0x815

Prosecutors at the International Criminal Court are investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes, four sources familiar with the case said.

It is the first confirmation that attacks in cyberspace are being investigated by international prosecutors, which could lead to arrest warrants if enough evidence is gathered.

The probe is examining attacks on infrastructure that endangered lives by disrupting power and water supplies, cutting connections to emergency responders or knocking out mobile data services that transmit air raid warnings, one official said.

ICC prosecutors are working alongside Ukrainian teams to investigate "cyberattacks committed from the beginning of the full-scale invasion" in February 2022, said the official, who declined to be named because the probe is not finished.

Two other sources close to the ICC prosecutor's office confirmed they were looking into cyberattacks in Ukraine and said they could go back as far as 2015, the year after Russia's seizure and unilateral annexation of the Crimean Peninsula from Ukraine.

Moscow has previously denied that it carries out cyberattacks, and officials have cast such accusations as attempts to incite anti-Russian sentiment.

Ukraine is collecting evidence to support the ICC prosecutor's investigation. The ICC prosecutor's office declined to comment on Friday, but has previously said it has jurisdiction to investigate cybercrimes. It has also said it cannot comment on matters related to ongoing investigations.

Russians accused of crimes against humanity

The court has issued four arrest warrants against senior Russian suspects since the beginning of the invasion. These include President Vladimir Putin, suspected of a war crime over the deportation of Ukrainian children to Russia.

Russia, which is not a member of the ICC, dismissed that decision as "null and void". Ukraine is also not a member, but has granted the ICC jurisdiction to prosecute crimes committed on its territory.

In April, a pre-trial chamber issued arrest warrants alleging that two Russian commanders had committed crimes against humanity with strikes against civilian infrastructure. The Russian defence ministry did not respond to a request for comment at the time.

At least four major attacks on energy infrastructure are being examined, two sources with knowledge of the investigation told Reuters.

A senior source said one group of Russian hackers in the ICC's crosshairs is known in cybersecurity research circles as "Sandworm", and is believed by Ukrainian officials and cyber experts to be linked to Russian military intelligence.

A team at the Human Rights Center, UC Berkeley School of Law, has been investigating Sandworm's cyberattacks targeting Ukrainian civilian infrastructure since 2021, and made confidential submissions to the ICC in 2022 and 2023 identifying five cyberattacks it said could be charged as war crimes.

Sandworm is suspected of a string of high-profile attacks, including a successful 2015 attack on a power grid in western Ukraine – one of the first of its kind, according to cybersecurity researchers.

A group of activist hackers calling themselves "Solntsepyok" ("hot spot") claimed responsibility for a major attack on the Ukrainian mobile telecommunications provider Kyivstar last Dec. 12. Ukrainian security services identified that group as a front for Sandworm.

Sandworm is also believed by Kyiv to have carried out extensive cyberespionage against Western governments on behalf of Russia's intelligence agencies.

Can a cyberattack be a war crime?

Cyberattacks that target industrial control systems, the technology that underpins much of the world's industrial infrastructure, are rare, but Russia is one of a small club of nations that possess the means to do so, the cybersecurity researchers said.

The ICC case, which could set a precedent for international law, is being closely followed.

The body of international law covering armed conflict, enshrined in the Geneva Conventions, bans attacks on civilian objects, but there is no universally accepted definition of what constitutes a cyber war crime.

Legal scholars in 2017 drafted a handbook called the Tallinn Manual on the application of international law to cyberwarfare and cyber operations.

But experts interviewed by Reuters say it is unclear whether data itself can be considered the "object" of an attack banned under international humanitarian law, and whether its destruction, which could be devastating for civilians, can be a war crime.

"If the court takes on this issue, that would create great clarity for us," said Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual process. Schmitt believes that the hack of Kyivstar, owned by the Dutch company Veon, meets the criteria to be defined as a war crime.

"You always look at the foreseeable consequences of your operation. And, you know, that was a foreseeable consequence that placed human beings at risk."

Ukraine's intelligence agency said it had provided details of the incident to ICC investigators in The Hague. Kyivstar said it was analysing the attack in partnership with international suppliers and the SBU, Ukraine's intelligence agency.

Prosecutors at the International Criminal Court are investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes, four sources familiar with the case said.

It is the first confirmation that attacks in cyberspace are being investigated by international prosecutors, which could lead to arrest warrants if enough evidence is gathered.

The probe is examining attacks on infrastructure that endangered lives by disrupting power and water supplies, cutting connections to emergency responders or knocking out mobile data services that transmit air raid warnings, one official said.

ICC prosecutors are working alongside Ukrainian teams to investigate "cyberattacks committed from the beginning of the full-scale invasion" in February 2022, said the official, who declined to be named because the probe is not finished.

Two other sources close to the ICC prosecutor's office confirmed they were looking into cyberattacks in Ukraine and said they could go back as far as 2015, the year after Russia's seizure and unilateral annexation of the Crimean Peninsula from Ukraine.

Moscow has previously denied that it carries out cyberattacks, and officials have cast such accusations as attempts to incite anti-Russian sentiment.

Ukraine is collecting evidence to support the ICC prosecutor's investigation. The ICC prosecutor's office declined to comment on Friday, but has previously said it has jurisdiction to investigate cybercrimes. It has also said it cannot comment on matters related to ongoing investigations.

