Jack Detsch of The Diplomat asks, are we exaggerating China’s cyber threat?:
But China’s interest in developing cyber capabilities is political, not military, Lindsay argues, prompting incursions into foreign digitized space to suppress dissent, in the case of GitHub, or to steal secrets from adversaries. Even so, “lax law enforcement, and poor cyber defenses leave the country vulnerable to both cybercriminals and foreign spies,” Lindsay notes, suggesting that China struggles to use the information it comes away with for political gain. China’s successful campaigns target NGOs and private sector companies, and “do nothing to defend China from the considerable intelligence and military advantages of the United States.”
That doesn’t mean that the PLA isn’t busy playing catch-up. In a recent issue of The Science of Military Strategy, put out by the military’s chief research institution, analysts concede that the PLA indeed possesses network attack forces inside of intelligence and civilian wings of government, including the Ministry of State Security and the Ministry of Public Security. It suggests that the military will deal with critical infrastructure targets, like electrical grids and gas pipelines, while smaller, nimbler hacking units like Axiom, which has been suspected in intrusions against Fortune 500 companies and pro-democracy groups, will focus on industrial targets.
But making that leap will be challenging, and would force China to walk back its global positions on cybersecurity. Beijing hopes to become a leader on that front and has been heavily promoting its concept of “internet sovereignty” as the basis for international standards of behavior in cyber space. China wants to defend “internet sovereignty” at all costs. Any future cyber attack would probably be justified on those grounds.
Who actually believes China is playing catch-up in the cyber world?