China’s strengths as a cyber power have been undermined by poor security and poor intelligence analysis, according to new research that predicts Beijing will be unable to match US cyber capabilities for at least a decade.
The study, published by the International Institute for Strategic Studies on Monday, is part of a series of hacking campaigns that have highlighted the growing threat of hacking. Internet Spy by hostile countries.
In December, US officials discovered that Russia’s foreign intelligence service, SVR, had hijacked SolarWinds to hack government targets in Washington including the Departments of Commerce and the Treasury. Three months later, Microsoft’s email program was hacked by suspected state-backed Chinese hackers to investigate American NGOs and think tanks.
IISS researchers ranked countries on a spectrum of cyber capabilities, from the strength of their digital economies and the maturity of their intelligence and security functions to the extent to which cyber facilities are integrated with military operations.
China, like Russia, has proven expertise in offensive cyber operations – conducting online espionage, intellectual property theft and disinformation campaigns against the United States and its allies. But both countries have lagged behind due to relatively loose cybersecurity compared to their competitors, according to IISS.
As a result, only the United States has been classified as a “tier one” cyber power by the think tank, with China, Russia, the United Kingdom, Australia, Canada, France and Israel in second place. The third layer includes India, Indonesia, Japan, Malaysia, North Korea, Iran and Vietnam.
Greg Austin, an expert on cyber, space, and future conflict at the International Institute for Strategic Studies, said media reports that focus solely on positive aspects of China’s digital advancement — such as its aspirations to become a world leader in artificial intelligence — have contributed to an “exaggerated” realization of its cyber prowess. . “By all accounts, cybersecurity skills development in China is in a worse position than in many other countries,” he said.
According to the report, Beijing’s focus on “content security” – limiting politically disruptive information on the domestic Internet – may have reduced its focus on monitoring the physical networks that transmit it. The International Institute for Strategic Studies also noted that China’s analysis of electronic intelligence was “less mature” than that of the Five Eyes allies (the United States, the United Kingdom, Canada, Australia and New Zealand) because it was driven by ideology and “increasingly involved with it . . . the political goals” of Communist Party leaders. .
Austin said that the information age is reshaping global dynamics, so traditionally powerful countries such as India and Japan are starting to lag behind in the third tier of Internet operators, while smaller countries such as Israel and Australia have acquired sophisticated cyber skills that have pushed them into the second tier.
What distinguishes the United States in the first tier, according to the IISS, is its unparalleled digital industrial base, its cryptographic expertise and the ability to carry out “complex and surgical” electronic strikes against adversaries. Unlike its adversaries such as China and Russia, the United States has also benefited from close alliances with other cyber powers, including its Five Eyes partners.
However, the United States and its allies have been increasingly vulnerable to ransomware attacks – such as those on colonial pipeline And the health service in ireland Last month – by Russian criminal hackers who are not under the direction of the state but whose activities appear to be tolerated by the authorities.
Robert Hannigan, a former director of the British intelligence agency GCHQ and now a senior executive at cybersecurity firm BlueVoyant, said he agreed with many of the institute’s conclusions, but questioned how far behind Beijing and Moscow were due to weak cyber defenses.
“While it is true that cybersecurity is less developed in Russia and China, they need it less urgently than in open Western economies,” Hannigan said. “The threat is not the same: Western economies are besieged by and tolerated or authorized by Russia-based cybercriminal groups – the same is not true vice versa.”
He added that while Russia knew that the West would not indiscriminately target critical civilian infrastructure in a destructive manner, Russian agencies “have a license to be reckless.” “This in turn requires higher levels of cybersecurity in the West,” he said.