Russians accused of crimes against humanity

The court has issued four arrest warrants against senior Russian suspects since the beginning of the invasion. These include President Vladimir Putin, suspected of a war crime over the deportation of Ukrainian children to Russia.

Russia, which is not a member of the ICC, dismissed that decision as "null and void". Ukraine is also not a member, but has granted the ICC jurisdiction to prosecute crimes committed on its territory.

In April, a pre-trial chamber issued arrest warrants alleging that two Russian commanders had committed crimes against humanity with strikes against civilian infrastructure. The Russian defence ministry did not respond to a request for comment at the time.

At least four major attacks on energy infrastructure are being examined, two sources with knowledge of the investigation told Reuters.

A senior source said one group of Russian hackers in the ICC's crosshairs is known in cybersecurity research circles as "Sandworm", and is believed by Ukrainian officials and cyber experts to be linked to Russian military intelligence.

A team at the Human Rights Center, UC Berkeley School of Law, has been investigating Sandworm's cyberattacks targeting Ukrainian civilian infrastructure since 2021, and made confidential submissions to the ICC in 2022 and 2023 identifying five cyberattacks it said could be charged as war crimes.

Sandworm is suspected of a string of high-profile attacks, including a successful 2015 attack on a power grid in western Ukraine – one of the first of its kind, according to cybersecurity researchers.

A group of activist hackers calling themselves "Solntsepyok" ("hot spot") claimed responsibility for a major attack on the Ukrainian mobile telecommunications provider Kyivstar last Dec. 12. Ukrainian security services identified that group as a front for Sandworm.

Sandworm is also believed by Kyiv to have carried out extensive cyberespionage against Western governments on behalf of Russia's intelligence agencies.

Can a cyberattack be a war crime?

Cyberattacks that target industrial control systems, the technology that underpins much of the world's industrial infrastructure, are rare, but Russia is one of a small club of nations that possess the means to do so, the cybersecurity researchers said.

The ICC case, which could set a precedent for international law, is being closely followed.

The body of international law covering armed conflict, enshrined in the Geneva Conventions, bans attacks on civilian objects, but there is no universally accepted definition of what constitutes a cyber war crime.

Legal scholars in 2017 drafted a handbook called the Tallinn Manual on the application of international law to cyberwarfare and cyber operations.

But experts interviewed by Reuters say it is unclear whether data itself can be considered the "object" of an attack banned under international humanitarian law, and whether its destruction, which could be devastating for civilians, can be a war crime.

"If the court takes on this issue, that would create great clarity for us," said Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual process. Schmitt believes that the hack of Kyivstar, owned by the Dutch company Veon, meets the criteria to be defined as a war crime.

"You always look at the foreseeable consequences of your operation. And, you know, that was a foreseeable consequence that placed human beings at risk."

Ukraine's intelligence agency said it had provided details of the incident to ICC investigators in The Hague. Kyivstar said it was analysing the attack in partnership with international suppliers and the SBU, Ukraine's intelligence agency.

Prosecutors at the International Criminal Court are investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes, four sources familiar with the case said.

It is the first confirmation that attacks in cyberspace are being investigated by international prosecutors, which could lead to arrest warrants if enough evidence is gathered.

The probe is examining attacks on infrastructure that endangered lives by disrupting power and water supplies, cutting connections to emergency responders or knocking out mobile data services that transmit air raid warnings, one official said.

ICC prosecutors are working alongside Ukrainian teams to investigate "cyberattacks committed from the beginning of the full-scale invasion" in February 2022, said the official, who declined to be named because the probe is not finished.

Two other sources close to the ICC prosecutor's office confirmed they were looking into cyberattacks in Ukraine and said they could go back as far as 2015, the year after Russia's seizure and unilateral annexation of the Crimean Peninsula from Ukraine.

Moscow has previously denied that it carries out cyberattacks, and officials have cast such accusations as attempts to incite anti-Russian sentiment.

Ukraine is collecting evidence to support the ICC prosecutor's investigation. The ICC prosecutor's office declined to comment on Friday, but has previously said it has jurisdiction to investigate cybercrimes. It has also said it cannot comment on matters related to ongoing investigations.

Russians accused of crimes against humanity

The court has issued four arrest warrants against senior Russian suspects since the beginning of the invasion. These include President Vladimir Putin, suspected of a war crime over the deportation of Ukrainian children to Russia.

Russia, which is not a member of the ICC, dismissed that decision as "null and void". Ukraine is also not a member, but has granted the ICC jurisdiction to prosecute crimes committed on its territory.

In April, a pre-trial chamber issued arrest warrants alleging that two Russian commanders had committed crimes against humanity with strikes against civilian infrastructure. The Russian defence ministry did not respond to a request for comment at the time.

At least four major attacks on energy infrastructure are being examined, two sources with knowledge of the investigation told Reuters.

A senior source said one group of Russian hackers in the ICC's crosshairs is known in cybersecurity research circles as "Sandworm", and is believed by Ukrainian officials and cyber experts to be linked to Russian military intelligence.

