Is the U.S. really responsible for more than half of all cyberattacks against China?

Foreign Affairs

The United States has a large and, on average, insecure IT network, a reality that has been well-documented over the years in reports showing how many of the world’s cyber-crime is routed through the U.S.

On Tuesday, China’s Computer Network Emergency Response Technical Team (CNCERT) released its 2019 China Internet Network Security Report.

On the surface, and especially if you listen to outlets like the Global Times, the top-line figures are a damning indictment of the United States and further evidence that China, far from being an aggressor, is one of the world’s greatest victims in cyberspace.

The truth is more complicated, offering further evidence of how easy it has become for nation-states to twist the public’s poor understanding of cyberspace in order to score political points.

The CNCERT report indicates that the vast majority of cross-border malware attacks in China in 2019 originated in the United States, which tallied more than 53.5% of foreign attacks. The second and third largest sources of attack, Russia and Canada, trailed far behind, accounting for 2.9 and 2.6 percent of overseas attacks.

CNCERT, a technical body responsible for providing computer network security services within China, did not opine on the geopolitical significance of its data. Chinese state media filled the interpretive vacuum.

Although it did not name the U.S. government directly, Communist Party-owned Global Times placed the CNCERT data in the context of increased activity from Advanced Persistent Threats (APTs), well-resourced offensive cyber forces typically associated with nation-states.

“As the international situation becomes more complex, the number of organized and politically motivated cyber attacks continues to rise,” the Global Times reported in an English-language article provocatively subtitled “US was no.1 attacker.” “In recent years, APT attacks launched against China have been continuously exposed, with the scale and intensity of attacks increasing year by year.”

In reality, the data says little about nation-state activity in cyberspace.

“Criminals usually take some steps to obfuscate where they are,” said Tom Uren, a senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre. “The source of attack traffic tends to reflect factors that determine how easy it is for criminals to find proxy access in that country: such as the size of the internet in that country and how secure IT tends to be on average.”

The United States does have a large and, on average, insecure IT network, a reality that has been well-documented over the years in reports showing how much of the world’s cyber-crime is routed through the U.S.

If the CNCERT report fails to provide evidence of U.S. government misbehavior in cyberspace, it does shine an awkward light on the Clean Network initiative — the Trump Administration’s newly updated, and indecently named, strategy for securing the nation’s IT networks.

“The focus of the State Department should have been cleaning up our own networks, not making this all about the Chinese,” said Jason Healey, Senior Research Scholar at Columbia University and a Senior Fellow for the Cyber Statecraft Initiative at the Atlantic Council, a U.S.-based think tank. “‘Clean’ to the State Department does not mean secure, but rather the degree to which Chinese companies are involved.”

Lyu Jinghua, a retired colonel in China’s People’s Liberation Army who is now a Visiting Scholar at the Carnegie Endowment for Peace and Security, sees the high number of cross-border cyber attacks as evidence of the need for stronger global cyber cooperation.

“It is not surprising to find so much malware originating from the U.S. However, it contradicts the common view that the U.S. has strong capability in detecting malware and indicting cyber criminals,” Lyu said. “One single country still can’t eliminate all malicious cyber activities by its own. As two big powers in cyberspace, the United States and China should take joint efforts to detect, prevent, and defend against malicious cyber activities and thus enhance cybersecurity across the world.”

Interestingly, despite escalating tensions between the United States and China, the Global Times appears to have taken a turn toward modesty when compared to its own tradition of hyperbole.

Responding to the release of the same report last year, Global Times cited unnamed experts claiming analogous data showed the United States was “preparing to wage a large-scale cyber war” against China.