Over the years, the Natto Team has published a substantial amount of research on the role of China’s private sector in building the country’s cyber capabilities. The private sector, particularly the cybersecurity industry, has become an indispensable resource for the Chinese government in conducting advanced technological cybersecurity research, supporting offensive cyber operations, and defending the country’s critical infrastructure. However, we recognize that no matter how important the private sector’s role is, the government and military must have their own affiliated entities to conduct cybersecurity research and development, respond to cyber incidents, protect critical infrastructure, perform security testing and product evaluation, and carry out cyber operations. Glimpses of their activity come to light, such as the 2020 US indictment of members of the PLA 54th Research Institute for the “brazen criminal heist” of information from US credit reporting agency Equifax.1 What more can we learn about entities directly affiliated with government agencies like the Ministry of State Security (MSS) or the People’s Liberation Army (PLA)? What capabilities do they possess that contribute to China’s emergence as “Cyber Superpower”?

In this post, the Natto Team explores an example of a Chinese government and military-affiliated entity—the National Research Center for Information Technology Security (NITSC) (国家信息技术安全研究中心). We examine its organizational structure, affiliations, and capabilities, then reveal its military connections. Lastly, we present questions for further research.