A team at the Human Rights Center, UC Berkeley School of Law, has been investigating Sandworm's cyberattacks targeting Ukrainian civilian infrastructure since 2021, and made confidential submissions to the ICC in 2022 and 2023 identifying five cyberattacks it said could be charged as war crimes.

Sandworm is suspected of a string of high-profile attacks, including a successful 2015 attack on a power grid in western Ukraine – one of the first of its kind, according to cybersecurity researchers.

A group of activist hackers calling themselves "Solntsepyok" ("hot spot") claimed responsibility for a major attack on the Ukrainian mobile telecommunications provider Kyivstar last Dec. 12. Ukrainian security services identified that group as a front for Sandworm.

Sandworm is also believed by Kyiv to have carried out extensive cyberespionage against Western governments on behalf of Russia's intelligence agencies.

Can a cyberattack be a war crime?

Cyberattacks that target industrial control systems, the technology that underpins much of the world's industrial infrastructure, are rare, but Russia is one of a small club of nations that possess the means to do so, the cybersecurity researchers said.

The ICC case, which could set a precedent for international law, is being closely followed.

The body of international law covering armed conflict, enshrined in the Geneva Conventions, bans attacks on civilian objects, but there is no universally accepted definition of what constitutes a cyber war crime.

Legal scholars in 2017 drafted a handbook called the Tallinn Manual on the application of international law to cyberwarfare and cyber operations.

But experts interviewed by Reuters say it is unclear whether data itself can be considered the "object" of an attack banned under international humanitarian law, and whether its destruction, which could be devastating for civilians, can be a war crime.

"If the court takes on this issue, that would create great clarity for us," said Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual process. Schmitt believes that the hack of Kyivstar, owned by the Dutch company Veon, meets the criteria to be defined as a war crime.

"You always look at the foreseeable consequences of your operation. And, you know, that was a foreseeable consequence that placed human beings at risk."

Ukraine's intelligence agency said it had provided details of the incident to ICC investigators in The Hague. Kyivstar said it was analysing the attack in partnership with international suppliers and the SBU, Ukraine's intelligence agency.

International Criminal Court (ICC) investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes, sources say

https://www.reuters.com/world/europe/icc-probes-cyberattacks-ukraine-possible-war-crimes-sources-2024-06-14

Prosecutors at the International Criminal Court are investigating alleged Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes, four sources familiar with the case said.

It is the first confirmation that attacks in cyberspace are being investigated by international prosecutors, which could lead to arrest warrants if enough evidence is gathered.

The probe is examining attacks on infrastructure that endangered lives by disrupting power and water supplies, cutting connections to emergency responders or knocking out mobile data services that transmit air raid warnings, one official said.

ICC prosecutors are working alongside Ukrainian teams to investigate "cyberattacks committed from the beginning of the full-scale invasion" in February 2022, said the official, who declined to be named because the probe is not finished.

Two other sources close to the ICC prosecutor's office confirmed they were looking into cyberattacks in Ukraine and said they could go back as far as 2015, the year after Russia's seizure and unilateral annexation of the Crimean Peninsula from Ukraine.

Moscow has previously denied that it carries out cyberattacks, and officials have cast such accusations as attempts to incite anti-Russian sentiment.

Ukraine is collecting evidence to support the ICC prosecutor's investigation. The ICC prosecutor's office declined to comment on Friday, but has previously said it has jurisdiction to investigate cybercrimes. It has also said it cannot comment on matters related to ongoing investigations.

Russians accused of crimes against humanity

The court has issued four arrest warrants against senior Russian suspects since the beginning of the invasion. These include President Vladimir Putin, suspected of a war crime over the deportation of Ukrainian children to Russia.

Russia, which is not a member of the ICC, dismissed that decision as "null and void". Ukraine is also not a member, but has granted the ICC jurisdiction to prosecute crimes committed on its territory.

In April, a pre-trial chamber issued arrest warrants alleging that two Russian commanders had committed crimes against humanity with strikes against civilian infrastructure. The Russian defence ministry did not respond to a request for comment at the time.

At least four major attacks on energy infrastructure are being examined, two sources with knowledge of the investigation told Reuters.

A senior source said one group of Russian hackers in the ICC's crosshairs is known in cybersecurity research circles as "Sandworm", and is believed by Ukrainian officials and cyber experts to be linked to Russian military intelligence.

A team at the Human Rights Center, UC Berkeley School of Law, has been investigating Sandworm's cyberattacks targeting Ukrainian civilian infrastructure since 2021, and made confidential submissions to the ICC in 2022 and 2023 identifying five cyberattacks it said could be charged as war crimes.

Sandworm is suspected of a string of high-profile attacks, including a successful 2015 attack on a power grid in western Ukraine – one of the first of its kind, according to cybersecurity researchers.

A group of activist hackers calling themselves "Solntsepyok" ("hot spot") claimed responsibility for a major attack on the Ukrainian mobile telecommunications provider Kyivstar last Dec. 12. Ukrainian security services identified that group as a front for Sandworm.

Sandworm is also believed by Kyiv to have carried out extensive cyberespionage against Western governments on behalf of Russia's intelligence agencies.

Can a cyberattack be a war crime?

