clwg
4 days ago
I was working with MISP[0], an open-source threat intelligence sharing platform, and came across a really interesting dataset from the Australian Strategic Policy Institute on China's technology research institutions[1]. I liked the data so much I built a quick cross-filter visualization on top of it to help explore it[2].
The data offers a fairly comprehensive and interesting perspective on China's research priorities and organization, I can't speak to the effectiveness of the programs themselves, but it does make me concerned that we are falling far behind in many areas, including cyber security.
[0] https://www.misp-project.org/
[1] https://raw.githubusercontent.com/MISP/misp-galaxy/refs/head...
[2] https://www.layer8.org/8541dd18-ff05-4720-aac7-1bd59d3921dd/
solstice
4 days ago
Two things and one question:
1) While being a fantastic resource to get a first impression of what's out there, the Defense Universities Tracker has not been updated since about 2019. So it is starting to be outdated and anyone using it should be well aware of it. It seems that an update is in an early stage.
2) In order to assess the actual risks, the sources that are provided at each institution's page are crucial. These are ommitted in your version. Please consider linking back to each institutions page under https://unitracker.aspi.org.au/
The question: What is the value added of your page over the official page https://unitracker.aspi.org.au/ ? I only see the map. Am I missing something?
clwg
3 days ago
I’ve updated my link to include the site and wish I had searched more thoroughly as it would have saved me hours; This visualization was more of a personal thing after I stumbled upon it while working within MISP and the raw data(so that's what I initially attributed it to), and just wanted to see it visualized outside of MISP, it's really good analysis.
I've also added the references to the individual institution at the unitracker site as well.
To answer your question, the visualization is just a simple cross-filter. I guess the differences are the categorized and topic-based breakdowns/filtering, filtering by description and it includes a map. I did consider adding a network graph, but my focus isn't really visualization.
acheong08
4 days ago
> we are falling far behind in many areas, including cyber security
In terms of quantity and quality of talent, I don't think the western world would fall behind China, especially with their strict control of information. Most people there will have difficulty independently learning about cybersecurity.
The difference is that most talent is captured by the private sector with higher compensation or bounties. Meanwhile, China can very easily compel anyone they need into the government so the % utilization on outward attacks is probably higher.
dluan
4 days ago
> Most people there will have difficulty independently learning about cybersecurity.
Speaking from my own limited anecdata, but since the 90s in order to use the internet in China you basically had to be somewhat proficient in "cybersecurity" just because of all the required hoops to jump through. There were definitely a lot of script kiddies, but the Chinese exploit scene (amateur and professional) has always been bustling. And just personally speaking, the most truly awe-inspiring and resourceful hackers I've ever known have been Russian, or Chinese. Like actual 10x engineers who think that walls put in place for other people don't exist for them.
coretx
4 days ago
Western society is criminalizing and repressing such culture, so China has already won because they fail at doing the same.
Aeolun
4 days ago
They are very clear about who is a valid target though. I think you’ll quickly find that those attacking domestic targets rapidly disappear.
medo-bear
3 days ago
Kinda works both ways. In many western countries you still go to jail for refusing to give private encryption keys
coretx
3 days ago
Or they convict you for money laundry because you developed a crypto phone they can't crack and don't have any legal means to destroy you. ( Dutch example, and yes - the guy payed taxes everything, they made him hang because of a single client of a client his client his client being involved with shady things. ) State-Spite, Repression and such is rising globally. The rule of law is gone.
richardw
4 days ago
Any state actor who puts in the effort can get pretty good, and some countries make a very specific effort in this area. North Korea is one. Imagine the brightest people in your state (say, population 26 million) were all nudged into one very specific talent funnel, with the goal of stealing money for the government.
China is different. Not quite as focused in terms of sheer government directive, but just think of the Chinese people you do know and extrapolate out the level of effort and talent. Being overconfident seems like a mistake.
throwthrowee
4 days ago
> China can very easily compel anyone they need into the government
I have worked with people in Chinese tech companies and in Chinese tech ministries, and I don't think this statement is true, any more than in the US. In the US, there are talented techies who work for FAANG, startups, Palantir, NSA, etc etc. Similarly in China.
woctordho
4 days ago
Every ordinary Chinese needs to self-learn some cybersecurity to do daily things, like to watch YouTube, or to send messages to others without worrying being censored
viraptor
4 days ago
There's a big difference between using tools intended for general population and being skilled enough in offensive security to make a difference. It may incentivise some people to learn further, but I don't think the effect would be that large. It's kind of like everyone at Uni knowing about P2P a few years ago - but they knew nothing about protocol design.
