Govt should call China’s bluff on cyberattacks
RECENT cyberattacks by China-based hackers have raised alarms about the security of important government systems and have led to openly expressed suspicions that the Chinese government or military may be behind at least some of the cybersecurity breaches. The Chinese government has, of course, strongly denied involvement, and has even suggested it will be willing to help track down cybercriminals operating from China, according to the Department of Information and Communication Technology (DICT). The government should call China’s bluff and demand that it take action to put a stop to the ongoing cyberattacks.
The reason that a firm stand is necessary is that there is a substantial amount of evidence, including in China’s own publicly disclosed national defense strategy, that the Chinese government does, in fact, carry out various forms of cyber espionage and offensive action. Earlier this week, the government of the Netherlands revealed that it had discovered malware installed in a computer network being used by its military, and that it had traced its source to “a Chinese state actor.”
Last month, the US government announced it had tracked down and dismantled a China-based hacking network known as “Volt Typhoon,” which had gained access to numerous infrastructure systems such as those controlling electricity grids, with the apparent goal of disabling them in the event of a conflict.
In a press briefing on Thursday, DICT disclosed that among the Philippine systems where attacks have occurred or have been attempted include the Philippine Coast Guard, the private website of President Ferdinand Marcos Jr., the Cabinet secretary, the Department of Justice, the Congressional Policy and Budget Research Department of Congress, the National Coast Watch System and the DICT itself.
Given the ongoing conflict between the Philippines and China over the latter’s illegal aggression and claims in the West Philippine Sea, it does not require a great leap of imagination to guess where cyberattacks on key government information systems — particular those of agencies such as the Coast Guard and National Coast Watch — may be coming from. Our own cybersecurity experts are more than capable of tracking intrusions, and when similar findings of Chinese hacking are disclosed by countries with even bigger resources such as the United States and the Netherlands, the suspicions appear to be even more justified.
And then there is the prominence given to cyber capabilities in the Chinese government’s publicly disclosed “China’s National Defense in the New Era” white paper. Among the points made in a section of the 51-page document entitled “Fulfilling the Missions and Tasks of China’s Armed Forces in the New Era,” cyber “missions and tasks” are highlighted: “China’s armed forces accelerate the building of their cyberspace capabilities, develop cybersecurity and defense means, and build cyber defense capabilities consistent with China’s international standing and its status as a major cyber country.”
Of course, the entire military doctrine and policy as spelled out for public consumption is couched in terms of “defense,” but that same policy also explains that it means “active defense,” or in other words, striking first to eliminate a potential threat when necessary. All things considered, China’s protestations that it “always firmly opposes and cracks down on cyberattacks in all forms in accordance with the law,” the statement Beijing’s embassy in The Hague released in response to the disclosure by the Dutch government, rings rather hollow; after all, China’s “law” in the context of its publicly disclosed defense policy does not preclude acting in precisely the way discovered by cyber experts here, or in the US, or the Netherlands, if China detects what it believes to be a threat.
Therefore, the government should hold China to account and compel it to honor its pledge to “always firmly crack down on cyberattacks” originating from China. The DICT and other agencies concerned must be thorough in their investigations, publicly disclose the results of those in detail, and then, to the extent necessary, demand that China do its part to take the required action to stop them from recurring.
How China responds to our government “calling its bluff” will reveal much about the true source and nature of cyberthreats to our own national security.