Cyberattacks that target industrial control systems, the technology that underpins much of the world's industrial infrastructure, are rare, but Russia is one of a small club of nations that possess the means to do so, the cybersecurity researchers said.

The ICC case, which could set a precedent for international law, is being closely followed.

The body of international law covering armed conflict, enshrined in the Geneva Conventions, bans attacks on civilian objects, but there is no universally accepted definition of what constitutes a cyber war crime.

Legal scholars in 2017 drafted a handbook called the Tallinn Manual on the application of international law to cyberwarfare and cyber operations.

But experts interviewed by Reuters say it is unclear whether data itself can be considered the "object" of an attack banned under international humanitarian law, and whether its destruction, which could be devastating for civilians, can be a war crime.

"If the court takes on this issue, that would create great clarity for us," said Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual process. Schmitt believes that the hack of Kyivstar, owned by the Dutch company Veon, meets the criteria to be defined as a war crime.

"You always look at the foreseeable consequences of your operation. And, you know, that was a foreseeable consequence that placed human beings at risk."

Ukraine's intelligence agency said it had provided details of the incident to ICC investigators in The Hague. Kyivstar said it was analysing the attack in partnership with international suppliers and the SBU, Ukraine's intelligence agency.

Archived link

• One of the most direct ways that Beijing promotes authoritarian governance is through training programs for foreign government officials on Chinese governance practices. Beijing uses these sessions to directly promote ideas and practices that marry economics and politics to make a case for its authoritarian capitalism model.
• The training sessions also appear to serve intelligence-collection purposes by requiring each participant to submit reports detailing their prior exchanges and engagements with other foreign countries on specific training subjects, and it fits into China’s broader ambitions to undermine the liberal democratic norms.
• The reportis based upon 1,691 files from the Chinese Ministry of Commerce (MOFCOM) containing descriptions of 795 governmental training programs delivered (presumably online) in 2021 and 2022 during the pandemic. Beijing began delivering training programs in 1981, first in coordination with the United Nations Development Program (UNDP) as part of an effort to provide aid and basic skills to developing countries. In 1998, the Chinese government broke away from that cooperation arrangement and began offering its own centrally planned training programs directly to governmental officials from countries across the Global South.
• The trainings offer authoritarian principles in areas such as law enforcement, journalism, legal issues, space technologies, and many other topics. Given that in China, law enforcement is designed to protect the state and the Party rather than the people, journalism is prescribed to create national unity rather than act as a check against the system, and the law is intended to protect the regime rather than its citizenry, these training programs naturally offer foreign officials different lessons than they would receive from democratic countries.
• According to the report, the Chinese embassy in a country identified for training typically is notified roughly three months before a training program is expected to be hosted, and the Chinese embassy is tasked with selecting and inviting targeted individuals in the host country. For example, the Chinese Ministry of Public Security attaché at the embassy would be responsible for inviting local law-enforcement representatives to join programs organized by the Chinese Ministry of Public Security.
• Each training, no matter the subject, has contained language on CCP ideology and organization and related contributions to the PRC’s achievements in that subject area. In this way, authoritarian governance choices are being promoted even in the most niche of subject areas.
• Even programs on seemingly innocuous topics like beekeeping, bamboo forestry, meteorology, or low-carbon development all begin by briefing participants about the Chinese reform and guiding management principles raised at the latest plenary sessions of the Party committee.
• For the purpose of this research, the 795 training programs were reviewed and categorized into six groups based on their reported activities as outlined in the files:

1. Clearly authoritarian: The first group describes training programs which include explicit lessons on PRC practices that are widely regarded in liberal democracies as direct infringements on personal freedom. This includes PRC endorsement of non-democratic regime practices in political, government, and legal affairs, including administrative control over the media, information, and population.

2. Potentially authoritarian: These training programs contain lessons on PRC practices which have, in some cases, infringed on personal freedom or indirectly aided infringement of personal freedoms and individual rights. This includes, for example, training on dual-purpose technologies that could be exploited to access individuals’ data in ways that expand state surveillance and control over citizens’ personal lives.

3. Infrastructure and resource access: These training programs are centered on setting standards and imparting industrial technical skills for various aspects of infrastructure and resource extraction, which may further PRC access to critical resources. This includes, for example, renewable energy application, mechanization of the agricultural sector, and technologies in mining, copper processing, and biotechnology.

4. Information operation access: These training programs are centered on activities that might further PRC access for its information operations, such as programs on Chinese culture and Mandarin-language promotion for foreign officials.

5. Security access: The fifth group involves and describes training programs centered on activities that may further PRC access to the sensitive security infrastructure of a foreign country, such as programs on aviation emergency, satellite imagery, and geochemical mapping.

6. Others: The sixth group includes all other training programs that do not fit into the above categories, such as pest control, climate change, soybean production, tourism development, and preschool-education sector capacity building.

Intelligence value of the trainings

As detailed in the files, the majority of these training programs, no matter the category, require participants to submit a report prior to the training. The trainings, therefore, provide a reliable intelligence benefit to the Chinese government. Even if an audience does not engage with the program content or demonstrate receptivity to party ideologies and narratives, the reports submitted by participants contain potentially valuable information that Beijing routinely receives en masse. Foreign officials are asked to write about current developments in their country related to the training subject, their country’s current cooperation and partnership with other countries on that subject, and potential ideas for collaboration with the PRC on that subject.

