China’s cyber espionage surge in Australia: opportunism not punishment
31 Jul 2020|

One of the theories floated about China’s recent cyber espionage campaign against Australia is that it’s being used to punish us for banning Huawei from our future 5G networks and for introducing laws to combat foreign interference. Some in the UK expressed similar fears after the government’s decision to remove Huawei from the country’s telecommunications networks. But this cyber-operations-as-punishment theory is probably not correct. Although there has been a sustained increase in cyber activity targeting Australia, the Chinese state is not trying to punish us, or, if it is, it’s a misguided application of state power. If punishing Australia is a key foreign policy goal for Beijing, there are far cheaper and more effective ways to do that.

Historically, China’s cyber espionage targets have been closely aligned with its strategic technology goals. In addition to spying on governments and militaries—which many, if not all, countries do—the Chinese state has used cyber espionage to steal commercial intellectual property to further its technology goals. Recent Western victims of Chinese commercial intellectual property theft have often been in the technology sectors that feature in Beijing’s ‘Made in China 2025’ strategy, including next-generation information technology, biotechnology, advanced manufacturing and environmental technologies.

One well-documented example shows that the Jiangsu bureau of the China’s Ministry of State Security carried out a multi-year combined cyber espionage and intelligence-gathering campaign to steal technology used in making components for the domestic airliner being built by the Chinese state–owned aerospace company Comac. This reportedly included successful compromises of companies such as Ametek, Honeywell, Safran, Capstone Turbine and General Electric, each of which makes jetliner parts.

Technology acquisition is not merely a secondary priority for the Chinese state. Technology directly addresses a key Chinese Communist Party concern—the possibility of domestic unrest. By providing economic growth, and hence jobs and prosperity, technology acquisition reduces unemployment and discontent and therefore the risk of political instability.

Although China’s cyber espionage operations occur on a massive scale, they are still specialist capabilities and, crucially, they have large opportunity costs. Every hacker, unit, operation or campaign devoted to punishing Australia is effort diverted from addressing other key intelligence priorities, whether they be internal security matters (such as surveilling the Uyghur community or keeping tabs on domestic dissidents and the Hong Kong protest movement), external matters (such as monitoring international progress on Covid-19 treatments and vaccines), or normal military and government intelligence matters (such as those stemming from escalating tensions with the US).

In the midst of the Covid-19 pandemic that has cruelled the global economy, China is suffering its first economic contraction in 40 years. Given that Beijing is also responding to a combative and unpredictable US leadership while dealing with multiple challenges, including domestic perceptions of its own handling of the Covid-19 crisis, the current moment seems an unlikely time for ‘punishing Australia’ to be a key intelligence priority.

These circumstances also point to other, more plausible reasons for the increased activity that the Australian government has observed. It could be that the Chinese government, facing tremendous economic pressure during the Covid-19 pandemic, has altered its intelligence priorities and its collection agencies are scrambling to refocus their efforts. This could, for example, include a new focus on Covid-19 vaccine and treatment research. Another possibility is that the intelligence agencies are scrambling to take advantage of the heightened emotions surrounding the pandemic that provide fertile opportunities to use Covid-related themes for phishing attacks as fear and urgency override caution.

Using cyber espionage as punishment is also not a very clear or direct form of signalling. For the Australian government to understand the message, it would have to combine and correlate hundreds or thousands of potentially unrelated hacking incidents into what could be described as a ‘campaign’, track this campaign and assemble clues to determine the responsible party, and then apply professional judgement on the assembled data to ascribe a motive.

The Australian government has done the analytic work to convert incidents into a coherent campaign, but how exactly are officials meant to interpret a broad-based and widespread hacking campaign as punishment?

The process from our being hacked to the government understanding that we are being punished is simply too long and indirect—effective signalling should be clear, specific and timely, and using cyber operations as punishment is none of those.

In contrast, economic coercion—whether the leverage is import restrictions on commodities such barley, beef and coal, the threat to reduce Chinese student numbers in Australia, or even a potential Chinese consumer boycott of Australian products—sends a very clear message that the Australian polity receives loud and clear. Because these forms of economic coercion are overt, they have the additional benefit of mobilising interest groups to lobby government to ‘fix’ the China relationship. This approach has a huge advantage over covert cyber operations.

Public forms of economic coercion can, from a CCP point of view, be cheap or even costless. Threats to reduce student numbers, for example, cost nothing when international travel is extremely limited due to the pandemic. Similarly, the threat of a consumer boycott costs nothing to the Chinese government, and costs Chinese consumers only if it actually takes place.

Cyber operations have large opportunity costs and their typically covert nature means that they’re not well suited for punishment or deterrence. It is possible that Beijing is trying to punish us with cyber operations; not all actors in cyberspace are rational. But without firm evidence we shouldn’t uncritically accept this theory as it could blind us to the real motives of Chinese intelligence agencies.