Over the past few years we have observed the beginnings of a fundamental change in how People’s Republic of China (The PRC) engages with adversaries in the information warfare and cyberespionage domains. As is explained below, this has been characterized by a shift from asymmetrical to symmetrical engagement. As the PRC is widely perceived to be a major threat by many states and private companies in this domain, understanding the PRC’s changing doctrines of engagement is critical to maintaining situational awareness of the wider threat landscape.

“A mouse toying with a cat” – Unrestricted Warfare as a concept

In 1999 the Chinese People’s Liberation Army (PLA) published Unrestricted Warfare, a doctrinal guide for how the PLA, and the PRC as a whole, would engage with regional and international opponents. Unrestricted warfare advocated extending the concept of warfare to a range of non-conventional spheres – politics, law, and media, amongst others. At the core of this doctrine was the idea that the PRC could defeat a technologically and operationally superior adversary by engaging unconventional operations, more commonly known in Western military circles as asymmetric warfare. This doctrinal approach was adopted principally because at the time, the PRC lacked the capability to operate in any other way, particularly in the information warfare domain. A key principle of Unrestricted Warfare that underpinned PRC strategy was that large numbers of small scale asymmetric operations would cumulatively degrade an opponent and result in victory for the PRC.

Addressing the strategic imbalance – away from the asymmetric

However, in the last few years a significant change in doctrinal attitude has begun to occur. The 2013 iteration of the Science of Military Strategy, a PLA publication issued every 10-15 years which outlines planned strategic developments, emphasised technological, organizational and operational improvements in order to begin to approach parity with the US. Following this, in 2015 the PLA began its most significant reforms of the last 30 years with the institution of a process of wholescale organizational reform to restructure the force along more modern lines. A particularly notable change being the amalgamation of the PLA’s network warfare and cyberespionage units into a single entity – the Strategic Support Force (SSF).

SSF emblem

Figure 1 – Emblem of the SSF.

This centralization of these type of operations, which were previously conducted by a diverse range of units, was likely intended to enable the PRC’s leadership to exercise greater control over these operations and thereby both increase effectiveness and reduce liabilities. In addition to a desire to improve capability, international pressure on the PRC to curtail its industrial cyberespionage operations, particularly from the US, has likely been a motivating factor for these reforms. If these measures are effective, they will likely make the SSF a much more effective tool for supporting the development and implementation of government policy and, crucially, engaging with opponents in the network domain of warfare.


The early indications of the PRC’s new approach can already be seen in its engagement with regional opponents in the South China Sea. The PRC has become increasingly assertive in its territorial claims which is indicative of a desire to engage with these geostrategic issues not as a regional power, but as a “great power” on par with the US. This process is ongoing and while the effectiveness of the reforms remains to be seen, they give us an idea of what the PRC intends to become. We can, therefore, expect to see a decline in the volume of cyberespionage being conducted by Chinese actors, particularly corporate and industrial cyberespionage, as the shift of operational responsibility to the SSF reduces operational duplication, aligns operations more closely with centrally mandated objectives, cracks down on unsanctioned operations, and improves the focus of those operations which do take place.