Beyond obtaining immediate, updated, and accurate intelligence from foreign government officials, this approach enables Beijing to assess their future willingness to cooperate on that subject. Specifically, the process directly identifies the scope of potential areas of cooperation from leading experts and officials in charge, prepares the way for potential informal discussion about future cooperation, and, most importantly, identifies individuals who are willing to facilitate and build long-lasting relations with China. With this in mind, this research effort focused on trainings aimed at expanding China’s footprint in the Global South’s infrastructure, resources, information operations, and security domains.

Archived link

• One of the most direct ways that Beijing promotes authoritarian governance is through training programs for foreign government officials on Chinese governance practices. Beijing uses these sessions to directly promote ideas and practices that marry economics and politics to make a case for its authoritarian capitalism model.
• The training sessions also appear to serve intelligence-collection purposes by requiring each participant to submit reports detailing their prior exchanges and engagements with other foreign countries on specific training subjects, and it fits into China’s broader ambitions to undermine the liberal democratic norms.
• The reportis based upon 1,691 files from the Chinese Ministry of Commerce (MOFCOM) containing descriptions of 795 governmental training programs delivered (presumably online) in 2021 and 2022 during the pandemic. Beijing began delivering training programs in 1981, first in coordination with the United Nations Development Program (UNDP) as part of an effort to provide aid and basic skills to developing countries. In 1998, the Chinese government broke away from that cooperation arrangement and began offering its own centrally planned training programs directly to governmental officials from countries across the Global South.
• The trainings offer authoritarian principles in areas such as law enforcement, journalism, legal issues, space technologies, and many other topics. Given that in China, law enforcement is designed to protect the state and the Party rather than the people, journalism is prescribed to create national unity rather than act as a check against the system, and the law is intended to protect the regime rather than its citizenry, these training programs naturally offer foreign officials different lessons than they would receive from democratic countries.
• According to the report, the Chinese embassy in a country identified for training typically is notified roughly three months before a training program is expected to be hosted, and the Chinese embassy is tasked with selecting and inviting targeted individuals in the host country. For example, the Chinese Ministry of Public Security attaché at the embassy would be responsible for inviting local law-enforcement representatives to join programs organized by the Chinese Ministry of Public Security.
• Each training, no matter the subject, has contained language on CCP ideology and organization and related contributions to the PRC’s achievements in that subject area. In this way, authoritarian governance choices are being promoted even in the most niche of subject areas.
• Even programs on seemingly innocuous topics like beekeeping, bamboo forestry, meteorology, or low-carbon development all begin by briefing participants about the Chinese reform and guiding management principles raised at the latest plenary sessions of the Party committee.
• For the purpose of this research, the 795 training programs were reviewed and categorized into six groups based on their reported activities as outlined in the files:

1. Clearly authoritarian: The first group describes training programs which include explicit lessons on PRC practices that are widely regarded in liberal democracies as direct infringements on personal freedom. This includes PRC endorsement of non-democratic regime practices in political, government, and legal affairs, including administrative control over the media, information, and population.

2. Potentially authoritarian: These training programs contain lessons on PRC practices which have, in some cases, infringed on personal freedom or indirectly aided infringement of personal freedoms and individual rights. This includes, for example, training on dual-purpose technologies that could be exploited to access individuals’ data in ways that expand state surveillance and control over citizens’ personal lives.

3. Infrastructure and resource access: These training programs are centered on setting standards and imparting industrial technical skills for various aspects of infrastructure and resource extraction, which may further PRC access to critical resources. This includes, for example, renewable energy application, mechanization of the agricultural sector, and technologies in mining, copper processing, and biotechnology.

4. Information operation access: These training programs are centered on activities that might further PRC access for its information operations, such as programs on Chinese culture and Mandarin-language promotion for foreign officials.

5. Security access: The fifth group involves and describes training programs centered on activities that may further PRC access to the sensitive security infrastructure of a foreign country, such as programs on aviation emergency, satellite imagery, and geochemical mapping.

6. Others: The sixth group includes all other training programs that do not fit into the above categories, such as pest control, climate change, soybean production, tourism development, and preschool-education sector capacity building.

Intelligence value of the trainings

As detailed in the files, the majority of these training programs, no matter the category, require participants to submit a report prior to the training. The trainings, therefore, provide a reliable intelligence benefit to the Chinese government. Even if an audience does not engage with the program content or demonstrate receptivity to party ideologies and narratives, the reports submitted by participants contain potentially valuable information that Beijing routinely receives en masse. Foreign officials are asked to write about current developments in their country related to the training subject, their country’s current cooperation and partnership with other countries on that subject, and potential ideas for collaboration with the PRC on that subject.

Beyond obtaining immediate, updated, and accurate intelligence from foreign government officials, this approach enables Beijing to assess their future willingness to cooperate on that subject. Specifically, the process directly identifies the scope of potential areas of cooperation from leading experts and officials in charge, prepares the way for potential informal discussion about future cooperation, and, most importantly, identifies individuals who are willing to facilitate and build long-lasting relations with China. With this in mind, this research effort focused on trainings aimed at expanding China’s footprint in the Global South’s infrastructure, resources, information operations, and security domains.

