Why Corporate Leaders Should Read China’s Five Year Plan
Welcome back to our series on the ties between corporate security and China’s Five Year Plan (FYP), which serves as the country’s national economic and policy roadmap. The FYP’s five key themes are Innovation, Coordinated Development, Green Growth, Openness, and Inclusive Growth. This blog series focuses on three of those key themes and the intersection where China’s Five Year Strategy meets cyber risk. In the final series, we will focus on China’s Inclusive Growth objectives.
To read the previous post in this series, please see:
- Part 1: Overview
- Part 2: Innovation-Driven Development
- Part 3: China’s Green Growth Initiatives
Part 4: China’s Inclusive Growth Objectives
Between 2014 and 2015, U.S. public and private organizations experienced a slew of massive data breaches, most notebly, Premera Blue Cross, and the U.S. Office of Personnel Management (OPM). These three incidents resulted in the combined exposure of over 100 million data records. The U.S. government and private cybersecurity firms attributed the attacks to the Chinese government, but the question of why has remained unanswered.
Typically, these types of breaches benefit cybercriminals who profit by selling stolen personal information on the dark web. However, this seemed atypical for the Chinese government given their modus operandi of leaning toward the theft of intellectual property (IP) and other sensitive R&D materials. While the OPM breach seems more understandable – any nation would love to have a list of all the people who have worked for, or contracted with, a foreign government – Anthem and Premera as targets were a question mark.
So why would China hack these organizations? To answer that, and any other Chinese government-attributed hack, look to its Five Year Plan. At the time of the breach, China was pursuing many goals outlined in the 12th FYP, which included moving China’s basic health insurance toward a near universal coverage system. One of the leading hypotheses that helps to explain the motivation behind the Anthem, Premera, and OPM breaches was that China was examining how to set up and structure a large database that could be used to support an influx of its citizens’ healthcare data.
So what type of cyber operations should we expect under the 13th FYP?
Hacking in Harmony
China’s 13th FYP aims to create a “harmonious society” (和谐社会; hexie shehui) by supporting inclusive growth objectives that help alleviate poverty, raise the standard of living, improve access and affordability of healthcare services, and promote educational opportunities. To monitor and control individuals’ access to healthcare, education, pensions, and social program benefits, China uses a household registration system known as Hokou. In an effort to address how urban migration is stressing access to China’s social programs and benefits, China’s State Council announced it would create a national basic public service market to allow for greater portability of benefits. However, it is unclear at this time how the policy will be implemented and funded.
Further complicating matters are China’s aging population and shrinking workforce, which is adding additional stress to China’s social safety net, healthcare system, and labor cost competitiveness. China aims to increase social security coverage of its senior population by 8% over the next 3 years. To be successful, China will have to manage its cost of these benefits, with the cost of healthcare and medicine being important factors in that equation.
To bring down healthcare-related costs and ultimately add some relief to the rest of China’s social program benefits, China may look for ways to obtain and make less expensive prescription medicines, medical technology, and other healthcare products and services. If history is the best predictor of future behavior, pharmaceutical companies, insurance providers, and medical device manufacturers should remain watchful for Chinese cyber operations seeking to steal their IP, R&D, and system designs.
To put a fine point on China’s budgetary challenges and highlight the financial incentives for it to look toward hacking as a solution to meet its objectives, review the estimated costs of its initiatives outlined in the 13th FYP:
- Urbanization: $6.3 Trillion
- Healthcare: $298.9 Billion
- Green Energy and Environmental Priorities: $1.5 Trillion
China cannot fund these initiatives on its own. Indeed, according to an April 2015 report by more than 40 leading Chinese financial policy and regulation experts and government officials, the Chinese government will only be able to cover 10-15% of the estimated $1.5 trillion investment for green energy and environmental priorities.
As we’ve previously warned, to be successful in its plan, China needs to make significant investments and trade-offs. One way China will attempt to achieve this is by allowing the market to have a larger role, attracting new funding from the private sector, and opening up opportunities for increased foreign investments. While these changes may provide new or greater opportunities for U.S. businesses, those opportunities may come with significant risks. One specific risk factor is the additional cyber-related risks associated with engaging in Chinese business partnerships and joint ventures, or with falling victim to Chinese Government hacking activities.
Does your organization do business in China? Is your industry an important part of China’s FYP? If so, then you would benefit from N2K’s Cyber Resolve Training that helps boards and executives better understand and prepare their organizations regarding cyber risk. Contact us and learn more.