Though it has apparently refrained from engaging in any high-profile disruptive attacks on rival government installations, China appears to be quietly beefing up its cyber capabilities as global tensions rise.
Since Russia’s decision to invade Ukraine on February 24, much cyber-analysis has understandably focused on that country and other pariah nations such as Iran and North Korea.
But what of China? In refusing to condemn the Russian attack, it has drawn increasing criticism from the US and its allies, who also frequently accuse it of conducting cyber-espionage campaigns at the West’s expense as well as tacitly supporting other forms of cyberattack.
The Center for Security and Emerging Technology (CSET), a thinktank based in Georgetown University in the US that claims to provide nonpartisan and evidence-based research on cybersecurity and other tech-based issues, has observed the recent growth in China of “cyber ranges” – facilities where professionals can hone their digital offensive and defensive skills – some of which are linked to government and military installations.
While it stresses that to date China has not been implicated in any large-scale SolarWinds-type cyberattacks, there is growing evidence to suggest that the emerging superpower is not leaving anything to chance when it comes to possible digital warfare in the future.
On a cyberwar footing?
“China is rapidly building cyber ranges that allow cybersecurity teams to test new tools, practice attack and defense, and evaluate the cybersecurity of a particular product or service,” said CSET, in a recently published report that found just over half of China’s 34 provinces had either built or were building such installations.
“Their purposes span from academic to national defense,” it added. “The presence of these facilities suggests a concerted effort on the part of the government, in partnership with industry and academia, to advance technological research and upskill its cybersecurity workforce – more evidence that China has entered near-peer status in the cyber domain.”
CSET said that five of the 19 provincial facilities it observed “have demonstrable ties to the military or security services.”
“China’s investment in these facilities is in line with what is known about other efforts to bolster the country’s hacking and cybersecurity capabilities,” said CSET. “As these facilities mature, network defenders who find themselves in the crosshairs of China’s hacking teams may be subject to attacks that have been rehearsed, tested, and sometimes practiced on replicas of their own networks.”
Just who these network defenders might end up being, however, remains a matter of conjecture. CSET itself admits that “there are no indications to date that China has launched a physically destructive or disruptive cyberattack against another country’s critical infrastructure” and says its own research suggests this is a policy decision by a regime that is already capable of conducting such assaults if it wished to.
From Beijing to the provinces
Four of the five facilities named in CSET’s report are located in the Chinese provinces of Guiyang, Chengdu, Shenzhen, and Zhejiang, with the fifth being attributed to the Beijing-based China Aerospace Science and Industry Corporation (CASIC), a defense company that the analyst says is facilitating industry-based cooperation between civil and military entities in the People’s Republic.
“It is unclear if the range includes a single satellite, a constellation of satellites, or other space assets, and whether these are in orbit or simulated,” said CSET. “CASIC provides China’s military with satellites, microsatellites, missiles, anti-satellite systems, and other space or aerospace systems.”
During its observation of CASIC, it said it watched the firm host an annual competition in 2021, during which “teams from utility providers and the private sector practiced attacking the space assets, as well as electrical grids, water treatment plants, and transportation networks.”
CSET added that while none of the entrants were affiliated with the People’s Liberation Army (PLA), some of them were “cybersecurity firms that train PLA hackers, such as Beijing Topsec, as well as those who [...] have a history of patriotic hacking, such as NSFOCUS.”
“In China, where military strategists plan for civilian hackers to join forces with the military in the event of war, civilian access to a cyber range for attack and defense of space assets takes on new meaning,” said CSET.
How the other facilities stack up
The National Big Data Cyber Range in Guiyang was adopted by the government after it was reportedly impressed with its “commitment to deepening military-civil fusion”, while Guangcheng, Chengdu’s “smart city cyber range”, hosted the Peak Geek contest in 2021, drawing more than 30 teams who competed for control of simulated critical infrastructure industries including electricity, transport, and the media.
Peng Cheng Laboratory is funded by local government in Guangdong and Shenzhen, its expertise extending to robotics, supercomputing, smart lasers, and virtual reality. “With government funding, massive computational capacity, and ties to the military,
Peng Cheng will likely be actively used by state hacking teams,” said CSET, adding that its supercomputer Cloudbrain II is estimated to be half as fast as Fugaku, which until recently was considered to be the fastest machine of its kind in the world.
Zhejiang Lab is a contributor to China’s artificial intelligence (AI) research program and also collaborates with local government. CSET describes its work as “varied, including both traditional cybersecurity work and more cutting-edge research at the intersection of AI and software security.”
CSET believes this expanding network, which appears to be recruiting more computer engineers to develop further cyber ranges, will stand China in good stead should it choose – or be forced – to take a more active role in the global cyber conflict.
“Besides making attacks on industrial control systems more feasible, other types of attacks will improve as well,” it said. “For example, hacking teams have more opportunities to try new tactics, techniques, and procedures.”
No accident
CSET asserts that the growth of China’s cyber ranges is far from incidental, and is being coordinated from the highest level within the state.
“Central policymakers signaled their interest in cyber ranges for education, training, AI development, and testing in China’s most recent plan for the cybersecurity sector,” it said. “Consequently, municipal and provincial governments funded the development of cyber ranges with sometimes significant subsidies, in alignment with Beijing’s political mandate.”
It added: “Cyber ranges are key to training the next generation of talent to defend and potentially attack critical infrastructure. China – through the development of its ranges – is providing a venue for testing and exercising the tools and techniques to attack and defend critical infrastructure, while developing the technical talent to execute these operations.”
Your email address will not be published. Required fields are markedmarked