Archived link

• One of the most direct ways that Beijing promotes authoritarian governance is through training programs for foreign government officials on Chinese governance practices. Beijing uses these sessions to directly promote ideas and practices that marry economics and politics to make a case for its authoritarian capitalism model.
• The training sessions also appear to serve intelligence-collection purposes by requiring each participant to submit reports detailing their prior exchanges and engagements with other foreign countries on specific training subjects, and it fits into China’s broader ambitions to undermine the liberal democratic norms.
• The reportis based upon 1,691 files from the Chinese Ministry of Commerce (MOFCOM) containing descriptions of 795 governmental training programs delivered (presumably online) in 2021 and 2022 during the pandemic. Beijing began delivering training programs in 1981, first in coordination with the United Nations Development Program (UNDP) as part of an effort to provide aid and basic skills to developing countries. In 1998, the Chinese government broke away from that cooperation arrangement and began offering its own centrally planned training programs directly to governmental officials from countries across the Global South.
• The trainings offer authoritarian principles in areas such as law enforcement, journalism, legal issues, space technologies, and many other topics. Given that in China, law enforcement is designed to protect the state and the Party rather than the people, journalism is prescribed to create national unity rather than act as a check against the system, and the law is intended to protect the regime rather than its citizenry, these training programs naturally offer foreign officials different lessons than they would receive from democratic countries.
• According to the report, the Chinese embassy in a country identified for training typically is notified roughly three months before a training program is expected to be hosted, and the Chinese embassy is tasked with selecting and inviting targeted individuals in the host country. For example, the Chinese Ministry of Public Security attaché at the embassy would be responsible for inviting local law-enforcement representatives to join programs organized by the Chinese Ministry of Public Security.
• Each training, no matter the subject, has contained language on CCP ideology and organization and related contributions to the PRC’s achievements in that subject area. In this way, authoritarian governance choices are being promoted even in the most niche of subject areas.
• Even programs on seemingly innocuous topics like beekeeping, bamboo forestry, meteorology, or low-carbon development all begin by briefing participants about the Chinese reform and guiding management principles raised at the latest plenary sessions of the Party committee.
• For the purpose of this research, the 795 training programs were reviewed and categorized into six groups based on their reported activities as outlined in the files:

1. Clearly authoritarian: The first group describes training programs which include explicit lessons on PRC practices that are widely regarded in liberal democracies as direct infringements on personal freedom. This includes PRC endorsement of non-democratic regime practices in political, government, and legal affairs, including administrative control over the media, information, and population.

2. Potentially authoritarian: These training programs contain lessons on PRC practices which have, in some cases, infringed on personal freedom or indirectly aided infringement of personal freedoms and individual rights. This includes, for example, training on dual-purpose technologies that could be exploited to access individuals’ data in ways that expand state surveillance and control over citizens’ personal lives.

3. Infrastructure and resource access: These training programs are centered on setting standards and imparting industrial technical skills for various aspects of infrastructure and resource extraction, which may further PRC access to critical resources. This includes, for example, renewable energy application, mechanization of the agricultural sector, and technologies in mining, copper processing, and biotechnology.

4. Information operation access: These training programs are centered on activities that might further PRC access for its information operations, such as programs on Chinese culture and Mandarin-language promotion for foreign officials.

5. Security access: The fifth group involves and describes training programs centered on activities that may further PRC access to the sensitive security infrastructure of a foreign country, such as programs on aviation emergency, satellite imagery, and geochemical mapping.

6. Others: The sixth group includes all other training programs that do not fit into the above categories, such as pest control, climate change, soybean production, tourism development, and preschool-education sector capacity building.

Intelligence value of the trainings

As detailed in the files, the majority of these training programs, no matter the category, require participants to submit a report prior to the training. The trainings, therefore, provide a reliable intelligence benefit to the Chinese government. Even if an audience does not engage with the program content or demonstrate receptivity to party ideologies and narratives, the reports submitted by participants contain potentially valuable information that Beijing routinely receives en masse. Foreign officials are asked to write about current developments in their country related to the training subject, their country’s current cooperation and partnership with other countries on that subject, and potential ideas for collaboration with the PRC on that subject.

Beyond obtaining immediate, updated, and accurate intelligence from foreign government officials, this approach enables Beijing to assess their future willingness to cooperate on that subject. Specifically, the process directly identifies the scope of potential areas of cooperation from leading experts and officials in charge, prepares the way for potential informal discussion about future cooperation, and, most importantly, identifies individuals who are willing to facilitate and build long-lasting relations with China. With this in mind, this research effort focused on trainings aimed at expanding China’s footprint in the Global South’s infrastructure, resources, information operations, and security domains.

