China’s cybernetics at least a decade after the United States, finds a new study

China’s strengths as a cyber power are undermined by poor security and weak intelligence analysis, according to new research that predicts Beijing will not be able to match U.S. cyber capabilities for at least a decade. .

The study, released Monday by the International Institute for Strategic Studies, comes as a series of hacking campaigns have highlighted the growing threat of spy online from hostile states.

In December, U.S. officials discovered that Russia’s foreign intelligence service, the SVR, had hijacked SolarWinds software to penetrate government targets in Washington including the Commerce and Treasury departments. Three months later, Microsoft’s e-mail software was compromised by suspected pirates backed by the Chinese state to probe non-governmental organizations and U.S. think tanks.

IISS researchers have classified countries on a spectrum of cyber capabilities, from the strength of their digital economies and the maturity of their intelligence and security functions to the good that cyber structures have been integrated with. military operations.

China, like Russia, has demonstrated expertise in offensive cyber operations – conducting online spies, intellectual property thefts and disinformation campaigns against the US and its allies. But both countries have been held back by relatively poor computer security compared to their competitors, according to the IISS.

Consequently, only the United States is classified as a “first-rate” cyber power by the think-tank, with China, Russia, the United Kingdom, Australia, Canada, France, and Israel in the second level. The third level includes India, Indonesia, Japan, Malaysia, North Korea, Iran and Vietnam.

Greg Austin, an expert on cyber, space and future conflict at the IISS, said the media has focused only on the positive sides of China’s digital advancement – such as its aspirations to become a global leader. in artificial intelligence – they had contributed to an “exaggerated” perception of their cyber ability. “However, the development of skills for computer security in China is in a worse situation than in many other countries,” he said.

According to the report, Beijing’s focus on “content security” – limiting politically-subversive information on its national internet – may have diminished its focus on cleaning up the physical networks that carry it. . The IISS also suggested that China’s cyber intelligence analysis was “less mature” than that of the Five Eyes intelligence allies (United States, United Kingdom, Canada, Australia and New Zealand) because it was driven by ideology and “increasingly intertwined with… political goals” of communist party leaders.

Austin said the information age was a reform of global dynamics, so traditionally powerful countries like India and Japan had begun to lag behind in the third tier of cyber operators, while smaller countries as Israel and Australia had developed cutting-edge cyber skills that had propelled them to the second tier.

What distinguishes the United States at the first level, according to the IISS, is its unparalleled digital-industrial base, its cryptographic expertise, and its ability to execute “sophisticated, surgical” cyber strikes against adversaries. Unlike opponents such as China and Russia, the United States has also benefited from close alliances with other cyber powers, including its Five Eyes counterparts.

However, the United States and its allies were increasingly at risk of ransomware attacks – such as those in Colonial Pipeline and Ireland Health Service last month – by Russian criminal hackers who are not directed by the state but whose activities are apparently tolerated by the authorities.

Robert Hannigan, former director of the UK intelligence agency GCHQ and now a senior executive at cybersecurity company BlueVoyant, said he agreed with several IISS findings but asked how much Beijing and Moscow will be held back by weak cyber defenses.

“While it is true that cybersecurity is less developed in Russia and China, they need it less urgently than open Western economies,” Hannigan said. “The threat is not symmetrical: Western economies are besieged by Russia-based cyber criminal groups and tolerated or licensed by Russia – the same is not true in reverse.”

He added that, although Russia knew that the West would not indiscriminately run civilian critical infrastructure in a destructive manner, Russian agencies “are licensed to be reckless.” “This in turn requires higher levels of cyber security in the West,” he said.