Differences in Cyber intelligence between the west and it's adversaries

The world has entered a post 9/11 era. Much of the first 2 decades of the 21st century was  focused on the turmoil of the middle east and combatting extremism. It felt like every couple of year brought with it, a new conflict, a new revolution, a new insurgency. However while the west was focused on the War on Terror, new rivals began to emerge and compete for influence. This quick article will analyse the differences in intelligence operations between western intelligence and it’s adversaries
​

Western Intelligence

​West intelligence modus operandi has historically been about long term operations and intelligence gathering. Three letter agencies (NSA, GCHQ, MI6, CIA) have focused on developing capabilities intended for this. A good example of this is the NSA ANT toolkit, which is a catalogue of exploits and surveillance tools which can be purchased by others in the department/other agencies. Once these agencies penetrate the networks of rival countries, they try to stay undetected for as long as possible. They will try to monitor and gather as much information as possible before being ousted. For example, “Operation Socialist” in which GCHQ breached Belgium telecoms come Belgacom. GCHQ attempted to maintain as long as presence as possible.
Further evidence of this includes NSA Equation group ability to infect the firmware of a hard drive to create hidden disk areas and virtual disk systems. This further steelman’s the argument that Western intelligence agencies value information.
​

Russia

​Power is a major component of authoritarians and even more so amongst the intelligence agencies. The constant need to produce the good and compete against each other means less effort goes into long term operations compared to the short term.
With Russia, the intelligences communities (GRU, SVR, FSB) all compete against each other, going so far as to cannibalise responsibilities and operations. In an attempt to prove their importance to the kremlin, some will favour short-term operations over long term.
 
This is evidence by the very public attacks conducted against the DNC and leaking of NSA offensive tools by the ShadowBrokers(most likely Russia). These high profile, high publicity attacks attempt to show the capabilities of the Russian intelligence agencies to the wider world, but also to the Kremlin.
 
However this is not to say that the Russians are incapable of long term operations, the Solarwinds attack is evidence to this. But it is to say they are less willing to invest in them, and would prefer more brash and open attacks which the Kremlin would appreciate more.
​

China

​China on the other hand is slightly different. Unlike the Russians, they do prefer long term operations. Evidence to this is Operation Aurora which targeted Google back in 2010. They will also target assets which have a strategic value to them. I.e the breaching of Lockheed Martin was extremely sophisticated as it also breached RSA servers. Chinese cyber capabilities are impressive. This could be due to the internal structure of the Chinese state.  All Chinese Intelligence is within the MSS (Ministry of State Security) which is more centralised than its Russian counterpart. It therefore means there is less room for explicitly competition amongst intelligence branches. However, the MSS is not without its competitor
S. The PLA (People Liberation Army) is also adept at its cyber operations and has conducted a wide array of attacks from the early 2000s to recent times against dozens of countries.
 
Ultimately, we can see how both the PLA and MSS are able to focus on largely on long term operations and not on the short term. The reason for this could be due to lack of competition between the two. One group is under the umbrella of the military, while the other is not, essentially meaning they do not need to play the political game (at least openly ) to prove their worth.
 
However, there is still much to improve amongst asset recruitment for Chinese Intelligence. There have been instances of retired members of the Military industrial complex receiving offers over LinkedIn to engage in consultancy or speaking engagements. Not the most sophisticated method of recruitment. On the other hand this could be a tactic to overwhelm a countries internal counter intelligence capabilities, something both the FBI and MI5 are concerned with. Nevertheless, despite being even more authoritarian than Russia, it appears the Chinese are willing to invest more resources into developing long term intelligence capabilities.
​

Conclusion

​To conclude, the methods of an intelligence agency could be a reflection of the countries internal situation. Western intelligence favour long term engagements, willing to sit in systems/networks for years undiscovered to gather information. In Russia however, things are far more reckless. The competent (albeit ruthless) reputation of the Soviet KGB has been replaced by agencies steeped in corruption. Sure the KGB was no stranger to corruption (being described as a “state within a state”) but its operational prowess was no joke, and its successors now jostle for attention from Kremlin elites. This has led it down the road of loud and overt operations taking centre stage as its agencies aim to prove which one of them is Putin’s favourite. China on the other hand tries to follow the western route. It tries to cultivate it capabilities into something covert and long term, but will happily grab quick wins when it can; even if it risks being discovered. It becomes clear that as China’s capabilities mature, that the west will need to be on their game.