Archived link

• One of the most direct ways that Beijing promotes authoritarian governance is through training programs for foreign government officials on Chinese governance practices. Beijing uses these sessions to directly promote ideas and practices that marry economics and politics to make a case for its authoritarian capitalism model.
• The training sessions also appear to serve intelligence-collection purposes by requiring each participant to submit reports detailing their prior exchanges and engagements with other foreign countries on specific training subjects, and it fits into China’s broader ambitions to undermine the liberal democratic norms.
• The reportis based upon 1,691 files from the Chinese Ministry of Commerce (MOFCOM) containing descriptions of 795 governmental training programs delivered (presumably online) in 2021 and 2022 during the pandemic. Beijing began delivering training programs in 1981, first in coordination with the United Nations Development Program (UNDP) as part of an effort to provide aid and basic skills to developing countries. In 1998, the Chinese government broke away from that cooperation arrangement and began offering its own centrally planned training programs directly to governmental officials from countries across the Global South.
• The trainings offer authoritarian principles in areas such as law enforcement, journalism, legal issues, space technologies, and many other topics. Given that in China, law enforcement is designed to protect the state and the Party rather than the people, journalism is prescribed to create national unity rather than act as a check against the system, and the law is intended to protect the regime rather than its citizenry, these training programs naturally offer foreign officials different lessons than they would receive from democratic countries.
• According to the report, the Chinese embassy in a country identified for training typically is notified roughly three months before a training program is expected to be hosted, and the Chinese embassy is tasked with selecting and inviting targeted individuals in the host country. For example, the Chinese Ministry of Public Security attaché at the embassy would be responsible for inviting local law-enforcement representatives to join programs organized by the Chinese Ministry of Public Security.
• Each training, no matter the subject, has contained language on CCP ideology and organization and related contributions to the PRC’s achievements in that subject area. In this way, authoritarian governance choices are being promoted even in the most niche of subject areas.
• Even programs on seemingly innocuous topics like beekeeping, bamboo forestry, meteorology, or low-carbon development all begin by briefing participants about the Chinese reform and guiding management principles raised at the latest plenary sessions of the Party committee.
• For the purpose of this research, the 795 training programs were reviewed and categorized into six groups based on their reported activities as outlined in the files:

1. Clearly authoritarian: The first group describes training programs which include explicit lessons on PRC practices that are widely regarded in liberal democracies as direct infringements on personal freedom. This includes PRC endorsement of non-democratic regime practices in political, government, and legal affairs, including administrative control over the media, information, and population.

2. Potentially authoritarian: These training programs contain lessons on PRC practices which have, in some cases, infringed on personal freedom or indirectly aided infringement of personal freedoms and individual rights. This includes, for example, training on dual-purpose technologies that could be exploited to access individuals’ data in ways that expand state surveillance and control over citizens’ personal lives.

3. Infrastructure and resource access: These training programs are centered on setting standards and imparting industrial technical skills for various aspects of infrastructure and resource extraction, which may further PRC access to critical resources. This includes, for example, renewable energy application, mechanization of the agricultural sector, and technologies in mining, copper processing, and biotechnology.

4. Information operation access: These training programs are centered on activities that might further PRC access for its information operations, such as programs on Chinese culture and Mandarin-language promotion for foreign officials.

5. Security access: The fifth group involves and describes training programs centered on activities that may further PRC access to the sensitive security infrastructure of a foreign country, such as programs on aviation emergency, satellite imagery, and geochemical mapping.

6. Others: The sixth group includes all other training programs that do not fit into the above categories, such as pest control, climate change, soybean production, tourism development, and preschool-education sector capacity building.

Intelligence value of the trainings

As detailed in the files, the majority of these training programs, no matter the category, require participants to submit a report prior to the training. The trainings, therefore, provide a reliable intelligence benefit to the Chinese government. Even if an audience does not engage with the program content or demonstrate receptivity to party ideologies and narratives, the reports submitted by participants contain potentially valuable information that Beijing routinely receives en masse. Foreign officials are asked to write about current developments in their country related to the training subject, their country’s current cooperation and partnership with other countries on that subject, and potential ideas for collaboration with the PRC on that subject.

Beyond obtaining immediate, updated, and accurate intelligence from foreign government officials, this approach enables Beijing to assess their future willingness to cooperate on that subject. Specifically, the process directly identifies the scope of potential areas of cooperation from leading experts and officials in charge, prepares the way for potential informal discussion about future cooperation, and, most importantly, identifies individuals who are willing to facilitate and build long-lasting relations with China. With this in mind, this research effort focused on trainings aimed at expanding China’s footprint in the Global South’s infrastructure, resources, information operations, and security domains.

Norway’s prime minister signaled a hardening stance on China, pledging tighter cooperation with businesses on security risks linked to the Asian nation.

In his security policy statement to lawmakers in Oslo on Thursday, Jonas Gahr Store said China is the country “with the greatest capacity” for activity targeted at “undermining our interests and values.” While the premier highlighted the threats from neighboring Russia following its full-scale invasion of Ukraine, he said Norwegians must pay more attention to risks when collaborating with China.

“Going forward, risk reduction will have to be part of our approach to China and Chinese actors,” Store said. “We want cooperation with China, in trade, climate, the green shift - to solve global problems. But it is not advisable in sensitive areas.”

The Norwegian government has so far struck a more cautious tone on China than many of its European counterparts, even as the country’s intelligence agencies have repeatedly warned about risks posed by China, including influence efforts focused on the Arctic.

Norway also harbors painful memories of China suspending ties with the Nordic nation for most of last decade after the Norwegian Nobel Committee awarded human rights advocate Liu Xiaobo the Nobel Peace Prize in 2010 for “his long and non-violent struggle for fundamental human rights in China.”

