'The Taste of Battle', Both On-line and On-Ground
Covering Chinese chatters (discourses, narratives, policies and rhetoric) on external events and actors, military and security issues, economy and technology, and bilateral relations with India.
Worldview Weekly: US Digital Policy Strategy Hits out at China
By Anushka Saxena
Yesterday, the United States published its International Cyberspace and Digital Policy Strategy, hitting out specifically, among other actors, on China, for presenting the “broadest, most active, and most persistent cyber threat to government and private sector networks in the United States.” It is important to note that above all else, the US places China as a priority threat actor in cyberspace, replacing the relatively regular Russian and North Korean Advanced Persistent Threat actors (APTs).
Further, the Strategy document laments the differences in ideological and policy approaches between China and the US, when it comes to governing digital spaces. It argues, “Russia, the PRC, and other authoritarian states have promoted a vision of global Internet governance that centers on domestic control and top-down, state-centric mechanisms over the existing bottom-up multi-stakeholder processes.”
It is important to note that globally, domestic cyber policies are evolving, and no country has a truly bottom-down multi-stakeholder and civil society-led-policymaking apparatus. Rather, all countries with a cyber policy operate through a top-down apparatus, and the only differentiator is the varying degrees of participation of and consultation with businesses, academia, and civil society. From the US’s perspective, intense consultation with corporations and think tanks helps shape a more business-friendly cyber policy. In China’s case, policies are much more top down and securitised, although the end-goals remains the same – staving off cyber intrusions and enabling transparency in incident reportage and redressal.
Further, the Strategy states, “Authoritarian governments, most notably the PRC, are actively working to co-opt and redefine well-established terminology related to “democracy” and “human rights” in the context of international technology policy development, including through their input into the UN Pact for the Future process and its Global Digital Compact.” Given that China plays a critical role in key international cyber-governance fora such as the UN Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the context of International Security, as well as the UN Open Ended Working Group on ICTs, the Strategy document clarifies the US’s diplomatically opposed stand against Chinese conceptions of governance.
Even though the West-led “rules-based order,” which offers particular definitions of ‘democracy’ and ‘human rights’ continues to be a defining feature of the contemporary geopolitical order, there is fraying in the sentiment of its universality because China offers a more appealing ‘development over security’ approach (especially to Global South countries). In digital governance, this plays out to the advantage of countries that wish to prioritise development and economic growth over concerns surrounding ethics, transparency, democratic decision-making, or even national security.
In contending these ideals, the Strategy continues to defend the notion of the “rules-based international order.” Further, in its section on ‘Lines of Efforts’ (essentially, ‘recommendations’), the document makes it a point to highlight how the US and China are in clear competition in their respective positions on international norms and standards setting, and that the US will continue to push against Chinese economic manipulation to compel support for its definitions and norms.
At the same time, it is indeed interesting to note China’s contentions with the inclusion of the phrase ‘human rights’ at the above-mentioned UN-led cyber mechanisms. For example, in its comments on the ‘Initial Pre-draft Report’ of the UN OEWG from April 2020, China argued, “China takes note that the pre-draft repeatedly made references to issues such as sustainable development, human rights and gender equality. In the long run, these issues are important for us to take a comprehensive and balanced approach to cyber issues. However, these are anything but the priority of this group and were not discussed at the previous two sessions.”
In fact, deliberations at the OEWG and even the ‘UN Pact for the Future’ revision process (for which 193 UN member states are scheduled to meet in September 2024), clearly indicate a divide between the West and the China-Russia-Iran-Cuba axis, where the former is advocating for the inclusion of ‘human rights’ intrinsically in the language of draft reports, while the latter has advocated contrarian views. From the US Strategy document, it is evident that this competition is unlikely to turn into consensus.
The next bit that I want to focus on from the Strategy is its articulation of the Chinese surveillance threat. The document states:
“The PRC has developed a massive system of surveillance, and its firms are now exporting their regulatory approach and technical capabilities to facilitate other governments’ monitoring and repression. Beijing has also used cyber means to target people beyond its borders, including journalists, dissidents, and individuals it views as threats to Chinese Communist Party narratives, policies, and actions.”
