Why Corporate Leaders Should Read China’s Five Year Plan: Part 1
By Jeff Welgan, Executive Director and Head of Executive Training Programs at CyberVista
What do the cyber attacks against U.S. Steel, Alcoa, and Allegheny Technologies Inc. (ATI) all have in common? How about the Anthem, Premera, and CareFirst BlueCross BlueShield breaches; or the cyber attacks on American Superconductor, SolarWorld AG, or Westinghouse Electrical? All these hacks targeted specific, high-value industries: U.S. metals manufacturing, healthcare, and energy, respectively. And all these hacks were all done at the hands of the Chinese government. While it is important to answer the question of “who” is behind these attacks, it is just as important to understand “why” and “what.” Why did China target these specific companies and what made them appealing targets? Why are these specific industries consistent targets of Chinese cyber attacks? When it comes to answering these two critical questions related to Chinese cyber threats, you need to look to China’s Five Year Plan (FYP).
What are China’s Five Year Plans?
Every five years since 1953, the Chinese government issues a new FYP. Each FYP aligns China’s socio economic objectives with top policy goals. Since the 1990’s, China’s FYPs began to act as a roadmap for Chinese ministries and local governments to align with the central government’s greater objectives. Each FYP includes broad themes and specific targets (goals) of the central government. Targets are categorized in two ways:
- Binding targets are designated as hard targets that Chinese officials must achieve. These objectives are also tied to government officials’ career advancement opportunities.
- Expected targets, while also very important, are not included in the official Chinese Communist Party (CCP) evaluation system. Rather, expected targets are primarily met through market forces and functions and are supported by the Chinese government.
When you step back and examine previous victims of Chinese cyber attacks through the lens of the China’s FYP, it become distinctly clear that targeted companies and industries victimized by Chinese hackers align with the areas of need, investment, or improvement articulated in the FYP.
China’s 13th FYP
In March 2016, China ratified its 13th FYP, which will remain in effect until 2020. “The 13th FYP seeks to address China’s ‘unbalanced, uncoordinated, and unsustainable growth’ and creates a ‘moderately prosperous society in all respects’…In addition, the plan builds upon the 11th and 12th FYPs to improve the quality of life of China’s citizens through expanding environmental protection and social welfare.” The 13th FYP constructs a blueprint for China’s development goals across five key themes:
- Innovation: A cornerstone of the 13th FYP, which will focus on “moving Chinese manufacturing up the value-added manufacturing and enhancing its future global competitiveness and technological edge.”
- Coordinated Development: This theme seeks to improve regional inter-governmental coordination of policies, resources, and urban planning in an effort to resolve regional economic development disparities, redundancies in construction and industrial structures, and lack of public services.
- Green Growth: A bulk of the initiatives outlined in the 13th FYP reinforce China’s desire to curb environmental degradation by building clean energy, green manufacturing, and environmental service sectors. Out of the 25 targets outlined in the 13th FYP, 10 targets – all binding – are environmentally-related.
- Openness: This theme focuses on expanding exports and select imports, increasing outbound and inbound investments, encouraging international use of the renminbi (RMB), and enhancing China’s global economic governance role. Additionally, China “pledges to loosen foreign investment restrictions in select sectors such as elder care, banking, and finance, and encourage imports of advanced technology and equipment and high-quality consumer products.”
- Inclusive Growth: In order to alleviate China’s poverty epidemic, raise the standard of living, promote education, and improve accessibility and affordability of healthcare and social services, China seeks to pursue inclusive growth.
Where Opportunity Meets (Cyber) Risk
To be successful in its plan, China needs to make some significant investments and trade-offs. One way China will attempt to achieve this is by allowing the market to have a larger role, attract new funding from the private sector, and open up opportunities for increased foreign investments. While these changes may provide new or greater opportunities for U.S. businesses, those opportunities may come with significant risk. One specific risk factor is cyber risk – just look at the U.S. companies previously victimized by Chinese cyber operations.
But what about the 2015 Obama-Xi cyber agreement, you might ask – hasn’t there been a decrease in cyber attacks since that agreement was signed? While there has been a decrease in cyber activities targeting corporate intellectual property, U.S. business leaders would be remiss if they simply relied on an agreement to protect their business assets and operations. It is also important to keep the timing of the signed agreement in mind. When President Obama and President Xi signed the cyber agreement in September 2015, it was at a natural time for there to be a lull in Chinese cyber threat activities because the 13th FYP was in the process of being finalized. With the 13th FYP now in place, China’s national strategy is set and Chinese cyber operators have had a year to align an operational strategy against the targets and objectives set forth within the new FYP. Lastly, a new U.S. administration has increased uncertainties across the Asia-Pacific region – particularly with regard to U.S.-North Korea relations and China’s role in the region – and U.S. businesses must remain vigilant.
What’s to Come in This Blog Series
Over the next three posts in this series, we will dive deep into several of the five major themes/initiatives outlined in China’s 13th FYP and why certain U.S. businesses and industries should have a heightened sense of cyber risk awareness. Through this series, we will highlight previous Chinese-affiliated cyber attacks on U.S. companies to draw parallels to how those attacks aligned with China’s national goals and objectives. We’ll focus on what senior executives can do to prepare their businesses from an increased Chinese cyber threat. The three themes we will focus on are Innovation, Green Growth, and Inclusive Growth.
As a senior business leader, you are charged with protecting your organization from all types of risk, and cyber risk is an increasingly challenging risk area to oversee. If you want to learn more about how to build and execute a risk management strategy that considers all types of cyber threats, contact us to schedule a Cyber Resolve training session in your boardroom or c-suite.