The main purpose of China’s new Five Year Plan (FYP), which was published in March 2021 and is the fourteenth since the first FYP published in 1953, is to frame China’s social and economic goals over the next five years. The language in the plan appears to revolve around internal innovation, research and development.
But behind the more public focused declarations of economic, infrastructure and technology goals, is a second, more international strategy. This is to simultaneously reduce foreign leverage over Chinese interests, while also expanding and deepening Chinese social, political, and economic influence internationally. It is this strategy that will drive decisions over what nation states and sectors will be targeted by cyber operations.
It is also likely that the Chinese Communist Party (CCP) will focus China’s cyber activity on steering, blocking, and undermining core global economic activity such as mergers and acquisitions and supply chain activity, to further extend China’s influence and undermine western efforts. Looking further ahead, it is highly likely that this strategy will be more focused on moving the global community away from western technologies, systems and institutions and towards promoting Chinese solutions instead. The attempted largescale rollout of Huawei products is a good example of this strategy in action.
Dealing with the Five Poisons
Both socially and politically, the CCP’s priorities are heavily influenced by a desire to ‘deal’ with the so-called ‘Five Poisons’. These are:
- the Uyghurs (the mostly Muslim ethnic minority living in the Xinjiang region of China) and the associated independence movement,
- Tibetan independence movement, the pro-democracy movement within China and Hong Kong,
- proponents of Taiwanese independence, and
- the Falun Gong religious movement founded in 1992.
If the CCP is to be successful, it will also need to change and control the narrative around how it is handling these groups. Currently, the CCP is losing the battle against the West in this regard, with the world fully aware of how the CCP is mistreating the likes of the Uyghurs and dissidents in Hong Kong.
Although the tactic is more typically associated with Russian threat actors, Chinese actors will use cyber intrusions to facilitate ‘information operations’, via the leaking of stolen information in addition to continued abuse of social media to steer their own reporting. But how is this likely to manifest in practice? The tempo and scale of Chinese cyber activity will almost certainly continue to match the size and scale of the CCP’s ambitions. While the priority will be on information collection and pre-positioning, information operations and even disruptive operations are likely to play a part in the medium-to-long term.
The collection of intellectual property and corporate intelligence is essential to bolster political and economic competitiveness in key sectors and regions. This means it is likely that targeting will be directed at critical national infrastructure projects, their associated supply chain and key government entities.
To be able to track individuals of interest, such as politicians, businesspeople, dissidents, and journalists, Chinese actors will continue to collect large volumes of Personal Identifiable Information (PII). In addition, we expect sectors like telecommunications will be targeted more frequently so that the movements and conversations of these targets can be more closely monitored.
Financial services and privacy
Almost without a doubt, financial services will be in the spotlight, as the CCP seeks to develop and harness technologies such as blockchain and AI, while seeking to extricate themselves from western-aligned financial systems (like SWIFT).
To breach these targets, Chinese cyber threat actors will continue to utilize the supply chain as the weak point of entry into many networks and a valuable source of aggregated information. The resources and expertise available to the Chinese intelligence apparatus also enables the development of exploits for widely deployed systems on the perimeter edge and we are likely to see more attacks akin to the exploitation of Microsoft Exchange in March 2021.
Less obvious avenues to acquire access are also available to the CCP. This includes the placement of personnel within organiszations who can access corporate information and report back to Beijing. Often, this can be achieved by bringing new laws such as the Personal Information Protection Law (PIPL) that compel foreign organizations to have individuals associated with the CCP working for them.
Similar to GDPR, PIPL sets out how organizations in China must handle PII and stipulates that an individual located in the China must be a point of contact for that organization for matters involving PII. Not only does this grant the individual with oversight into the internal functions of an organization, but also enables the collection and transference of PII and likely other forms of data to the CCP.
The underlying motivation, strategy and targeting focus hasn’t changed drastically since the last Five Year Plan as published in 2016, but the stronger focus on reducing foreign leverage and on expanding and deepening Chinese influence internationally will be felt by many. The current targeting activity and overtures by the CCP points to how the threat picture will look in the short-to-medium.
One can conclude that Beijing will become more overt, aggressive and confident in its operations. This marks a change from the more delicate approach taken by Xi Jinping’s CCP up until this point. The new Five Year Plan illustrates China’s increasing ambition and assertiveness, which will in turn bring about a heightened threat from Chinese cyber activity.