In this sense, the document seems like a culmination of a bunch of developments in the US and the EU in the past two years, that are targeted specifically against Chinese firms exporting technical capabilities to countries within. While it is true that they are partly motivated by fears of surveillance, as the Strategy document would have us believe, two big factors are the unfair competition Chinese firms bring to the market, as well as the overall US-China rivalry permeating all aspects of relations.
For example, when the UK Government Communications Headquarters (GCHQ) banned Dahua and Hikvision cameras from their offices in June last year, there was a real threat perceived to national security – Chinese surveillance cameras in a highly classified building! However, more recently, the Anti-subsidy investigations initiated by the European Commission in October 2023, are exploring a ban on Chinese Electric Vehicle (EV) firms for gaining excessive market share from European subsidies, while fundamentally creating an uneven playing field for local firms.
Similarly, US’s decisions surrounding Huawei have seen all the three above-mentioned factors play out. For example, the 2019 move to blacklist deployment of Huawei 5G networks in the US for the fear of falling prey to Chinese surveillance and opaque collection of sensitive data of Americans, was a national security-motivated decision. More recently, US’s cancellation of export licenses for firms exporting critical technologies to Chinese firms like Huawei (such as Intel’s exports of chips to Huawei for its MATE laptops), fulfills a two-pronged goal of incentivising local growth and dominance, while feeding into the US-China competition on a broader level.
To this end, in another section, the Strategy document has done its part to clarify, “…The PRC government distorts markets to advantage PRC-based hardware, software, and services suppliers that compromise the security of the customer. By contrast, the United States seeks to provide the emerging and developing world with financially sound alternatives to unsustainable initiatives.”
In another one of its ‘lines of efforts’, the Strategy documents lays emphasis on orbital overcrowding and US-China competition in lower earth orbit (LEO) in space. It reminds me of the SPARKS song, “This town ain’t big enough for the both of us.” Or as Aditya Ramanathan, my colleague at Takshashila and an expert on outer space affairs explained it to me, “the LEO has become like a railway platform.” In this regard, the Strategy argues that “PRC is planning a constellation of about 13,000 satellites, with a clear government mandate and significant financial subsidies,” and this therefore threatens American firms’ dominance in the development and deployment of GEO and LEO satellite communication services. It also impinges upon the idea that the US should be the go-to partner for satellite communications services, which is why this document elaborates on the problems with the deployment of China’s constellation. Hence, the document actively propagates alliance-building to create “secure and resilient” LEO satellite systems. This just another example of how chasmic and fundamental the divide between US and China is, that there is no potential for even civilian, scientific cooperation in space affairs.
The final bit that I think would be interesting to talk about is attribution, accountability, and state responsibility. In one of its ‘lines of efforts’, the document specifies that the US should strive to ‘Hold Irresponsible States Accountable’. Obviously, it takes the example of China as the most irresponsible state out there, stating:
“The number of states willing to publicly hold states accountable reached 39 in July 2021 when NATO, the EU, Australia, Canada, New Zealand, the United Kingdom, and Japan all publicly condemned the PRC’s involvement in the Microsoft Exchange server data breach incident and other malicious cyber activities.”
Essentially, the document is pushing for clearer and more articulate policies on legal attribution of cyber incidents to states and governments, which has always been a subject of contention and controversy in international cyber-governance. Attribution alone can be to any APT actor, state or non-state, but state responsibility would mean attribution to an APT and tracing its connections potentially to a government/state actor.
From the US’s perspective, attribution should be a part and parcel of cyber policy, because without it, there cannot be bilateral and multilateral dispute resolution. However, China’s perspective differs. For example, in its pre-draft comments (mentioned above as well), China argued, “…when it comes to state responsibility, which, unlike the law of armed conflicts or human rights, has not yet gained international consensus, there is no legal basis at all for any discussion on its application in cyberspace.” From this, it is only an obvious, in-the-face inference to make that China will not blame, but will not tolerate being blamed either. And if the corpus on the subject of China’s state responsibility for cyber incidents is to be believed, China has quite a lot to be blamed for.
