Part 19 (1/2)
This was clearly seen in a story reported in the New York Times on June 27, 2009, ent.i.tled ”US and Russia Differ on a Treaty for Cybers.p.a.ce.”
Was.h.i.+ngton was pus.h.i.+ng for more international cooperation among law enforcement agencies, similar to the Council of Europe Convention on Cybercrime, which has been signed by 22 nations, excluding Russia and China.
Moscow prefers a nonproliferation treaty similar to what's in place for weapons of ma.s.s destruction (chemical, biological, nuclear), but it vigorously resists any attempt to allow international law enforcement to pursue cyber criminals within its borders.
[38] Source: Moscow Nezavisimoye Voyennoye Obozreniye (in Russian), a weekly independent military newspaper published by Nezavisimaya Gazeta.
China Military Doctrine
As the Chinese have said, losers in IW will not just be those with backward technology. They will also be those who lack command thinking and the ability to apply strategies. It is worth the time of the US a.n.a.lytical community to a.n.a.lyze IW strategies and tactics from all points of view, not just the empirical US approach.
--Lt. Col. Timothy Thomas, ”Like Adding Wings to the Tiger”
Information technology is an area where, unlike industrial capacity or military hardware, no one nation can claim dominance. As a result, information technology and its military counterpart, information warfare, holds great appeal for the PRC, which has tremendous resources in its population size and the number of their high-quality math and science graduates.
People's Liberation Army (PLA) officers began writing about information warfare at about the same time that the Internet browser became wildly popular: 1993. The instigating factor was the US display of technology in the first Gulf War, noticed and written about by General Liu Huaqing, the former vice chairman of the Central Military Commission. The U.S victory held special significance for the Chinese because Iraq was using weapons acquired from China and Russia. The resounding defeat of the Iraqi military was also a comment on the lack of effectiveness of Chinese hardware against an obviously superior force.
A second wake-up call for the Chinese arrived with the NATO action in Kosovo in 1999, which resulted in the bombing of the Chinese emba.s.sy. Although apologies were forthcoming, the action resulted in Chinese hackers attacking official US government networks, including the US Department of Energy and Interior websites.
In April 2001, when a US EP-3 Signals surveillance aircraft collided with a Chinese military aircraft, resulting in the death of the Chinese pilot, angry civilian hackers launched cyber attacks against US networks. These events did not go unnoticed by PLA officers, who observed how computer warriors could leverage technological dependencies by a superior force in an effort to gain an asymmetric advantage.
A recent study uses US joint doctrine as a construct to highlight the differences between Chinese and American IW. Kate Farris argues that ”the US tends to focus on the CNA aspect of IW, while the Chinese take a more broad perspective, emphasizing pillars such as PSYOP, Denial, and Deception.” While my selection of Chinese literature persuasively supports this a.s.sessment, the current state of Chinese IW is simply too immature and not understood well enough to reach any definitive conclusion.
The inherent problem with a technologically advanced military force is its dependence on technology. The more complex a network, the more vulnerable it is. Major General w.a.n.g Pufeng wrote in 1995: ”There is a question of how to use weakness to defeat strength and how to conduct war against weak enemies in order to use information superiority to achieve greater victories at a smaller cost.”
In 1995, Pufeng, often referred to as the ”father of information warfare,” wrote his influential book The Challenge of Information Warfare, wherein he saw information warfare as a critical factor for China's future modernization plans: In the final a.n.a.lysis, information warfare is conducted by people. One aspect is to cultivate talent in information science and technology. The development and resolution of information warfare can be predicted to a great degree in the laboratory. Information science and technology talent are the forerunners of science and technology research.
Today, Chinese students regularly place at the top of international science and math challenges, far above their peers in the United States. In a 2003 math, science, and reading a.s.sessment involving 250,000 students from 41 countries, China (Hong Kong) ranked #1 in science and #3 in math. Many of those students will go on to receive advanced degrees from US universities such as Stanford and MIT, and some may serve as officers in the People's Liberation Army. In 2006, two Chinese universities contributed more Ph.D.s to American university graduate programs than any other nation, including the United States (puters can be linked up to perform a common operation, to perform many tasks in place of a large-scale military computer, an IW victory will very likely be determined by which side can mobilize the most computer experts and part-time fans. That will be a real People's War.
In line with this concept of organizing a civilian cyber militia, there are reports of actual IW drills being conducted within Chinese provinces, such as Hubei in 2000. According to Xu Jiwu and Xiao Xinmin, in their article ”Civil Networks Used in War” (Beijing Jiefangjun Bao), an IW exercise was held in the city of Ezhou that demonstrated the rapid mobilization of civilian networks, such as cable television stations, banking networks, telecommunications, and other linked systems, to serve as offensive IW units in times of war.
This is a further example that China's political leaders are well aware of their shortcomings in traditional warfare and are trying to maximize their a.s.sets, civilian and military, to gain additional strategic leverage. From their perspective, the key filters for decision making are US military superiority, China's aging military technology, and how best to prepare for the next military conflict.
