Ben Buchanan is an assistant teaching professor at Georgetown University’s School of Foreign Service and the author of The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics.
In the past week, citizens of Canada, the United States and the United Kingdom have had a behind-the-curtain peek on how espionage works today. The governments of the three countries warned that hackers working for Russian intelligence services had spied on COVID-19 vaccine research. A few days later, the U.S. Justice Department indicted two Chinese nationals over their role in an alleged cyberespionage campaign that sought information from defence contractors and COVID-19 researchers. These incidents confirm just how vital hacking to steal secrets is to modern statecraft.
That Russia would spy on vaccine research is unsurprising, since COVID-19 has caused more than 12,000 deaths and more than three-quarters of a million infections in the country. It seems likely that the Kremlin would use any tool at its disposal, illicit or not, to learn whatever it could about how to manage the disease. Moreover, cyberespionage offers advantages that other forms of intelligence collection simply do not. Hacking operations can vacuum up information from all over the world, do not require the lengthy cultivation of human sources, and are particularly effective against targets, such as some academic researchers, that are not used to securing themselves against foreign intelligence threats.
In May, the U.S. said that Chinese hackers have tried to gain access to virus research by breaching U.S. health care companies and universities. The government alert, distributed by the Federal Bureau of Investigation and the Department of Homeland Security, warned that “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” The alert did not give motives for the operation, but U.S. officials worried that the hackers might, even inadvertently, erase important data. Additional media reporting indicated that U.S. officials had concluded that Iran was conducting similar sorts of espionage; both China and Iran have faced large outbreaks of the virus, and they likely turned to their hackers for the same reasons Russia did.
The degree to which the U.S., Canada and other democratic allies are spying on others’ COVID-19 research is unclear, but there are suggestions that the virus is an intelligence priority. The New York Times reported that the U.S. intelligence community has been trying to determine the origins of the virus and the extent of its spread within China. This is not the same thing as spying on scientific research but is suggestive of the importance, rightly so, that Western intelligence agencies place on understanding COVID-19.
In the midst of a raging global health crisis, all of this espionage and intelligence competition might seem counterproductive or distracting. It is, however, a sign that, no matter how terrible COVID-19′s effects become, the struggle for geopolitical advantage between countries continues largely unabated; cyberoperations is one prominent arena in which it plays out. Chris Painter, the former U.S. State Department co-ordinator for cybersecurity, summed up the American – and presumably also the Russian and Chinese – positions well when he told the Wall Street Journal: “In an optimal world, everyone in the scientific community would be co-operating on finding a vaccine. But we’re not in an optimal world.”
This worldview is prevalent – and the cyberespionage in service of it is pervasive – even with global threats such as COVID-19. It is likely stronger still in areas where policy makers perceive the competition between countries to be more zero-sum in nature; cyberespionage against military, economic and political targets are all top priorities for modern nations. The recent COVID-19 espionage that made headlines is not an aberration from a baseline of restraint, but the public tip of a mostly secret iceberg of international cyber competition that has played out online for years.
More specifically, the very same hackers and agencies now spying on COVID-19 researchers previously carried out cyberoperations in the service of more prudential policy aims. The group of Russian hackers identified in the joint government statement, often known as APT29, has previously conducted an extensive espionage campaign against a wide range of targets all over the world. Among many, the group’s most well-known breach was of the Democratic National Committee in the United States. (In a sign of how vast the world of government hacking is, it was a different group of Russian hackers working for a different agency that leaked documents from the committee and from Hillary Clinton’s presidential campaign in 2016.)
Similarly, the Chinese government has long performed cyberespionage via an array of security agencies and military units. Even before COVID-19, many of these groups conducted hacking efforts to gain access to biomedical and other technological research, as documented with ample evidence by Western cybersecurity firms and U.S. government indictments. More generally, research from both public- and private-sector analysts has shown that Chinese hackers have conducted an extremely far-reaching espionage campaign against targets of political, military and economic interest. Some of these individuals are likely now carrying out the Chinese government’s campaign to illicitly access COVID-19 research in the U.S. and elsewhere.
The United States and its allies, too, have long made cyberoperations a key part of their intelligence strategies. The Five Eyes – the democratic countries of the U.S., Britain, Canada, Australia and New Zealand – have collaborated for many years in developing cyberespionage capabilities that they have deployed in service of their intelligence goals, including advancing the political and military interests of these five nations. If the Five Eyes are spying on COVID-19 researchers, it would likely be done in part by the same agencies that have performed cyberoperations in the past.
None of this context excuses espionage that interferes with medical research aimed at combatting a spiralling pandemic. The threat from COVID-19 is serious enough to civilian and global life that governments should not interfere with any effort to make progress in treating it, either in their country or overseas. U.S. officials said that Chinese espionage could slow American research because of the need to ensure that the hackers had not tampered with the medical data. Officials also alleged that the Chinese hackers had attempted to cover their tracks in a way that could have damaged important files.
These recent incidents show watchers of international relations that, for better or worse, cyberespionage is a significant tool of statecraft for policy makers today. Leading governments deploy this tool largely out of view but pervasively. To pretend otherwise is to ignore mounting evidence of the status quo – evidence that grew more voluminous with the recent joint statement from the U.S., Canada and Britain. We should be skeptical of claims or desires that governments will ratchet back their hacking when they do not do so even in the face of public health crises that span the globe and threaten everyone.
Instead, we should recognize that cyberespionage is here to stay as part of modern geopolitics, whether we like it or not. Policy makers evidently find this kind of hacking too alluring to pass up and believe that the competition between countries is too fierce to be set aside, even in a global crisis. For some, this realization will be saddening and will suggest that norms of restraint are further away than they might like; for others, it is simply a recognition of the inevitable, of how far we are from the optimal world of greater co-operation against disease and other shared risks.
Whatever one’s views on this debate, one fact seems clear: In this crisis and in the next one, governments will turn to their hackers and ask what secrets they can steal.
Keep your Opinions sharp and informed. Get the Opinion newsletter. Sign up today.