The UN is in the process of developing an elaborate mechanism to bring about consensus on state responsibility in cyber-governance. It involves debating the applicability of international law in cyberspace, acting on the 11 UN norms of responsible state behaviour in cyberspace, and enabling confidence-building measures, including through the establishment of a global ‘Points of Contact’ directory. In this regard, the US Strategy document is a welcome step towards compelling enforcement of some these standards.
India Takes on a Similar Challenge
Because of the transnational nature of cyberspace, India is also at risk of cyberattacks against critical national security infrastructure by foreign state and non-state actors. An example is the ShadowPad malware attack faced by Indian power grid institutions in April 2022. The hackers responsible, attributed by the American cybersecurity company Recorded Future to the Chinese state, preyed on already infected IoT devices to navigate through compromised networks and conduct espionage activities in the Ladakh region of India. The grids were also located in the area surrounding Galwan Valley, where troops of the two sides engaged in eyeball-to-eyeball fighting in June 2020, leading to the deaths of 20 Indian soldiers.
The Chinese Ministry of State Security and the People’s Liberation Army have been associated with multiple ShadowPad malware attacks in the past, reportedly using a group of hackers that have come to be known as RedEcho. The severity of the challenge is clear, and has multifaceted implications for data security, internet governance and a safe IT infrastructure in India.
Targeting India’s critical information infrastructure remains a key motivation for Chinese APTs. Since 2020, India has faced multiple malware attacks against entities such as seaports, 10 distinct Indian power sector organisations (including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand), and oil and gas facilities – all of which have been been deemed as ‘Critical Information Infrastructure’ by the Indian National Critical Information Infrastructure Protection Centre (NCIIPC). Suspected APTs behind this include the notorious Chinese hacking group identified by the FBI as ‘Barium’ (or APT 41), which has exploited bilateral tensions to conduct cyber-espionage while engaging in geo-strategic signalling.
In addition to stealing personal information, some attacks are even targeted at using cyber-means to steal Intellectual Property (“cyber-enabled IP Theft”). In March 2021, for example, it was reported by the cyber-intelligence company Cyfirma that two major Indian vaccine and pharmaceutical manufacturers, Serum Institute of India and Bharat Biotech, experienced hacking attempts against their IT systems from China-based APT ‘Stone Panda’. In the past, this ATP has been known to work in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau.
India has had quite a tryst with China-based APTs, and the US might just find an ally and partner in India especially on multilateral mutual assistance for attribution and state responsibility, even though India has a policy on neither. However, in the matter of US v. China, cyberpolitics is most likely to evolve into a competitive and securitised domain, eventually leading to the formation of two large ‘bins’ dominated, one each dominated by the two.
Guarding the Great Wall: Xinjiang Tastes the Flavour of Battle
By Anushka Saxena
As many of our readers may know, combat preparedness work in the Chinese People’s Liberation Army (PLA) is reaching newer heights every day. The ‘four services’ (军种) and ‘four arms’ (兵种) of the PLA are testing interoperability on a regular basis, through platform integration, network-centricisation of operations, and battlefield training.
This is playing out particularly elaborately in the Western Theatre Command (WTC), where the Xinjiang Military District (XMD) has recently taken it to the next level to test a competitive, full-fledged battle play out. While such an exercise is not necessarily new, reportage on two to three-day-long intensive “battles” that take a specific realtime situation and intersperse it with emergencies, are fairly rare.
As per the report in the PLA Daily on this recent exercise, Xinjiang MD units based out of the foot of the Tianshan mountains engaged in what they referred to as a “Mass Military Training and Competition” (群众性练兵比武). The goal for the units was to reach a target destination through a complex terrain, all the while finishing ten assigned tasks within a 24-hour period. The exercise took place in five stages:
The first was testing of unit’s response to emergencies. As soon as the exercise began, an ad hoc command came through that rival targets have been spotted on the land ahead. The instruction was for units to use available land space to eliminate the targets. To do so, units resorted to the use of multiple hand grenades.
The second stage required personnel to test preparedness against the weather. Being in the arid semi-desert at the foot of Tianshan, dust storms are a common occurrence. The report on the exercise suggests that units were “soaked in dust,” but chose to “disregard” it to fulfill their assigned tasks in time.