throwaway290
4 days ago
The ordinary people have their douyin/bilibili and fear of the party so they don't need to learn those things
roenxi
4 days ago
Why would ordinary Chinese people fear the party? The party has been overseeing the greatest expansion of wealth in human history combined with a massive internal propaganda effort which I would assume is pitching them as the good guys and downplays all the brutal stuff they've done
If anything I'd expect ordinary people to be far too trusting that the authorities are reasonable and friendly. They must have real problems with earnest, motivated and well meaning people wandering off the approved parts of the internet into censored topics and getting confused by whatever happens next.
tivert
4 days ago
You're forgetting all the corruption and hypocrisy in China. Do you think the individuals that make up the authorities act in a "reasonable and friendly" towards regular people who interact with them? The contradictions seen by anyone who's paying attention undermine the trust you posit and some fraction of the propaganda messages.
It kinda feels like you understand China as a thought experiment and not a real place.
throwaway290
4 days ago
Fear getting disappeared/jailed for doing something forbidden. You're right that they may not see it as "fear of the party" from inside. More like "why would I do something illegal". But in a system like that those things are actually equivalent.
TaylorAlexander
4 days ago
> In terms of quantity
At the very least China is generally gonna have everyone else beat on quantity of people involved in quite a lot of things.
tw1984
4 days ago
check AI, green energy, EV, mobile computing, cloud computing, quantum stuff, robots etc. it is pretty much China vs US now when it comes to quality.
how many people would seriously believe that EU or Japan can possibly compete with China on its own in terms of quality for those above mentioned sectors.
just looking at those low quality & high pollution Japanese & European cars.
easygenes
4 days ago
Is the last line said ironically? Japanese brands long have and continue to absolutely dominate long term reliability ratings for vehicles, and the first mass market hybrid and full EV vehicles came from Japan.
If you’re talking about innovation and mass EV manufacturing, sure the US and China are leading, but the European Volkswagen and BMW Groups are still competitive. Japan is admittedly a laggard in the EV market, but largely because EVs are still a luxury good and Japanese brands are primarily mainstream.
tw1984
4 days ago
> Japanese brands long have and continue to absolutely dominate long term reliability ratings for vehicles
such hard earned experience is no longer relevant in the era of EV.
> but the European Volkswagen and BMW Groups are still competitive
none of them is even capably of designing self driven cars on their own. same for the AI based infotainment systems fitted on EVs. they are just Canon in 2024/2025.
> EVs are still a luxury good
I wouldn't call it luxury. It is the cheapest option to own a car in Shanghai, BYD Seagull is being offered for $9k USD.
> Japanese brands are primarily mainstream
they have already lost the battle. if EV makers can't build their own self driving systems and those AI based infotainment systems, then they are in the wrong business. Batteries is another story that can not be ignored, Japan and the EU do not have any meaningful control on that.
I don't see any chance how European or Japanese car makers can survive in mid term.
medo-bear
3 days ago
Interesting also is the type of names that appear in so many western academic journals. What I mean to say is that even in Western journals "Alice" and "Bob" is quite rare
tw1984
3 days ago
when "alice" and "bob" can become a lawyer to talk their clients into paying some stupid amount, why bother studying STEM.
blackoil
4 days ago
> especially with their strict control of information.
You have gross misunderstanding of how this strict control works. It isn't like novels or North Korea where some govt agency is creating/curating the info.
equestria
4 days ago
> especially with their strict control of information. Most people there will have difficulty independently learning about cybersecurity.
I'm puzzled by this assertion. I know quite a few self-taught infosec folks who grew up there. China is not North Korea. The government, by and large, doesn't monitor what you're doing day-to-day, unless you're a political activist or some other "undesirable". The Great Firewall doesn't stop you from accessing infosec content; and in any case, the use of VPNs is prevalent among techies.
To be fair, the parent's claim that China is "ahead" in infosec also feels like fearmongering. The one thing that's true for China is that their government has far fewer qualms about hacking Western infrastructure to get dirt on dissidents, steal IP, and so on. But that's a matter of ethics and law, not tech.
PittleyDunkin
4 days ago
> The one thing that's true for China is that their government has far fewer qualms about hacking Western infrastructure to get dirt on dissidents, steal IP, and so on. But that's a matter of ethics and law, not tech.
As opposed to the DoD, which strictly fights for freedom, liberty, and democracy?
equestria
3 days ago
> As opposed to the DoD, which strictly fights for freedom, liberty, and democracy?
Yes, the whataboutism is unwarranted here. The US government is no angel, but is far more constrained in this regard. The bar to become "the enemy of the state" is much higher - for example, your comment won't get you in trouble here. The US government also wouldn't, say, hack Spotify and snoop on their business plans to prop up a competing US startup - something that is commonplace with the Chinese intelligence apparatus.
