Security Alliance have published analysis on the Chinese Communist Party’s (CCP) Five Year Plan (FYP) and its implications for the cyber threat landscape. It assesses the priorities of the FYP and the underlying factors that are driving it, and what this means in relation to the Chinese cyber threat. In short, there are clear indicators and factors pointing towards more overt and confident behaviour from the CCP. This is highly likely to be coupled with large scale and continuous cyber operations.
The FYP’s purpose is to frame China’s social and economic goals over the next five years. The language revolves around internal innovation, research, and development.
Behind the public declarations of their economic goals, is a strategy characterised by a dual approach. This is to simultaneously reduce foreign leverage over Chinese interests, whilst expanding and deepening their influence internationally in the social, political, and economic spheres. This drives which sectors cyber operations are directed at, as well as the types of information that are prioritised to suit various objectives.
The CCP and their cyber activity will also be focused on steering, blocking, and undermining core economic activity such as M&A activity and supply chain establishment to extend their influence and to undermine Western efforts.
Looking further ahead, the CCP’s strategy will likely be centred around pulling the global community away from western technologies, systems, and institutions, instead promoting Chinese solutions. The attempted largescale rollout of Huawei products is a good example of this strategy in action.
Socially and politically, the CCP’s priorities are heavily influence by a desire to ‘deal’ with the so-called ‘Five Poisons’: Uyghurs and the associated independence movement, Tibetan independence movement, the pro-democracy movement within China, proponents of Taiwanese independence, and the Falun Gong religious movement. This will involve sustained efforts to control the narrative around how they are handling them. Again, the domestic control of information, combined with the projection of a favourable narrative around these issues will underpin the CCP’s approach.
Although more typically associated with Russian threat actors, Chinese actors will, on occasion, use cyber intrusions to facilitate ‘information operations’, via the leaking of stolen information in addition to continued abuse of social media to steer their own narrative.
The tempo and scale of Chinese cyber activity will almost certainly continue to match the size of the CCP’s ambitions. The priority will be on information collection and pre-positioning, however information operations and even disruptive operations are likely to manifest in the medium-to-long term.
Collection of intellectual property is essential to bolstering political and economic competitiveness in key sectors. Hence, it is likely that targeting will be directed at critical national infrastructure, government and military entities, and the supply chain.
In order to track individuals of interest to the CCP such as politicians, businesspeople, dissidents, and journalists, Chinese actors will continue to collect PII. In addition, sectors like telecommunications are likely to be targeted more frequently to closely monitor the movements and conversations of these targets.
Financial services is also likely to be in the spotlight, as China seek to develop in areas such as blockchain technology, whilst also seeking to extricate themselves from western-aligned financial systems (like SWIFT).
To breach these organisations, Chinese threat actors will continue to utilise the supply chain as the weak point in many networks and valuable source of aggregated information. The resources and expertise available to the Chinese intelligence apparatus also enables the development of exploits for widely deployed systems on the perimeter edge, and we are likely to see more attacks akin to the exploitation of Microsoft Exchange in March 2021.
Less obvious avenues to acquire access are also available to the CCP. This includes the placement of personnel within organisations who can access corporate information and report back to Beijing. Often, this can be achieved by bringing new laws (for example PIPL) that compel foreign organisations to have individuals associated with the CCP working for them.