“We are now intensifying the dialogue with the business world, the knowledge sector and other social actors, about risks linked to cooperation with China and other countries,” Store said.

The addition of external propaganda bases in Zhejiang and Tianjin over the past two weeks brings the total number at the provincial level to 23. These International Communication Centers (ICCs), also being launched at the city level, are meant to remake China’s approach to delivering its message externally.

On June 7, the municipality of Tianjin became the latest provincial-level jurisdiction in China to launch a central office for disseminating foreign propaganda. According to coverage in Tianjin’s flagship CCP-run newspaper, the Tianjin Daily, the center will focus on television, radio and multimedia products for foreign distribution, as well as “major international events,” all to “present a true, multidimensional, and lively image of Tianjin.”

The formation of the Tianjin ICC follows closely on the heels of the set up on May 31 of Zhejiang International Communication Center (浙江国际传播中心), or ZICC. A release from provincial media in Zhejiang called ZICC “an all-in-one communication platform.” The center, which consolidates state media resources at the provincial-level, comprises websites, dedicated news channels, and an “overseas social media platform account matrix” with a total follower base of over 8 million.

With the addition of the Tianjin and Zhejiang centers, the number of provincial-level ICCs in China now stands at 23.

Over the past two years, responding to instructions from the central CCP leadership, local "international communication centers" have been established in 27 provinces.

China’s provincial and city-level international communication centers, or ICCs, are spearheading efforts promoted by the leadership since 2018, and accelerating over the past two years, to “innovate” foreign-directed propaganda under a new province-focused strategy. In June 2023, provincial and city-level ICCs in China created a mutual association to better coordinate work nationwide. The process of integrating the ICCs both horizontally and vertically, including with central state media, has begun to emerge as a core strategy in the CCP’s remaking of its overall propaganda matrix.

[Edit typo.]

The addition of external propaganda bases in Zhejiang and Tianjin over the past two weeks brings the total number at the provincial level to 23. These International Communication Centers (ICCs), also being launched at the city level, are meant to remake China’s approach to delivering its message externally.

On June 7, the municipality of Tianjin became the latest provincial-level jurisdiction in China to launch a central office for disseminating foreign propaganda. According to coverage in Tianjin’s flagship CCP-run newspaper, the Tianjin Daily, the center will focus on television, radio and multimedia products for foreign distribution, as well as “major international events,” all to “present a true, multidimensional, and lively image of Tianjin.”

The formation of the Tianjin ICC follows closely on the heels of the set up on May 31 of Zhejiang International Communication Center (浙江国际传播中心), or ZICC. A release from provincial media in Zhejiang called ZICC “an all-in-one communication platform.” The center, which consolidates state media resources at the provincial-level, comprises websites, dedicated news channels, and an “overseas social media platform account matrix” with a total follower base of over 8 million.

With the addition of the Tianjin and Zhejiang centers, the number of provincial-level ICCs in China now stands at 23.

Over the past two years, responding to instructions from the central CCP leadership, local "international communication centers" have been established in 27 provinces.

China’s provincial and city-level international communication centers, or ICCs, are spearheading efforts promoted by the leadership since 2018, and accelerating over the past two years, to “innovate” foreign-directed propaganda under a new province-focused strategy. In June 2023, provincial and city-level ICCs in China created a mutual association to better coordinate work nationwide. The process of integrating the ICCs both horizontally and vertically, including with central state media, has begun to emerge as a core strategy in the CCP’s remaking of its overall propaganda matrix.

[Edit typo.]

The addition of external propaganda bases in Zhejiang and Tianjin over the past two weeks brings the total number at the provincial level to 23. These International Communication Centers (ICCs), also being launched at the city level, are meant to remake China’s approach to delivering its message externally.

On June 7, the municipality of Tianjin became the latest provincial-level jurisdiction in China to launch a central office for disseminating foreign propaganda. According to coverage in Tianjin’s flagship CCP-run newspaper, the Tianjin Daily, the center will focus on television, radio and multimedia products for foreign distribution, as well as “major international events,” all to “present a true, multidimensional, and lively image of Tianjin.”

The formation of the Tianjin ICC follows closely on the heels of the set up on May 31 of Zhejiang International Communication Center (浙江国际传播中心), or ZICC. A release from provincial media in Zhejiang called ZICC “an all-in-one communication platform.” The center, which consolidates state media resources at the provincial-level, comprises websites, dedicated news channels, and an “overseas social media platform account matrix” with a total follower base of over 8 million.

With the addition of the Tianjin and Zhejiang centers, the number of provincial-level ICCs in China now stands at 23.

Over the past two years, responding to instructions from the central CCP leadership, local "international communication centers" have been established in 27 provinces.

China’s provincial and city-level international communication centers, or ICCs, are spearheading efforts promoted by the leadership since 2018, and accelerating over the past two years, to “innovate” foreign-directed propaganda under a new province-focused strategy. In June 2023, provincial and city-level ICCs in China created a mutual association to better coordinate work nationwide. The process of integrating the ICCs both horizontally and vertically, including with central state media, has begun to emerge as a core strategy in the CCP’s remaking of its overall propaganda matrix.