PittleyDunkin
3 days ago
> The bar to become "the enemy of the state" is much higher - for example, your comment won't get you in trouble here.
I think you're drastically overestimating the effect of being sarcastic about jingoistic rhetoric on the chinese internet. I imagine China, much like the DoD, is quite proud of their ability to penetrate systems and cause havoc.
> The US government also wouldn't, say, hack Spotify and snoop on their business plans to prop up a competing US startup - something that is commonplace with the Chinese intelligence apparatus.
I can't imagine there's much worth taking from Spotify. Meanwhile, if you think the US won't steal technology from China when there's something worth stealing, you're a massive fool.
tivert
4 days ago
> To be fair, the parent's claim that China is "ahead" in infosec also feels like fearmongering. The one thing that's true for China is that their government has far fewer qualms about hacking Western infrastructure to get dirt on dissidents, steal IP, and so on. But that's a matter of ethics and law, not tech.
I've heard China also has many more personnel working in this space.
medo-bear
3 days ago
Ive also heard that China has many more people living in it than the US. Ive also heard that Chinese higher education system is state funded
tivert
3 days ago
> Ive also heard that China has many more people living in it than the US. Ive also heard that Chinese higher education system is state funded
So? It kinds sounds like you're making an excuse, but excuses don't do anything to address the capability difference caused by the larger number of personnel.
medo-bear
3 days ago
The US used to be by far the largest country in the developed world. It could be argued that sheer numbers allowed it to succeed and dominate throughout the previous century. Today the US is no longer the largest country in the developed world, not by a long shot
tivert
3 days ago
What's your point? Your comment doesn't really address anything relevant regarding the US's goals and positioning to achieve them.
For instance, if the US wants to to secure its networks and be able to respond effectively to hacking threats from its geopolitical rivals, it may have to invest proportionally more of its human resources in infosec to remain competitive. I see no good reason why it can't do that.
Also, noting that one reason China may be ahead in infosec is because it may have many more people working in that area was to rebut claims that "China is ahead in infosec" was "fearmongering."
In short, China having a larger population may be one reason why they're ahead, but that why is not very relevant to decisions about what to do about it.
medo-bear
3 days ago
Im just offering you an explanation about evolution of powers in the world, and human resources is a huge factor. Already in his last mandate Trump was constantly talking about the power of US military, much like Russia does about its nukes. These sort of things are done out of weakness, not strength
tivert
2 days ago
> Im just offering you an explanation about evolution of powers in the world, and human resources is a huge factor.
Sorry, that wasn't an explanation that was needed nor asked for.
And its sounds like weird sort of demographic determinism, which is kinda so oversimple to be obviously not true.
medo-bear
2 days ago
I'm sorry I didnt realise you think Im only allowed to respond in the way you find appropriate.
If you do not want to take into account China's huge and relatively well educated and quite capable working class that is your issue
seanmcdirmid
4 days ago
That doesn’t sound like China at all. Having worked in Beijing for 9 years, they pay techies fairly well, not USA FAANG well, but better than Japan, much of Europe, Korea, even Singapore. So there is a lot of private sector movement in these areas, not just government. Information is easily obtained, piracy rates are still very high so it’s not like anything is really locked down behind a paywall. There are plenty of hackers who are in it with a passion, not just for the money, much like you’d find in the states or anywhere in the developed world.
wordofx
4 days ago
Hahahhahahah no way. Salaries in Japan, Korea, Singapore are WAY better than China.
leeorz
4 days ago
If you consider the exchange rate, of course, salaries in China would be much lower. If considering purchasing power and cost of living, Chinese salaries would have a relatively high level of competitiveness.
wordofx
4 days ago
There are sooo many programmers in China that they don’t value programming. You get paid peanuts because there’s so many people to do the job.
baka367
4 days ago
Better than avg(China) - sure.
Better than tier1(China), where most of the research happens - the salaries in China are easily beating Japan and significant portion of the EU "centers" on top of having significantly lower cost of living on most of the relevant dimensions.
foohoge
4 days ago
As I said in another thread, you can live cheaply in Japan if you're about 20 minutes by train from Tokyo. In that thread, someone said that rent is expensive in Beijing and Shanghai. It looks similar.
Anyway, in China I heard that if you go to hospital in a different household registration, you have to pay the full medical costs. It sounds the cost of living in China is expensive.
tw1984
4 days ago
> in China I heard that if you go to hospital in a different household registration, you have to pay the full medical costs.
