IF/IF10964/6; Barry Naughton, "Industrial Policy in China," CECHIMEX, 2021, Chapter 4, https://www.ucigcc.org/wp-content/uploads/2023/12/Naughton2021_Industrial_Policy_in_China_CECHIMEX-All.pdf

[9] Michael J. Mazarr, "A Vision of Success in the U.S.-China Rivalry: The Technological Competition," in Jude Blanchette, Defining Success: The Future of U.S.-China Relations, Center for Strategic and International Studies, October 2024, https://csis-website-prod.s3.amazonaws.com/s3fs-public/2024-10/241007_Blanchette_Defining_Success.pdf?VersionId=yR31S.Kz.s59S_SF3LMkvhSDBiYBg99n. 67

[10] Joseph Nye, "Cyber Power," Harvard Kennedy School, Belfer Center for Science and International Affairs, May 2010, https://www.belfercenter.org/publication/cyber-power. 17. 

[11] Maness, Ryan C., Brandon Valeriano, Kathryn Hedgecock, Benjamin M. Jensen, and Jose M. Macias. 2022. “The Dyadic Cyber Incident and Campaign Dataset,” version 2.0, available at: https://drryanmaness.wixsite.com/cyberconflcit/cyber-conflict-dataset. 1.

[12] Manness, et. al, “The Dyadic Cyber,” 7.

[13] Manness, et. al, “The Dyadic Cyber,” 7.

[14] FireEye, Inc., "Advanced Threat Report - 2H 2012," https://icscsi.org/library/Documents/Threat_Intelligence/FireEye%20-%20Advanced%20Threat%20Report%20-%202H-2012.pdf. 12-17.

[15] FireEye, Inc., "Advanced Threat Report,” 16.

[16] U.S. Department of Justice, "Two Chinese Hackers Associated with Ministry of State Security Charged with Global Computer Intrusion Campaigns," https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion.

[17] Edward Wong, "Hacking U.S. Secrets, China Pushes for Drones," New York Times, September 20, 2013, accessed November 9, 2024, https://www.nytimes.com/2013/09/21/world/asia/hacking-us-secrets-china-pushes-for-drones.html.

[18] U.S. Air Force, "PLA's Unmanned Aerial Systems," August, 2018, https://www.airuniversity.af.edu/Portals/10/CASI/documents/Research/PLAAF/2018-08-29%20PLAs_Unmanned_Aerial_Systems.pdf. 19-20.

[19] Ian Easton and L.C. Russell Hsiao, "The Chinese People's Liberation Army's Unmanned Aerial Vehicle Project: Organizational Capacities and Operational Capabilities," Project 2049 Institute, March 11, 2013, https://project2049.net/wp-content/uploads/2018/05/uav_easton_hsiao.pdf. 8. Although Ian and Russell mention similarities between the U.S.’s Predator and Wing Long 1, they do also mention that the Chengdu Aircraft Design Institute was also working on an unknown UAV platform (at the time) “comparable to the U.S. Global Hawk.”

[20] Bitzinger, Richard A. "China's Shift from Civil-Military Integration to Military-Civil Fusion." Asia Policy 16, no. 1 (2021): 5-24. https://dx.doi.org/10.1353/asp.2021.0001.

[21] Air University. "China's Military-Civil Fusion Strategy,” 2020. https://www.airuniversity.af.edu/Portals/10/CASI/documents/Research/Other-Topics/2020-06-15%20CASI_China_Military_Civil_Fusion_Strategy.pdf. 8.

[22] University of Electronic Science and Technology of China News Center [电子科技大学新闻中心], "School leaders investigate Chengdu Aircraft Design Institute of Aviation Industry [校领导调研航空工业成都飞机设计研究所]," 18 February 2021, https://news.uestc.edu.cn/?n=UestcNews.Front.Document.ArticlePage&Id=78969 

[23] Shadows in the Cloud: Investigating Cyber Espionage 2.0, F-Secure, https://www.f-secure.com/weblog/archives/Shadows_In_The_Cloud.pdf.

[24] China Power Team. "Is China at the Forefront of Drone Technology?" China Power. May 29, 2018. Updated August 25, 2020. https://chinapower.csis.org/china-drones-unmanned-technology/ 

[25] China Power Team, "Is China at the Forefront of Drone Technology?" 

[26] China Power Team. "Is China at the Forefront of Drone Technology?" 

[27] For instance, from 2011 to 2015, Saudi Arabia and the United Arab Emirates sourced 46% and 65% of their total defense systems from the United States, respectively. This reliance increased between 2016 and 2020, with the United States supplying 79% of Saudi Arabia's and 64% of the United Arab Emirates' total defense systems. See table 2 of Aude Fleurant, Sam Perlo-Freeman, Pieter D. Wezeman, and Siemon T. Wezeman, "Trends in International Arms Transfers, 2015," SIPRI Fact Sheet, February 2016, https://www.sipri.org/sites/default/files/SIPRIFS1602.pdf; table 2 of Pieter D. Wezeman, Alexandra Kuimova, and Siemon T. Wezeman, "Trends in International Arms Transfers, 2020," SIPRI Fact Sheet, March 2021, https://www.sipri.org/sites/default/files/2021-03/fs_2103_at_2020_v2.pdf

[28]  Jon Gambrell and Gerry Shih, "Chinese Armed Drones Now Flying Over Mideast Battlefields. Here’s Why They’re Gaining on US Drones," Military Times, October 3, 2018, https://www.militarytimes.com/news/your-military/2018/10/03/chinese-armed-drones-now-flying-over-mideast-battlefields-heres-why-theyre-gaining-on-us-drones/.