A recent report by the cybersecurity company Recorded Future describes a sophisticated cyber campaign by Chinese agents aimed at Indian targets. The report outlines how a Chinese state-supported group – dubbed Red Echo – managed to install malware in India’s critical civilian infrastructure, including electric power organizations, seaports, and railways. While there is confusion as to whether the attacks caused power outages last October, Recorded Future’s report is clear in their conclusion that Red Echo’s cyber intrusions are directly linked to the Sino-Indian conflict along the mountainous northern border. While the two nuclear-armed states were fighting at sub-zero temperatures and high altitudes with medieval tools, a much more high-tech, 21st century-style battle occurred across the Indian cyberspace.
Using this campaign, China has embarked on a new game in the East Asian cyber domain. Now a major state actor has used offensive cyber means to send a political signal with disruptive effect. The use of cyber tools as part of the international security relations toolkit is not novel. China has previously used cyber means to send political messages to other nation-state adversaries. For example, when Taiwanese President Tsai Ing-Wen was elected, her social media networks were attacked by Chinese actors. However, what sets the Indian hack apart from prior cyber operations is the intended effect of the operation: Prior signalling cyber operations were acts of digital vandalism, yet in this case, the campaign aimed to have a destructive, or at least disruptive, impact in the physical domain. A campaign of this sort – causing potential physical destruction – comes much closer to a conventional military conflict.
We argue that this is a significant escalation of cyberattacks in the Indo-Pacific region. We view the choice of targets by the Chinese attackers as an additional, mounting sign of escalation: Rather than targeting military infrastructure, the Chinese attackers deliberately chose to strike civilian infrastructure. This set of events indicates that China is now willing to reset the rules of the cyber game in the Indo-Pacific. Such a reset has the potential to increase confrontation in the Sino-Indian conflict and thereby impact conventional regional security balances.
By conducting such disruptive cyberattacks, China has now escalated the conflict closer to a national-level military conflict, away from the initial narrow geographical focus on the border region. To date, at least according to the information publicly available, India has not responded to these attacks. Emboldened by the absence of an Indian response, China may decide to send further signals through disruptive cyber operations. This may lead to an Indian response, which, further down the road, may precipitate confrontation. A retaliatory, offensive cyber campaign targeting Chinese critical civilian infrastructure could set off a tit-for-tat sequence of events and fuel an escalation spiral in the cyber domain and beyond. Given the distrust between the two nations and the ambiguity of the intentional purpose of using such operations, cyber actions by either side could easily be misunderstood or misjudged. This would only further complicate Sino-Indian security relations.
China’s cyberattacks also have consequences beyond the Sino-Indian conflict. Readiness to use these types of attacks in a political conflict raises the question of how China may act in other regional conflicts. If China is willing to take such risks against a nuclear armed opponent, it could easily seek to repeat this campaign in its conflicts with non-nuclear nations. The Taiwan Strait conflict and the South and East China Sea disputes are likely situations in which China could replicate its approach. In each of these conflicts, China has been engaging in salami-slicing tactics, and the use of more unrestrained and devastating cyberattacks would fit very well into the framework of cyber salami slicing.
While China might view the use of such cyberattacks as a form of signalling below the threshold of conventional military conflict, it remains to be seen if other regional actors share this understanding. The academic debate on escalatory cyber conflict patterns notes how escalation is more likely to be influenced by the effects – physically disruptive or destructive – rather than the means – cyber. By choosing this modus operandi, China has taken a step away from the diplomatic domain closer to the conventional military domain. Moreover, even if actors abstain from military escalation in the physical domain, they are likely to retaliate against China’s efforts with their own offensive cyber campaigns, thus igniting the aforementioned conflict spiral.
China is setting a new dangerous precedent in the Indo-Pacific region by willfully engaging in its current behavior. It is rewriting the “unwritten rules” of cyber conflict and has made a calculated bet that using subversive cyberattacks is worth the risk. By playing this game, it has embarked on a path that increases the potential for conflict escalation. This will have long-term destabilizing geopolitical consequences for the Indo-Pacific region. Unfortunately, the region has witnessed a rapid increase in geopolitical tensions and security issues over the last decade. The last thing it needs now is a potential conflict in a poorly understood domain where there are ample opportunities for misperceptions, errors and the upsurge of risk.
Tobias Burgers is a project assistant professor at the Cyber Civilization Research Center, Keio University.
David J. Farber is a distinguished professor at Keio University, and the co-director of the Cyber Civilization Research Center.