OPM Hack - causes not symptoms
June 16, 2015
Listening to NPR this morning reminded me how much of the cyber security discussion is like classic crime reporting, focused very much on symptoms rather than causes. Let's take a step back and ask what the OPM hack tells us:
1. This kind of hack is what people do to those they regard as opponents. The PLA, the security services and the Party leadership, regard the US as their primary opponent. Some of this is vestigial Maoism - you can't have thirty years of bellowing about hegemony with it leaving some trace. Some of this is an immature approach to great power politics tinged with Lenin's theory of imperialism. If China at large is ambivalent about peaceful rise, the military and security services are not. They believe that the US is their opponent and seeks to defeat them. The US doesn't help with its various half-hearted efforts (like internet freedom) that the Chinese leadership sees as intended to undermine the regime. The internet is a mortal threat to the Party's rule and they justify their actions by saying that what the US seeks is regime change. We also spy like crazy on them, which they knew and resented even before Snowden.
2. The primary goal is not to get information to increase recruitment, improve phishing emails, or some of the other peripheral motives we hear about. Look, the Chinese don't need help at phishing. It's not that hard. Knowing someone's vulnerabilities from their SF-86 doesn't increase the chances of recruitment - you put stuff on your SF-86 so that the the government knows about it and you can't be blackmailed. The info on the SF-86 is the least valuable for recruitment. China's recruitment successes come from either money or sex (or from visa-holders), and the OPM info doesn't help much with this.
What people don't appreciate is the deep desire to understand your opponent that exists in intelligence agencies (and with some senior leaders). Correlate SF-86 data with health records and with open source material (think PLA meets big data) and you can get deep insights into who you are playing against - you feel like you know them. You want to be in their skin to predict how they will act and where they will make mistakes.
The Chinese may also be as concerned to identify Chinese citizens linked to US employees. This would be consistent with China's first priority for cybersecurity, which is internal security.
3. We aren't used to a President like Xi. He is China's first "great power" President - kind of a Teddy Roosevelt to use a weak American analogy. He's assertive, and while worried about the fragility of the economy and the growing political tensions that afflict the Party, he seems confident that he can manage them. He also seems confident that he can manage the U.S. and push us more than his predecessors did. China is the 2nd most powerful nation in the world, measured by its military and its economy. The Chinese are learning how to exercise their new power and that means friction with the US. There is a risk they will miscalculate (their insular world view doesn't help - the PLA remains parochial, with a strong Maoist undercurrent), and at least some Chinese would like to dislodge or displace the US from Asia. There is also the usual stuff about how China is a victim, does not get the respect or influence in world affairs that it deserves - these are probably true, but it's because China doesn't know how to exercise global power rather than because the US is holding it back, but it is easier to blame external causes.
It would be great to know if it the PLA or another intel agency was responsible, but "whodunit" has more to do with understanding internal Chinese decision-making than with the motives for the hack. In any case, I assume this was centrally directed (unlike economic espionage, which is more freewheeling and opportunistic). Chinese military decision-making is insulated and largely disconnected from the foreign ministry or the economic agencies, which can give Chinese policy-making an uncoordinated character and is something that increases the risk of miscalculation by the Chinese
The biggest thing that the OPM hack tell us is that the old master-student relationship some Chinese used to talk about is long gone, and we should expect more sharp challenges to our authority and influence. It's not a Cold War (can't have a Cold War with a giant trade partner), but you don't do a hack like OPM if you expect peace and sunshine to arrive next week.