Monday, October 26, 2009

Cyber Report on China

I got a tip to a new report on Chinese cyber capabilities [pdf] by Northrop Grumman. The report aims to provide "a comprehensive open source assessment of China’s capability to conduct computer network operations (CNO) both during peacetime and periods of conflict."

They start off with an overview of the strategic developments in China. Even though there is no official CNO strategy, the PLA is in fact preparing to fight the cyber battle. I found it interesting that they consider domination in cyber space a prerequisite for air and naval domination. This is a clear indication of its importance in the Chinese thinking. It also explains why the EW/IW/CW issue is seen as the forcing agent behind the "informationization" of the PLA.

Chinese writings identify enemy C4ISR and logistics systems as the primary targets in a military conflict and also point out that IW will fire the opening "shots" in a war. However, there is also indication that IW and conventional techniques can and should be used together for maximum effect. I think this is very important, because I have often seen the mindset that IW is something separate from "real" warfighting. Then again, the Chinese have thousands of years of experience to draw upon, so it is not surprising that they see the value of combining the two.

They also point out that China is very active in developing counter-space weapons (EW, CW, kinetic, directed energy, EMP etc.) in order to fight a potentially tech-heavy oriented opponent such as the US.

Another interesting aspect is targeting. Instead of trying to blanket the battlefield, the Chinese writings suggest taking out key nodes in order to provide opportunities for other forces to exploit the resulting confusion in a specific point in the battlefield. I believe this refers more towards EW and kinetic than cyber, as tactical use of cyber attacks would probably be difficult to implement.

It seems that the PLA is actively training to fight in conditions where CW/IW is a common part of the battle field, including special training centers and a designated Blue Force (OPFOR) regiment. In addition, several universities seem to engage in offensive CW research and education.

There is an interesting note about using EW/CW pre-emptively to deter an enemy or to limit the size of the conflict without much bloodshed. In fact, they seem to consider CW a deterrent second only to nuclear at the strategic level. I like the comment that CW is the PLAs longest range weapon.

Another key point that I agree with is that CNO is useful for damaging/degrading systems, but also for deploying PSYOPS/deception against enemy personnel, enemy supporters and the public in general. I have met some people who consider PR the one and only element of IW and I just disagree. With so many options available under IW, it would be irresponsible to overly limit yourself to use only one.

There is an excellent section about how the Chinese might use CNO against the US (military) in a conflict scenarion. I agree wholeheartedly that the logistics and C2 systems at the theater or higher level would be sensible targets to buy time for the PLA and to cause confusion among US forces. However, as I have noted before, the discussion here is limited to purely military targets (like in the US discussion), but in a total war the commercial sector may be the more important strategic target.

The following section gives a broad overview of what is publicly known about the Chinese CW structure. Of particular interest for me are the PLA IW militia units, which seem to be drafted from commercial and academic entities to supplement PLAs integral capabilities. The idea of using telcos and universities (for example) to create sub-units for the militia is perhaps not intuitive for the westerners, but it does make sense. You have people with the right skills, established relationships and access to networks and systems - all they need is a mission.

The second interesting bit is that some militia sub-units seem to focus purely on R&D. In order to understand the significance, consider if infantry (militia) battalion is likely to have a dedicated infantry tactics research and development platoon. This highlights the difference between the information warriors and the traditional fighters. The report also mentions discussions about setting a different standard (age limit, physical condition) for the cyber warrior, something that was also debated here.

Moving on to the independent Chinese (patriotic) hacker community, the report claims that around 2002-2004 the state reversed its previously favorable stance towards patriotic hactivism and as a result the movement has died down. This was not the notion I got in Stockholm in May, where Dr Xu Wu from Arizona State University talked about Chinese cyber nationalism. According to him, the patriotic hacker community is alive and well, albeit somewhat underground. He also claimed that the state was having difficulties deciding what to do with this resource, as it is difficult to control - something that I also predicted in my paper about volunteer cyber attackers. Dr Wu compared it to a double-edged sword, which can cut both ways. It is possible, however, that this discrepancy does not exist and the official cyber militias have incorporated a significant part of the patriotic hacker community.

The report then provides a couple of examples of recent attacks probably originating from China. There are also various examples of relations between the state and the hacker community, including state recruitment in the hacker forums. One of the more interesting examples is how a java language user group transformed into a patriotic hacker group over the EP-3 incident. This is an excellent illustration of how "cyber tribes" can very quickly develop into cyber militias.

In the following section, cyber espionage is investigated from the US perspective. The report points out that potential Chinese espionage efforts are a great concern for the US counter-intelligence community, especially in the light of the reactive cyber defense paradigms in place. They claim that there is a strong case for state-sponsored attacks, although it is often difficult to fully attribute the attack to a state.

The report includes a nice explanation of a targeted attack via e-mail to get access to the organization's systems. However, they include an even more interesting case study of a large data heist in a US firm. It provides a simple description of the time line and activities uncovered by the forensic team.

The report concludes with a comprehensive list of China-related cyber events between 1999 and 2009.

Overall, the report is easy to read and low-tech. It covers many interesting aspects of the Chinese cyber issues. However, since this is a public and open-source report, it does not go into too much detail and it may inadvertently include some deception information. All-in-all, I enjoyed it and it provided me with a lot of things to think about. It also confirms some of my own theories and thoughts.

As always, read the report for full detail.

No comments:

Post a Comment