China views future conflicts in the same way that the United States does-as limited engagements rather than total war. To that end, according to Peng and Yao, ”what is emphasized most is the combined use of many types of military, political, economic, and diplomatic measures” (Peng Guangqian and Yao Youzhi, eds., The Science of Strategy, Beijing: Military Science Press, 2001).
The goal is not to crush an opponent but to make the cost of warfare unacceptable. RAND expert James Mulvenon quotes from Lu Daohai's ”Information Operations”(Lu Daohai, Information Operations: Exploring the Seizure of Information Control, Beijing: Juns.h.i.+ Yiwen Press, 1999) to make this point: Computer warfare targets computers-the core of weapons systems and command, control, communications, computers, and intelligence (C4I) systems-in order to paralyze the enemy...[and to]...shake war resoluteness, destroy war potential and win the upper hand in war.
The specific tools of offensive and defensive IW include: Physical destruction Dominance of the electromagnetic spectrum Computer network warfare Psychological manipulation Interestingly, these capabilities almost mirror US doctrine on IW, such as the US Air Force's ”Six Pillars of IW” and ”Joint Vision 2010.” The People's Liberation Army has also obtained and translated copies of JP3-13.1, ”Joint Doctrine for Command and Control Warfare,” according to RAND's James Mulvenon.
Consequently, PLA strategists use the same terminology as that of the US Armed Forces: CNO (computer network operations), CNA (computer network attack), CND (computer network defense), and CNE (computer network exploitation).
Priority of these components begins with CNE, since the People's Republic of China believes that it is presently the target of computer network attacks by the United States.
CNA is believed to be most effective at the very beginning of a conflict and may be used for maximum effect as a preemptive strike. Ideally, if the CNA is disruptive enough, it may end the conflict before it progresses to a full-scale war.
Targets of interest for a network attack include ”hubs and other crucial links in the system that moves enemy troops as well as the war-making machine, such as harbors, airports, means of transportation, battlefield installations, and the communications, command and control and information systems” according to Lu Linzhi in his article ”Preemptive Strikes Crucial in Limited High-Tech Wars” (Jiefangjun bao, February 14, 1996).
US vulnerability to this strategy was recently underscored with the release of the FAA Inspector General's report on the state of Air Traffic Control (ATC) network security. One of the findings revealed that only 11 of the hundreds of ATC systems were protected by mandatory intrusion detection systems. The report goes on to state that some of the cyber attacks may have been successful in gaining control of ATC systems: During Fiscal Year (FY) 2008, more than 800 cyber incident alerts were issued to the Air Traffic Organization (ATO), which is responsible for ATC operations. As of the end of FY 2008, over 150 incidents (17 percent) had not been remediated, including critical incidents in which hackers may have taken over control of ATO computers.
Anti-Access Strategies
Anti-access is a strategy that the PLA has adopted to slow the advance or hamper the operational tempo of an opposing force into a theater of operations during time of war. The RAND Corporation released an excellent study on this strategy, auth.o.r.ed by James Mulvenon and David Finkelstein, and it sheds additional light on how the PRC is planning to fight future wars.
They acknowledge up-front that ”anti-access” per se is not a formal Chinese military strategy; rather, it is a way of summing up Chinese doctrine that addresses the problem of defeating a superior foe. In the case of the United States, that means recognizing US reliance on information networks as a significant vulnerability that, if exploited, could throw US plans into chaos and delay or suspend any impending attack.
Anti-access techniques have a broad range, up to and including triggering an electromagnetic pulse (EMP) device. Targets could include computer systems based in the United States or abroad, command and control nodes, s.p.a.ce-based intelligence, surveillance, and reconnaissance and communications a.s.sets.
The 36 Stratagems
No one can say for certain who wrote these 36 martial proverbs; however, some Chinese historians date them as far back as the Southern Qi dynasty (479502), which was about 1,000 years after Sun Tzu wrote The Art of War.
The 36 stratagems have a darker connotation than The Art of War, focusing solely on acts of trickery, mischief, and mayhem-more the province of spies than soldiers. This makes the ancient doc.u.ment an inspiring resource for today's Chinese nonstate hackers, who rely on creating ruses to trick unsuspecting Internet users into leaving the safety of their firewalls for dangerous terrain. It's also interesting to note that, unlike Russia, China has never engaged in military action where cyber warfare was a component, allegedly opting instead for acts of cyber espionage: Stratagem #3: ”Kill with a borrowed knife”
This stratagem advises ”Attack using the strength of another (in a situation where using one's own strength is not favourable).”
This could just as easily apply to the use of botnets as a means to launch DDOS attacks.
Stratagem #8: ”Openly repair the gallery roads, but sneak through the pa.s.sage of Chencang”
This stratagem advises ”Deceive the enemy with an obvious approach that will take a very long time, while surprising him by taking a shortcut and sneak up to him. As the enemy concentrates on the decoy, he will miss you sneaking up to him.”