This talk will unify threads of research that cover investments made by the PRC into its hacking teams, cyber capabilities, talent pipeline, and infrastructure. Discussion of China’s hacking teams have focused on their data theft, victims, and exploits. This talk will explain how China’s approach to cyber capabilities has changed since Xi came into power and the likely effects of their policies. A summary of the topline ideas is below. I have given this talk to USG agencies before, but not publicly.
After Xi Jinping came into power in 2012, China began a rapid transformation in its cyber policy landscape. President Xi established a leading small group of the CCP to discuss cybersecurity, which was eventually promoted to a standing committee with a government office—the Cyberspace Administration of China. The CAC is now known for its regulations on data exports, the crackdown on the tech sector, and the delisting of Didi Chuxing.
In 2015, Xi’s reforms took hold of the cybersecurity sector in China. The PRC formalized its cybersecurity degree programs and educational requirements. The Ministry of Education and CAC copied the NSA’s Centers of Academic Excellence and began certifying universities as “World-Class Cybersecurity Schools.” Two years on, the PRC cracked down on its security researchers traveling abroad and instead began promoting domestic security competitions like Tianfu Cup. Cybersecurity competitions proliferated. Around this time, China began construction of its National Cybersecurity Talent and Innovation Base in Wuhan, a piece of educational and training infrastructure now tied to the military and security services. In the same year, 2017, China started to host its own version of the DARPA Cyber Grand Challenge competition to promote automated vulnerability discovery and exploitation. Most recently, these competitions have been run by the military’s procurement department. My most recent research shows how this development effort has taken hold of China’s top universities and promulgated to state labs and cyber ranges.
Attendees will leave with an understanding of the capabilities ecosystem within China, the investments made by the PRC government that aim to improve its hacking capabilities, and the likely impact of their investments over time. This talk will not include novel attack techniques or IOCs, but will enlighten defenders to the coming challenges presented by PRC cyber operators.