Trade war could motivate China to trade hide and bide for attack and retaliate against US companies

Chinese cyberactivity against the U.S. has been at historic lows for the last five years. Multiple factors caused this precipitous decline.

  • Xi Jingping’s anti-corruption campaign wreaked havoc with military and civilian spy agencies’ traditional bases of power.
  • A diplomatic campaign crafted by the U.S. added significant friction to China’s international goals, increasing the costs of conducting this type of activity.
  • The units associated with cyberactivity were reorganized in the largest restructuring of the Chinese military in its history.
  • Increased pressure on traditional security concerns, forcing China to focus on more traditional, regional espionage, especially related to its maritime disputes.

As a result of these changes our ability to attribute Chinese hacking activity is also substantially degraded. Nevertheless, the latent capacity of China to hack is far greater than its current, observable, operational tempo. Even accounting for the increased sophistication and percentage of missed operations, China is not operating anywhere near its capacity from five years ago. China’s cyberprogram followed its traditional military into the hide and bide approach: reduce the use of hard power in an attempt to lull the world into forgetting about that capacity until the strategic time is right to demonstrate the nation’s strength.

How a trade war may lead to attacks against U.S. companies

That time could be nearing as the Trump administration continues to saber rattle over sanctions and starting a trade war. While China is responding in kind to the administration’s threats, the dagger hidden behind China’s back is far more dangerous than anything currently in the news. The latent cyber capacity is an emergent concern for cyber risk. The Chinese adhere to international norms as long as they benefit from them. However, China is a large enough country that it can take exception with the current system and brook no consequences for bucking the system.

One of the main points of contention for U.S. businesses looking to operate in China is the mandatory joint venture and subsequent transfer of intellectual property that is a prerequisite for operating there. This practice, while painful and tilting the field of technological advancement in China’s favor, is a bargain most companies are willing to make due to the large market size and potential profits. At the micro level, these arrangements are seen as win-win, albeit still a bitter pill for international companies.

China could determine that between the tariffs, the affront and market effects of the U.S. reneging on its pledge at the WTO to recognize China as a market economy and the general hostile stance the administration is taking on all things trade, the system is no longer advantageous to them. In that scenario, the easiest and most effective card for them to play is to unleash that latent cybercapacity on the U.S. private sector.

Currently, there is a quid pro quo for U.S. businesses. If China seeks to undermine the administration in business circles and demonstrate the ability to increase pain on U.S. consumers, it will institute a more orchestrated and deliberate technology transfer policy than the U.S. has experienced before using hackers to conduct it.

Our current cyberdetente is exceedingly fragile and is only maintained because it is in the interest of both parties to do so. There are no enforcement mechanisms that insure any level of compliance or penalize a change in behavior. A trade war will change that fundamental calculus. The structural factors underpinning the cyberrisk from Chinese actors against the private sector are going to rapidly change as tariffs and rhetoric increase or subside. Understanding the new face of Chinese capabilities and the individual sectors that are likely to be the first dominos for Chinese retaliation is the first step in mitigating this new found risk.

Ross Rustici
About the Author

Ross Rustici

Ross Rustici is Cybereason's Senior Director of Intelligence Services.