May the Source Be With You: 4 Implications of China’s Latest Stance on the OPM Hack


According to the Chinese state-run Xinhua news, the OPM breach, “turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. previously suspected.” Yesterday, the Washington Post similarly reported the arrest of Chinese criminal hackers, which has since circulated and been sourced across numerous outlets.

Similar to remarks following the US-Sino cyber agreement from September, many pundits are claiming a sea change in Chinese cyber activity. These perceptions unfortunately ignore centuries of theories and data on how states manage the tight balancing act to appease both international as well as domestic audiences. The need to assuage both international and domestic groups leads states to pursue policies that support their own incentive structure and overarching goal of staying in power. By focusing on this latest news from the Chinese government’s perspective, it’s easier to extract insights on their actions and the plausible gap between what is said in the diplomatic arena and what occurs in the nebulous realm of cyberspace.

Below are four assumptions that – when viewed through a strategic, Chinese perspective – should be met with a solid amount of skepticism as the OPM plot thickens:

  1. OPM was not state-sponsored. China has devoted significant capital claiming they are not perpetrators of malicious activity in the cyber domain. By allegedly finding the criminal group behind the OPM hack, China is able to save face internationally and maintain the façade of the pursuit of benign activity in cyberspace. Moreover, by identifying the perpetrators as Chinese criminals, the Chinese government rationalizes away any evidence that may point to China, while distancing any government involvement
  2. China is holding domestic criminals accountable. The Chinese government has a long history of leveraging scapegoats, as is evident in the ongoing crackdown on corruption. Accountability and scapegoating are very different, and confounding the two only leads to erroneous interpretations of activities.
  3. Norms are working. Xinhua’s announcement supports the ongoing perception that US-shaped global norms may be impacting Chinese digital activity. Unfortunately, this ignores the difficulty in establishing norms, which generally follow a steep S-curve and take significant time and resources to establish in the international system. Moreover, Chinese overt announcements toward cooperation occurred just as the US was about to impose economic sanctions due to the string of breaches attributed to China, including OPM as well as GitHub, United Airlines, Anthem, and the National Oceanic and Atmospheric Administration, to name a few.  This behavior does not change overnight, nor do norms become embedded quickly enough to alter behavior that significantly. Conversely, self-interest (not so-called cyber norms) dominates states behavior, and will continue to rationalize the gap between diplomatic behavior and covert activity.
  4. The source is credible. Finally, a dominant source of information on the arrest of Chinese criminals for OPM is Xinhuanet, run by Xinhua News Agency, the official media outlet for the state government. Like virtually all state-run media platforms in non-democracies, Chinese state-run platforms have a reputation as serving as a propaganda tool of the state. In the 2014 World Press Freedom Index, China ranks 175 out of 180, barely edging out Somalia and Syria in press liberties.

As additional details are disclosed over the next few weeks and months regarding the OPM hack, greater scrutiny of the sources and incentive structures should be explored before making grand assertions of strategic behavioral shifts. Diplomatic maneuvering between states to shape both domestic and international perceptions is an omnipresent characteristic of the international system. It would be wise to remain cognizant of motives and activities before believing the next state-sponsored media report.