US Intelligence Ranks China as Top National Security Threat
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Beijing Regularly Employs Cyber Operations and Economic Espionage, Assessment Warns Mathew J. Schwartz (euroinfosec) • March 9, 2023 A lion statue watches over the Forbidden City in Beijing. (Image: Shutterstock)
The Chinese government’s geopolitical ambitions and willingness to use cyber operations to achieve them pose one of the largest threats to U.S. national security, the U.S. intelligence community warns.
See Also: OnDemand | Navigating the Difficulties of Patching OT
“China probably currently represents the broadest, most active and persistent cyberespionage threat to U.S. government and private-sector networks,” says the latest annual report of worldwide threats to the national security of the United States, published by the Office of the Director of National Intelligence.
Every year, the U.S. intelligence community prepares the joint assessment, detailing the most direct and serious threats expected over the next year.
As in recent years, the four countries cited in the latest assessment as having the biggest potential to disrupt U.S. national security are China, Russia and, to a lesser extent, Iran and North Korea. Transnational organized crime, including ransomware syndicates, continue to pose a major threat, not least because of their ability to disrupt critical infrastructure, including healthcare (see: US Cybersecurity Strategy Doubles Down on Hitting Ransomware).
Predicting the precise geopolitical risks facing the United States and its allies is an increasingly complex exercise, exacerbated by the impact of the novel coronavirus pandemic, the economic downturn and Russia’s illegal and unprovoked full-scale invasion of Ukraine, to which experts say the Kremlin has devoted the majority of its cyber operations.
Testifying before Congress on Wednesday, when an unclassified version of the annual report was released, Director of National Intelligence Avril Haines said the threat posed by China is paramount.
“The People’s Republic of China, which is increasingly challenging the United States economically, technologically, politically and militarily around the world, remains our unparalleled priority,” she told the Senate Intelligence Committee.
The U.S. perspective echoes that of its allies. Last October, Jeremy Fleming, who heads Britain’s intelligence and cyber agency, GCHQ, warned that China’s increasing power is the “national security issue that will define our future.”
Chinese Cyber Operations
The big-picture challenge with China, the report says, is its “capability to directly attempt to alter the rules-based global order in every realm and across multiple regions, as a near-peer competitor that is increasingly pushing to change global norms and potentially threatening its neighbors.”
The U.S. intelligence report also singles out Beijing for its willingness to use cyber operations and economic espionage to advance its domestic technology capabilities and knowledge and as a domestic and foreign lever to expand the Chinese Communist Party’s “technology-driven authoritarianism globally.”
The country controls key supply chains – for batteries, critical minerals, pharmaceuticals, less advanced semiconductors and solar panels – which Chinese President Xi Jinping in 2020 said the country wouldn’t hesitate to use for economic and political gain if required. The intelligence assessment says that this could include cutting off supply to other countries in a time of crisis.
From a military standpoint, China is prepositioned in multiple U.S. critical infrastructure networks, including oil and gas pipelines and railway systems, and wouldn’t hesitate to disrupt them if it faced an imminent conflict, the report warns.
Beijing also continues to use cyberattacks on an industrial scale. “China’s cyberespionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack or influence operations,” it says.
Russia Also a ‘Top Cyber Threat’
After China, the intelligence community assesses that Russia remains the biggest threat to U.S. national security.
“Although its cyber activity surrounding the war fell short of the pace and impact we had expected, Russia will remain a top cyber threat as it refines and employs its espionage, influence and attack capabilities,” the report says (see: Major Takeaways: Cyber Operations During Russia-Ukraine War).
“Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions” and won’t hesitate to use them, the report adds. Moscow often acts when the cost of doing so is low, it wishes to exploit a power vacuum, or President Vladimir Putin sees a threat to his leadership that cyber operations could help deter. Those could be influence operations against allies, including attempting to interfere in Western elections, such as the 2022 U.S. midterm elections, the report says.
Maintaining the ability to target critical infrastructure – including industrial control systems and underwater cables – used by the U.S. and its allies remains a Russian government priority, the report says, “because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.”
Tracking Iran and North Korea
Rounding out the top four national threats, Iran has “growing expertise and willingness to conduct aggressive cyber operations” against nations with stronger capabilities, including the U.S. and allies such as Israel, the report says.
North Korea, meanwhile, continues to use cyberattacks, social engineering and cryptocurrency heists to help it steal money to evade sanctions, as well as knowledge, both of which it uses to develop missiles and weapons of mass destruction, as the United Nations continues to warn. Cybercrime experts say 2022 was a banner year for Pyongyang, during which a single heist netted North Korean hackers $625 million in cryptocurrency.
In addition, the report says that “Pyongyang probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States.”