The third stage involved assessment on various parameters of regular battlefield work, including navigation, battlefield protection, self-rescue, and mutual assistance according to a map.
The fourth stage in the evening, revolved around digging trenches to secure positions for the night and set up temporary cooking facilities. At the same time, there was a special emphasis laid on individual security without external support, meaning that individuals in the units had to pitch their own tents, dig their own trenches, and handle their own positions.
The final stage set in at night, when enemy forces opened fire against the units just as they finished dinner. That was the real “taste of battle” as per the leader, Corporal Liu Mingjiu, as the operations to retaliate to enemy fire was part of an automatic rifle shooting assessment at night, which caused much difficulty to units. Immediately after the threat was considered neutralised, personnel began constructing cover, which was part of the fourth stage assessment on individual safety.
The interesting bit about the report is that it quotes corporal Liu as stating that “although his performance in some tasks was not as good as usual, the ‘combat intensity’ was higher,” indicating an inability to adapt to a combination of emergency assessments, tough terrains, and long hours.
The evaluation team assigned to the exercise conducted its elaborate review on the early morning of the next day, and came to the conclusion that Liu’s situation was not unique, and that “faced with a complex assessment environment and high-intensity continuous operations, many participating officers and soldiers saw varying degrees of decline in their individual task performances.”
Globally, analyses worry about China’s war preparedness and capability. While such reportage is only a tiny picture of the bigger game, it does depict accurately just how challenging it is, achieving true jointness amidst varying degrees of complexity. This is an example of a unit or two from the XMD. Imagine the PLA planning interoperability at 100 times this scale, rife with network centres, interconnected command and control, intense gunfighting and terrain handling assessment across the board, and ensuring each individual’s ability to protect themselves.
It is important, hence, to appraise robustly PLA’s reportage on combat preparedness, cull out challenges and opportunities, and at the same time, take the idea of PLA’s ‘perfect readiness’ with a bag of salt.
Just FYI: At Takshashila, we’re working on a brief assessment of jointness and interoperability in the Western Theater Command as a whole. Structure, combat preparedness exercises, altitude training, and air power - the whole shebang. So please keep an ‘eye’ out for more!
Latest from the Indo-Pacific Studies Team:
It’s been a busy two weeks for the IPSP circle.
IPSP Research Analyst Anushka Saxena writes for Nikkei Asia on the recently announced disbanding of the PLA Strategic Support Force, formation of the Information Support Force, and global implications.
In this episode of Takshashila’s daily public policy podcast, All Things Policy, Anushka Saxena and Manoj Kewalramani discuss readout of the recent Politburo meeting & the direction of China’s economic policy priorities in the run up to the third plenum in July. Tune in below:
IPSP Research Analyst Amit Kumar writes for FirstPost, finding the silver lining for India in the results of the recently concluded Maldivian parliamentary elections.
IPSP Chairperson and China Studies Fellow Manoj Kewalramani speaks at an event organised by the Center for Strategic & International Studies, Washington DC, on ‘The Belt and Road Initiative at 10: Challenges and Opportunities’. Tune in to the event broadcast below:
IPSP Research Analyst Rakshith Shetty writes for The Diplomat, discussing ‘How China Became the World’s Clean Tech Giant’.
Rakshith Shetty also writes for The Diplomat in collaboration with Takshashila High-Tech Geopolitics Programme analyst Ashwin Prasad, on ‘China’s Military-Civil Fusion Space Program’.
In this episode of All Things Policy, IPSP Research Analyst Bharat Sharma quizzes Dr. Saya Kiba from the Kobe City University of Foreign Studies, on ‘How does Tokyo view the Indo-Pacific?’. Tune in below:
Anushka Saxena further writes for The Diplomat on ‘Blinken’s China Visit: Has Rapprochement Run Its Course?’, and for FirstPost, arguing, ‘With Taiwanese President Lai Ching-te set to assume office, China's woes will only exacerbate’
Eye on China is a weekly newsletter curated by the Indo-Pacific Studies Programme at The Takshashila Institution, a public policy think-tank based out of Bengaluru, India.
 | A guest post by
|