Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Mutually Assured Cyber Destruction

Cyber-espionage: Is China the Main Offender?
Cyber-espionage: Is China the Main Offender?

The truth is that all nations – from the US and Europe to China and non-state actors – are actively building a cyber-presence and investing a significant amount of resources in doing so. The aim? Both strategic and financial advantages. Pinpointing China as the main offender is not only challenging, it’s completely unsubstantiated. Such claims cannot be made without concrete evidence, and formulating this evidence is almost impossible. Instead, these claims trigger political backlash and retaliation. Why is it impossible to form a concrete case for China being the main cyber-espionage offender?

Attribution of an action against another nation, state or entity with 100% confidence is immensely challenging because of the ‘nature’ of the cyberspace battleground. Due to the potential for anonymity and diversion inherent to networked structures, without anybody claiming responsibility for an action – either aloud or tacitly – it’s almost impossible to perfectly identify the origin. Actions may be routed and re-routed and network addresses translated. Plus, different actions result in diverse outcomes – some are likely to do more damage than others. Whether an actor should be named as the main offender depends not only on the amount of activity attributable to them, but also on the quality of the acts.

Pointing the finger squarely at China is also problematic due to wavering definitions over the term ‘offender’. It begs the question: Offender against whom? Western countries and businesses are not the only ones harassed in cyberspace. For example, China stated in April that the majority of actions against its interests in cyberspace originated from the US.

It is also unclear whether China’s actions against its own citizens should be taken into account. Although China receives a lot of bad press in this area, all countries seem to be gradually restricting their own citizens’ freedom to act or decide upon the use of their personal information in cyberspace.

Furthermore, different types of activity have been detected as originating from different regions. In Verizon’s 2013 Data Breach Investigations Report, China was named as the main actor operating in the field of cyber-espionage, yet the US and Eastern Europe dominated the field of financially motivated incidents. The truth is that there is no single enemy or main offender – and claims that one exists are misguided.

In addition, it’s hard to convict an offender when no concrete legislation or guidance covering cyberspace currently exists. The furthest we have reached so far is the introduction of ‘The Tallinn Manual on the International Law Applicable to Cyber Warfare’ unveiled in March. Although drafted by NATO, it is by no means binding, and it acts as more of a guide rather than official law. The interpretation of existing legislation with regard to actions in cyberspace is only just beginning.

Further problems arise in the tendency for an excessively nationalist approach to cyber politics and current attempts to interpret and organize cyberspace through traditional, nationalist perspectives. These attempts include seeking the main offender whose image as an enemy can then be used to legitimize political decisions. This is especially true for the US, which is currently the sole superpower in traditional means.

Finding a balancing power is important for retaining the legitimacy of its hegemonic position. Concentrating on the actions of countries or their proxies provides an imperfect picture of the situation. Recent events have testified that non-state actors, like Anonymous and the Syrian Electronic Army, are able to gain political influence in cyberspace and hence impact international politics.

All in all, the picture is complex. We do not yet fully understand the functioning of cyberspace or the consequences of the ongoing transformative changes it brings. As such, who really benefits if China is recognized as the main cyber-espionage offender? Most cyber acts may or may not originate from Chinese soil, but this is not the most crucial question. Blaming each other and concentrating on reinforcing old competitive positions will only lead to mutual loss, whereas cooperation may bring mutual benefits.


Jarno Limnell, director of cybersecurity for Stonesoft, has extensive experience in the field, having advised the Finnish Defense Forces on cyber deterrence, and steering committees in the EU and NATO on cybersecurity defense and risk management. Previously a lecturer of strategy at the National Defense University in Finland, Limnell holds both a doctorate in military science and an officer’s degree.

What’s Hot on Infosecurity Magazine?