NEWS ANALYSIS
Two common themes keep emerging in China’s interaction with Canada and the United States: circumventing agreements and a lack of reciprocity. Invariably, at the centre of the issue are the deceitful actions of Chinese state-owned enterprises (SOEs).Certainly, China is not respecting the spirit of understandings with Canada and the United States on cyber hacking, which increasingly appear to be toothless.
Researchers Chris C. Demchak of the U.S. Naval War College and Tel Aviv University’s Yuval Shavitt recently detailed how China hijacks internet traffic in a paper written for the U.S.-based Military Cyber Affairs journal.
The report, titled “China’s Maxim—Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking,” states that China’s economic progression depends on “massive expropriation of foreign R&D.” BGP, or border gateway protocol, is one of the two software protocols used by the “glue” holding the internet together.
Conservative member of Parliament Tom Kmiec, who warned the government about the potential takeover of Canadian infrastructure and construction giant Aecon by a Chinese SOE on public safety and national security grounds, sees his concerns playing out with China Telecom.
“The future in terms of global trade and trade deals—there needs to be a broader debate about state-owned enterprises,” he said in an interview. “We should have a broader debate in Canada on whether we should allow any of them to do business here in any significant way.”
Accords Not Respected
In September 2015, U.S. President Barack Obama and Chinese President Xi Jinping agreed to stop military forces from hacking commercial enterprises. For some time, the deal appeared to be working, as far fewer hacks were being reported, but since the agreement only covered military activities, it did not prevent Chinese SOEs from carrying on stealing trade secrets and more.“While the 2015 agreement prohibited direct attacks on computer networks, it did nothing to prevent the hijacking of the vital internet backbone of Western countries,” the report states.
Starting in February 2016 and for about six months, China Telecom hijacked internet traffic going from Canadian to Korean government sites and diverted it through China.
This was accomplished through access points on the internet called points of presence (PoPs), which allow the party controlling them to redirect and copy data. China has eight PoPs in the United States and two in Canada, but the North American countries have none in China.
Similar to the lack of reciprocity in trade and foreign direct investment between Canada and China and between the United States and China, the North American countries have been naïve in letting China establish these PoPs.
“I honestly don’t know how they got PoPs in the United States without someone in the U.S. government giving it a blind eye or approval at the State Department level,” said cybersecurity expert Gary Miliefsky in an interview. Miliefsky is a founding member of the U.S. Department of Homeland Security and publisher of Cyber Defense Magazine.
“This story is just unfolding and is very big when it comes to stupidity and no reciprocity. So why did we let it happen?” he said.
Global Affairs Canada did not respond to a request for a 2018 update on the dialogue and the latest actions of China Telecom.
“Reciprocity—that’s the keyword now. … It’s just an expectation that they’re [China] going to treat us … in the same manner,” Kmiec said. “That’s always been a problem.”
The authors of the “China’s Maxim” report recommend a reciprocity policy, with one version being to have Beijing allow PoPs on Chinese soil based on a ratio of population size between China and other countries. For example, this would mean China allowing three times as many PoPs on its soil (24) as the eight it has in the United States.
Miliefsky is highly skeptical that the United States and Canada will ever get their own PoPs in China. In addition to the eavesdropping on Chinese intellectual property, it could fundamentally threaten the control that the ruling communist regime maintains over the Chinese public.
Ending a War
Cyber warfare has been going on for decades, though a lot of it doesn’t grab headlines.“Let’s just give China the thumbs up—in a bad way—for being the most proactive and multi-generationally serious about it,” Miliefsky said.
“Most of the greatest malware in the world is deployed out of China and most of the hardware made in that country is designed with purposeful flaws, in some cases for very easy exploitation,” he added.
Thus, computer chips, mobile devices, and internet-of-things (IoT) hardware have all become major security risks for companies and private citizens. This is one of the major accusations levied against Huawei—that it builds vulnerabilities or back doors in its products.
“I don’t think we’re going to see China let up, but we’re going to keep catching them red-handed, if you will,” Miliefsky said.
He hopes continued intelligent management of the complex Sino-U.S. relationship brings about fundamental change.
“It could take 20 years or longer to make necessary improvements … where this behaviour becomes … abhorrent to the Chinese people,” Miliefsky said.
“The government of Canada has to take a very clear stance that there will be no more negotiations of any treaties until such time as these diversions of internet traffic and espionage actually stops,” said Kmiec.
