Diversity that is China
China is always seen by the West as a big, monolithic country. That nothing could be further from the truth does not shake that popular wisdom, which is typical of cultural biases and heuristics. After all, our brain is mostly wired to deal with small communities of similar people - it is nigh impossible to consider the country with the population size of China.
This is Part 2 of the four part series:
- Chinese intelligence structures
- The Chinese way of collecting data
- This post
- Cyber espionage - the Chinese way
- 1.35 billion (BILLION!) people. That’s like having 165 NYCs in China. Or 292 Sydneys. Or 4.5 USAs. Or 74.5 Australias. Or … you get the message.
- 56 recognised ethnic groups. Compared to Europe’s 87.
- 7 major Chinese language branches of the Sino-Tibetan language family. Considered to be just dialects and many, many sub-dialects. (For comparison, all European languages (with 8 branches) are part of the Indo-European language family.)
Diversity in the upper echelons
So China is very, very diverse. The myth that a country that size can be driven by a well-oiled machine that knows everything and manages everything is, at best, laughable. The story of corruption and machinations by Bo Xilai (one of the 25 members of China’s Politburo, candidate for the Standing Committee, etc. Up and coming politician - until downfall, that is) and Zhou Yongkang (China’s former domestic security tsar, and Bo Xilai’s only defender on the Standing Committee) show that China’s upper echelons far surpass “The Game of Thrones” in terms of political manoeuvring.
But, we’re here to talk about Chinese intelligence and cyber security monolith myth.
Intelligence services and the policy community
It should come as no surprise that China does not have a single formal office for assessing intelligence and producing analyses that would reflect agreed government position. The infighting, entrenched individuals and departments do not want, nor see any need, to cede power or to share it. President Hu Jintao reportedly tried to organise a central office for intelligence - twice. That China still doesn’t have one speaks volumes.
So what does China have? For the purposes of foreign policy and national security (including cyber intelligence) they have three Leading Small Groups (LSGs): two for foreign policy and national security (really a single body with two different names) and an LSG for Taiwan. Of course.
The role of the LSGs is to bring together senior policymakers to debate
and provide advice and recommendations on major policy issues to
China’s ultimate decision-making body, the Politburo Standing Committee.
The LSGs operate by consensus.
Like everywhere else, it should be no surprise that China’s intelligence organisation has to fight for the time with decision makers. And just like everywhere else their products, even if they are good, will be questioned and often overruled. Much like everywhere else, there will be plenty of in-fighting in the intelligence community, too. Even at the highest levels. Why? Because that’s how Mandarin (that would be bureaucrats) court operates.
Firstly, modern China has witnessed a significant growth and diversification of interest groups and centres of power, to the point that it has become hard if not impossible for entities used to exercising control over foreign and security policy to continue doing so.
PLA isn’t in charge, either
So if the intelligence services largely fight for the time and don’t really run (or primarily implement) the country’s cyber policy (shocking, isn’t it?) then the PLA most definitely does. After all, that Mandiant report on APT1 places it squarely and irrefutably on PLA.
[T]he PLA’s role in Chinese politics and policymaking has been on a steady decline since the end of the Mao era. There are no longer any military leaders on the Politburo Standing Committee and the institutional mechanisms available to the PLA – principally the Central Military Commission and its participation in the LSG process – do not obviously allow for the exercise of disproportionate influence over foreign policy.
The argument now will go: ‘but that’s not what we’re saying. We’re saying that the PLA is just implementing the cyber policy’. And the standard response to that would be: “Duh!” Follow-up question is: who sets the policy? At what level? How do they make sure that there’s no independent activity? In other words: for the monolithic China myth to survive, there should be no Bo Xilai, no chasm between different intelligence services, no infighting.
No, China is not a monolithic structure, a modern day massive hive mind where everyone is pulling together to the best of their abilities to ensure glorious victory. What there is is a lot of groups and individuals trying to get an edge on their competitors. If that includes getting intelligence and IP from elsewhere so be it.
The Chinese government is guilty in as much as it doesn’t enforce strict computer laws when targets are external to the country. But in that China is by no means an outlier.