When talking about paying such full medical costs, let me share some concrete numbers with you, all numbers are from tier 1 cities like Shanghai -
Chest CT scan is 170-200 RMB, or 25-30 USD MRI scan is 260-460 RMB, or 35-65 USD Ultrasound is 20-170 RMB, or 3-25 USD PET CT is 6500 RMB, or 900 USD
https://ybj.sh.gov.cn/cmsres/9b/9baabfec6f6c4e3fa03d6289f5e7...
Ambulance cost is shockingly low, 30 RMB per call plus 7 RMB per KM, that is 4 USD per call plus 1 USD per KM.
https://wx.sh120.sh.cn/mobjsp/helpinfo/FeeScale.jsp?communit...
when you can't afford those tests in the west or facing a stupidly long waiting period, don't be sad, just jump onto an airplane to get yourself checked & treated in Shanghai. You'd still save heap of money saved after such extra travel costs.
seanmcdirmid
4 days ago
Not in tech. There is a weird de-emphasis of programmers in countries that aren’t the USA or mainland china. So a programmer from Japan with some experience/skills can move to Beijing (yes, there were many Japanese expat SWEs when I was there) for a better salary.
foohoge
4 days ago
What? I'm Japanese but I've never heard a story about changing jobs to Chinese company. I heard a lot of stories about changing jobs to GAFAM.
Could you tell me more about that?
numpad0
4 days ago
I don't think it's that much of an outrageous claim, plenty of our fellow countrymen works at local regional branches and English wings of China-owned companies these days. It doesn't take much stretch from there to imagine some of them moving to near their HQ.
It's annoying that sometimes people thinks there has to be basic mutual intelligibility between Chinese and Japanese languages against the reality that there's none, but this is not about that at all. Chill.
foohoge
4 days ago
Is this response about a Chinese-owned company? They said about Microsoft in other responses and I don't receive like that.
I'm not good at English, so I don't get the nuances that native speakers do.
seanmcdirmid
4 days ago
Microsoft paid more in Beijing than Tokyo while I was there, it turns out even experienced programmers in Tokyo don’t make $200k/year. Especially if you have a PhD or research in a hot field, you can get a pretty good job in richer Chinese cities. But an apartment is probably more expensive to rent in Beijing, and definitely in Shanghai, than it is in much of Tokyo, so there are trade offs.
foohoge
4 days ago
It's true that rents in Tokyo are expensive, but Kawasaki or Adachi, where the commute takes about 20 minutes, are cheap. I don't know about the salary, but I checked X or blog and it seems that some are work in the US headquarters, but none in Beijing.
Anyway, when are you there? It looks you are talking in 2010.
medo-bear
3 days ago
I think this is just baseless prejudice. In my experience, having lived in the West and in the East, I found that on average, at least in the urban population, people in the communist and ex-communist space seem to be far more computer literate while computer experts seem to mentally get around "magic and fluff" much easier. Also the authorities are far less concerned about "incorrect" ideologies creeping through (especially through academia) than you probably immagine.
Citizen8396
4 days ago
"Pretend inferiority and encourage his arrogance."
almaight
4 days ago
EasyMark
3 days ago
China mostly works as a meritocracy. The US has done that mostly int the past but the current leadership is essentially adding witchdoctors and criminals to the government departments that will be overseeing security and infrastructure and we will likely face some dire situations and terroristic infrastructure catastrophes over that for the next 4 years or so as the CCP and Russian hackers do whatever they want with our systems because the fox is now in the hen house.
morpheuskafka
3 days ago
I came across that group (ASPI) before and wasn’t too impressed.
Their name suggests they are a public agency—in fact, though sponsored by the AUS defence ministry, they are non-governmental and funded in part by weapons manufacturers and foreign governments.
Their project [0] describes numerous civilian universities as “very high risk,” unnecessarily raising fears that ordinary Chinese students and researchers are dangerous.
Especially since students uni choices are heavily determined by gaokao scores, I don’t think placing labels on people based on their undergrad uni as if they handpicked them for whatever defense connections they may have makes any sense.
This is what the US is doing with Proclamation 10043 under both Trump I and Biden. Steven Miller, who will be returning to a similar role in Trump II, recently suggested banning all Chinese citizens from student visas in the US, demonstrating this irresponsible rhetorics effect.
Moreover, Australia is basically a vassal state of the US for intelligence matters—-see the debate about whether the CIA ousted the only prime minister to question the NSA’s Pine Gap facility on Australian soil. [1]
[0] https://unitracker.aspi.org.au/universities/
[1] https://en.wikipedia.org/wiki/Alleged_CIA_involvement_in_the...