The latest revelations surrounding the Chinese cyberespionage group “Axiom” have once more highlighted the increasing tensions between the United States and the People's Republic of China (PRC) in cyberspace. According to a recently published report by a group of cybersecurity researchers spearheaded by Novetta Solutions, a U.S. based cybersecurity firm, the Axiom hackers have displayed some of the most sophisticated cyberespionage tactics ever to emerge from China. Over a period of more than four years the hacker group infiltrated around 43,000 computers worldwide infecting a vast array of targets ranging from individuals to corporations as well as government institutions.
“Novetta has moderate to high confidence that the organization-tasking Axiom is a part of Chinese Intelligence Apparatus. This belief has been partially confirmed by a recent FBI flash released to Infragard stating the actors are affiliated with the Chinese government,” states the report cautiously in its key findings. The circumstantial evidence (e.g., an analysis of Axiom targets) makes a compelling case that the Chinese state security apparatus is almost certainly involved in the activities of Axiom.
The Chinese Embassy in Washington D.C. stuck to its now already well-known script when it comes to cyberespionage charges and diligently denied any involvement emphasizing that, “judging from past experience, these kinds of reports or allegations are usually fictitious.” Other official statements and comments in Chinese state-run newspapers were to the same effect denying any Chinese wrongdoing and seeking refuge in counter-allegations often summarized in a single name – Edward Snowden.
The U.S. private sector has repeatedly voiced its discontent with the slow response of the Obama Administration to Chinese cyberattacks. “I think the White House needs to do more from the diplomatic side and other pieces of this to call out this bad behavior,” underlines one U.S. private sector representative. Nevertheless, the past has shown that “naming and shaming” Chinese attackers does not alter their behavior. After the U.S. Justice Department's indictment of 5 PLA officers on cyberespionage charges in May 2014, China – according to the 2014 Mandiant Report – has even expanded the scope of its cyber operations.
From open-source intelligence the Novetta report appears to be only vicariously part of the U.S. “naming and shaming” campaign against China. The report is meant to be a shot across the bow trying to signal China to slow down its massive espionage activities in cyberspace. While the Chinese public response was predictable, the disclosures nevertheless created a diplomatic tabula rasa (“Ok, let's agree that we both engage in similar behavior and let's move past it.”) in order for both China and the United States to negotiate cybersecurity issues on a level playing field in the near-term future. The report publicly conveys the message that China is engaging in ostensibly similar behavior to what the Chinese government – propped up by the Snowden revelations – is continuously criticizing the U.S. side of.
Before the revelations of the Novetta report, Chinese state counselor Yang Jiechi emphasized: “Dialogue and cooperation between China and the U.S. in the field of cybersecurity is faced with difficulty due to the wrong actions taken by the American side. The American side should take positive actions so as to create conditions for the restart of dialogue and cooperation between the two countries in the field of cyber security.” However, after the release of the report Lu Wei, head of the State Internet Information Office characterized the U.S.-China dialogue on cybersecurity as “unhindered” and furthermore argued that both countries had “differences but also commonalities”. Consequently it is fair to assess that the Axiom disclosures have caused the PRC to somewhat ease up its uncompromising rhetoric vis-à-vis the United States on cyberespionage.
Chinese President Xi Jinping and U.S. President Barack Obama are scheduled to meet informally in November 2014 to discuss pressing bilateral issues. The meeting will be a follow-up to the Sunnylands summit held in June 2013. Cybersecurity was one of the most contentious issues at the 2013 summit. Back then, President Xi Jinping pledged to solve concerns over cybersecurity in a “pragmatic way” and both countries agreed to cooperate more closely on the legal aspects involving norms and laws in cyberspace. Yet, little has happened since then and the bilateral relationship has markedly suffered from the lack of engagement on cybersecurity issues in the last few months – mostly due to the Snowden leaks.
While the actual impact of the Novetta report on making U.S. systems more secure from Chinese attacks in the long run will be negligible on the diplomatic front, the recent Axiom revelations will allow the U.S. government to press the Chinese side harder on contentious cybersecurity issues. As I have written in the past (“It is China's Turn To Act!”), the United States has clearly signaled that Washington is interested in a de-escalation of tensions in cyberspace. However, this approach has gained no traction so far due to the diplomatic fallout largely caused by the NSA scandal.In that sense the timing of the report could not have been more fortunate since, despite the obvious accusatory nature of the Novetta findings, the report – by leveling the diplomatic playing field as outlined above – could in fact have the reverse effect and make both sides more amendable to cooperation in cyberspace in the weeks ahead.