Lithuania provides insight into the broader threats from China

(Last Updated On: March 15, 2024)

Lithuania warns that China has ramped up espionage & cyber campaigns in this year’s National Threat Assessments. Cybersecurity and Digital Safety specialists benefit from studying and reflecting on other countries’ national threat assessments. The problem is selecting one that best matches the resources and capabilities that are more closely aligned with most of the world. You cannot compete with the resources from the Five Eye Countries (Aotearoa/New Zealand, Australia, Canada, United Kingdom, and United States). Fortunately, countries like Lithuania publish in-depth analyses of their National Threat Assessments detailing various concerns.

Take a pause and pull down Lithuania’s 2024 National Threat Assessments.

A tool to understand China’s threat actor complexity

I am always exasperated when I hear “high-level officials” and peers in the cybersecurity community talk about “the China threat” as one prominent monolithic threat actor. This frame of reference is the same bias that led to the 1941 Pearl Harbor attack being a surprise. China has multiple threat actors, each with its own commissioned and internal power play agendas. They compete with each other. They are huge. They have different industries, universities, and commercial operations supporting them. If you think it is “China,” you are missing potential intentions behind the incident. Lithuania’s 2024 National Threat Assessment has provided everyone in the cybersecurity community with a valuable illustration of the complexity and interest of the multiple Chinese threat actors:

Read through the report, highlight the various Chinese threat actors, and start looking for other sources that explore the complexity.

If some cyber security expert comes to you talking about the “China Threat,” ask them, “Which one?” Get them to go into details. For example, ask whether it is the People’s Liberation Army (PLA), State Secure, or Public Security. Then, ask if it is a commercial contractor or commissioned agent. All of these are factors in how you take action to counter their work.

What to learn more? Start with Booze Allen and Hamilton’s China’s Cyberattack Strategy Explained. The report provides a breakdown of the threat actors’ complexity, depth, and breadth.

Source: Booze Allen and Hamilton’s Chain’s Cyberattack Strategy Explained.

What is your next step?

Pull down and read Lithuania’s 2024 National Threat Assessment & Booze Allen and Hamilton’s China’s Cyberattack Strategy Explained. Combining the two would help you grasp the multiple vectors of interest from China’s “official” threat actors. If interested, watch the Beyond Espionage & Influence: China’s Cyberattack Strategy Webinar.

• Subscribe to the Senki Community Mailing List. Stay connected to Surfing Cybersecurity practical advice and critical “do this now” operation security recommendations by email.
• Subscribe to Senki’s YOUTUBE Channel for videos on this and other security topics.
• Ask questions to Barry Greene — bgreene@senki.org

Originally published at https://www.senki.org on March 15, 2024.