Analysis: China seeks cyber superpower status

The Chinese cyber ecosystem is characterised by its exceptional scale. China has developed its cyber operational capabilities to a level at which its cyber resources are many times greater than those of most Western countries. This is the outcome of long-term work that has been ongoing for a decade, harnessing the Chinese information technology and cybersecurity sectors to maximise state cyber capabilities through centralised control and legislation.

The ambition to achieve technological superpower status has served as a goal for developing the Chinese cyber ecosystem. China applies its operational capabilities as an instrument of political and economic influencing and intelligence gathering, and of internal and external control. Economic influencing enables China to improve its own conditions for cyber operations abroad, while also enhancing its ability to apply economic influence through cyber operations.

The scale of Chinese cyber espionage has grown significantly in recent times, leading to large-scale theft of politically and economically important information. Chinese cyber operations evolve continually, using increasingly advanced methods. State cyber operations no longer focus solely on information gathering, but actively seek to create opportunities for cyber influencing by such means as penetrating Western critical infrastructure.

Chinese cyber ecosystem investments have fundamentally reshaped the field of cybersecurity, and now pose a significant threat to the national security and stability of Finland and other Western countries. Western countries are facing an increasingly complex challenge in which China is able to make extensive and flexible use of all resources in the cybersecurity sector to achieve its economic, political and military objectives.

The Chinese Communist Party and intelligence agencies at the core of the cyber ecosystem

In the same way as Russia and many other countries, China has also centralised cyber regulation and coordination directly under top-level national government. This means that the Chinese Communist Party plays a significant role in guiding the cyber sector. Committees specialised in cyber governance direct national cyber strategies while seeking to align cyber norms and standards of the international community with Chinese national interests through traditional diplomacy. The state leadership can directly guide offensive cyber operations by intelligence agencies.

Laws, statutes and technological standards not only guide the principal policies of cybersecurity education, research and information management, but also require cyber organisations and individuals to support intelligence and espionage operations that serve the interests of China. In addition to all of this, Chinese public authorities apply financial incentives to guide the private sector in developing services, software, and hardware that meets the needs of intelligence operations.

Centralised control and legislation have enabled China to assemble various domestic operators into a unique cyber ecosystem around its agencies and intelligence services. For example, private sector contributes to Chinese intelligence by providing infrastructure and tooling for cyber operations.

China has also managed to create incentives for malicious cyber activity, with private contractors carrying out intrusions and cyber espionage operations independently, in line with the interests of intelligence agencies. Front companies masquerading as information security operators also play a prominent role in Chinese international cyber espionage operations.

China's cyber ecosystem could also give it an edge in any conflict, as a diverse network of cyber operators can not only swiftly generate cyber operational capabilities as the need arises, but also provide preventative or deterrent protection against anti-China activities.

China integrates the education, research and business sectors into cyber operations

The Chinese cyber ecosystem extends strongly into education and research. The state finances research by Chinese universities and research organisations into information security vulnerabilities and cyber warfare. China collects intelligence on vulnerabilities into a national vulnerability database, from which it is immediately available to security and intelligence services.

While providing generous support to students departing for foreign universities, China imposes funding conditions that require these students to return to China for a specified period after completing their studies. Simultaneously China limits opportunities for its own security researchers to attend international security events and competitions to prevent the sharing of identified vulnerabilities with a wider audience. It has instead invested heavily in national information security events arranged jointly between state institutions and private sector operators that serve as forums for mapping technological capabilities and talent.

China leverages its education sector to address the deficit of cybersecurity professionals identified in its cybersecurity strategy by increasing cybersecurity-focused education programmes. Individual Chinese universities have also directly supported the cyber espionage operations of Chinese intelligence agencies through cultivating and procuring possible targets and vulnerabilities for exploitation, and through innovation, development and expertise in cyber methods. Both national information security events and universities serve as recruitment platforms for the security and intelligence services.