China and cyberwarfare — insights from a military computer scientist
The relationship of cyber-war to Chinese military thought and why a multidisciplinary approach is needed
By Paulo Shakarian, PhD Posted on 14 May 2013
Dr. Paulo Shakarianis a Major in the US Army and a computer scientist who authored the upcoming Elsevier book Introduction to Cyber Warfare along with his wife, sociologist Jana Shakarian, and computer security expert Andrew Ruef. He has written over 20 published articles in scientific and military journals and has been featured in The Economist, Wired and Popular Science for his work on cyber-warfare and artificial intelligence.
Previously, Dr. Shakarian served two combat tours in Operation Iraqi Freedom. He currently works as an Assistant Professor at the US Military Academy at West Point, where he teaches classes on computer science and information technology. His website is: shakarian.net/paulo. [divider]
In the past few months, there has been much news about alleged Chinese cyber-warfare.
In February, the security firm Mandiant released a report that presents an evidence-supported hypothesis of a Chinese military unit tasked with conducting cyber-espionage against English speaking countries.Earlier this month, the news media reported on an alleged Chinese cyber-operation that resulted in the theft of information on the vulnerabilities of every major dam in the United States.
Meanwhile, the US Department of Defense's annual unclassified report to Congress described Chinese cyber exploitation operations directed against "US diplomatic, economic, and defense industrial base sectors that support US national defense programs."
Why would Chinese hackers conduct such risky cyber-operations?
A look at the writings of their military thinkers in the past decade provides some insight.
The doctrine of 'active defense'
Traditionally, the People's Liberation Army (PLA) was focused on the Chinese idea of "active defense," which refers to the notion of not initiating conflict but being prepared to respond to aggression. The late 1990s saw a shift to a new paradigm -- "active offense." With this way of thinking, the goal becomes to set the conditions of the battlefield that gives the PLA a significant advantage. In the cyber-arena, this entails not only building one's defenses to deter attack, but utilizing cyber-operations to obtain the upper hand in the case of a larger conflict. In this light, intelligence gathering as described in the Mandiant report — identifying vulnerabilities in critical infrastructure (as with the theft of the information on the U.S. dams) and cyber-exploitation directed against the defense industry (as cited in the DoD report to congress) — are all actions that could give the PLA an upper hand in a larger conflict and can be considered "active offense."
The concept of unrestricted warfare
It is also interesting to note that around the same time the idea of "active offense" was introduced, the concept of "unrestricted warfare" also became prominent in Chinese military thought. This theory calls for extending operations beyond the conventional military arena and focus on other domains, including informational, economic and psychological areas. It also involves conducting operations in these domains during peacetime.
The idea of "unrestricted warfare" works hand-in-hand with "active offense": no sector is left untouched – whether it be gathering data about your adversaries' infrastructure, intellectual property or economic information; it all can provide a potential advantage.
Further, in an article in China Military Science, military leaders stressed that cyber-operations directed against social, economic, and political targets can be done without fear of such activities leading to large-scale military engagements. (Long Fangcheng and Li Decai, "On the Relationship of Military Soft Power to Comprehensive National Power and State Soft Power," China Military Science, Issue 5, 2009, 120-29)
These notions can help us understand why it seems that incidents of Chinese cyber-war happen so frequently: Chinese military thinkers have essentially been calling for a low-level conflict in cyber-space during peace time, and they believe this can be done with little consequence.
Cyber-domain touches every aspect of warfare – and beyond
In some ways, these cyber-incidents may indicate the PLA's elevated level of understanding regarding the relevance of cyber-war. It illustrates that they see how the cyber-domain touches every aspect of warfare. For instance, the cyber-spying by the group APT1 as described in the Mandiant report had the goal of not only gathering intelligence but also stealing industrial information – hence having not only a military but economic effect. The collection of information on the vulnerabilities on US dams can be a powerful strategic deterrent, which can have significant policy implications.
However, these multi-domain incidents are not new and not uncommon. Similar alleged Chinese cyber-operations have occurred frequently in the last decade: consider Titan Rain (2005), Gh0stNet (2008), Aurora (2009) and Sykipot (2011), to name a few.
When studying these events, it is important to not only understand the technical details but also place them in the proper political, economic, military, and scientific context. Solutions to cyber-warfare issues must include not only a computer security component but account for other domains and disciplines. As concerns of cyber-warfare continue to grow, the field will likely take on a more multidisciplinary flavor — and rightfully so. Cyber is touching more aspects of our society every day.
The opinions in this article are solely those of the author and do not necessarily reflect the opinions of the US Military Academy, the US Army or the Department of Defense.