China in Cyberspace
Col Pradeep Jaidka (Retd.)

A number of major developments in warfare and military technology occurred in the latter half of 20th century. These paradigm shifts are seen in veering away from waging conventional wars to unconventional wars; from nuclear wars to non-proliferation; from Bipolar to Unipolar world; and lastly, use of high technology to control, exploit and degrade the adversary’s Electro Magnetic Spectrum.

Concurrently, the unprecedented growth of computing power and technology during last two decades of 1900s introduced newer technologies, offering more opportunities and initiatives to identify and exploit vulnerabilities. Following now characterize digital space: (1) Obfuscation of distinctions between friend and foe. (2) Ease of access to learn about capabilities, strengths, limitations and intentions or vulnerabilities. (3) Posing new set of challenges to administer the digital space.

The initial trail blazers who structured the digital era architecture, probably neither visualized nor could have controlled the multiple inherent mutual contradictions in the digital environment. In the non-digital era, accessing adversary information was initiated and done under state controls. Today, a plethora of means dominates the information collection wherein state sponsored or non-state actor are involved. Sometimes, the non-state players (lobbyists, academicians, individuals and commercial enterprises) are state sponsored. This proliferation, calls for new approaches to prevent remote access to interfere and compromise military-industrial-space domains and weapon systems from becoming the norm.

In this discussion, Information Warfare and Cyber Warfare are used interchangeably. This paper focuses on the technological initiatives of China - essentially on PLA cyber warfare capabilities.

Evolution of Chinese Cyber Doctrine

It is often said that nation states have militaries irrespective of the party in power. In the Peoples Republic of China (PRC), the Chinese Communist Party (CCP) rules supreme. The Peoples Liberation Army (PLA) - controlled by the CCP - is thus available to the party rather than the state. Automatically, the PLA has been charged with leading the cyber warfare (CyW) initiative. Chinese military doctrine has long articulated the use of a wide spectrum of warfare against its adversaries. The successive PLA modernization periods built upon each other to transform the PLA from an underdeveloped military into a semi-modern force.

During 1978 to 1988, although the Chinese Premier Deng Xiaoping agreed that PLA modernization was critical yet the PLA received lesser priority compared to the domestic economic modernisation. A distinct shift towards technology occurred during Jiang Zemin’s period (1989-96), coinciding with the US forces successes gained by applying high technologies in the Gulf, Kosovo, Afghanistan, and Iraq involvements. China realized the importance of adopting modern technologies for its defence as also the role of Information Warfare (IW) and network operations (NWO) to modern conflicts. Thenceforth, Chinese cyber espionage (Cyespg) has cultivated a significant reputation for its high volume, illicit exploitation of information of foreign networks. Initially economic information was accessed and soon other sensitive elements including science and technology and military1 were targetted.

In 2003, China issued its military strategic guidelines emphasizing “winning local wars in conditions of modern technology, particularly high technology” as the basic aim of preparations for military operations. By 2003, the Chinese government had created new cyber warfare (CyW) units with defensive and offensive capabilities. These included the ability to plant information mines, conduct information reconnaissance, change network data, release information bombs, dump information garbage, disseminate propaganda, apply information deception, release clone information, and establish network spy stations.

In 2004, the military’s guideline was changed to “winning local wars under conditions of informationization.” as “informationization has become the key factor in enhancing the warfighting capability of the armed forces.” 2 By 2007, China was known to be penetrating US and European networks, successfully copying and exporting huge volumes of data. Thus, China has developed its CyW capabilities into a finely tuned, large, efficient machine. The Chinese hackers were able to carry out persistent network intrusions into U.S. military, government, and corporate systems. Several terabytes of Lockheed Martin F-35 aircraft programme were hacked, leading to China produce its own stealth fighter, the Chengdu J-203.

By 2014, it had been established that the whole Chinese CyW system involves a nexus comprising government officials, military officers, business executives, and academics throughout China and abroad. The inputs were used to develop products based on the stolen information to generate revenue.

In its Defence White Paper of 2019, China has re-emphasized that “Cyberspace is a key area for national security, economic growth and social development. Cyber security remains a global challenge and poses a severe threat to China. China’s armed forces accelerate the building of their cyberspace capabilities, develop cyber security and defense means, and build cyber defense capabilities consistent with China’s international standing and its status as a major cyber country”4. The paper also talks about cyber border defence, cyber sovereignty, information security and social stability amongst many other related issues. Safeguarding China’s security interests in electromagnetic space, cyberspace and in outer space is of paramount significance.

Foundation of the Chinese Cyber Doctrine

The insight to China’s cyber operations (CyOps) approach to asymmetric warfare is contained in the book Unrestricted Warfare first published in Chinese in 1999 (translated in 2009). The authors postulated that no country could challenge the military supremacy of the USA through conventional (‘Kinetic’) warfare. They suggested wearing out the US gradually with economic and information warfare. Additional tactics such as manipulating foreign media, flooding enemy countries with drugs, controlling the markets for natural resources, joining international bodies were recommended.

The book advocated taking advantage of an adversary’s seemingly superior conventional capabilities by “fighting the fight that fits one’s own weapons” and “making the weapons to fit the fight”. In other words - removing all rules in waging unrestricted warfare and legitimizing any effort to achieve the end aim.

Thus, Chinese military strategists planned to use conventional weapons against their enemies, but, where they lacked competitive advantage, CyW was to be used to overcome the difference.

Integrating Cyber-tools with the Military Strategy

China’s cyber capabilities are considered tools to achieve the strategic objectives of the Chinese Communist Party (CCP), namely: 1) perpetuating CCP rule; 2) maintaining domestic stability; 3) sustaining economic growth and development; 4) defending national sovereignty and territorial integrity; 5) securing China’s status as a great power and reacquiring regional preeminence; and 6) safeguarding China’s interests abroad.

In recent years, the CCP has used cyber capabilities in pursuing each of these objectives. According to the U.S. intelligence community, “China’s cyberspace operations are part of a complex, multipronged technology development strategy that uses licit and illicit methods to achieve its goals.” 5

The PLA’s guiding doctrine, “Local War Under Informationized Conditions”, recommends developing a fully networked architecture capable of coordinating military operations on land, in air, at sea, in space and in cyber realms. The goal is to establish control over adversary’s information flow, to restrain his responses, cloud his understanding of the environment and recondition his perceptions. These goals, perforce, need to be achieved before/ during early stages of a conflict.

Since the turn of this century, China has formed an impressive cyber warfare (CyW) infrastructure that includes citizen hacker groups, military units, and an extensive global Cyespg network. The Chinese cyber espionage has helped China save on R & D, development cycles and related expenses while simultaneously accessing industrial secrets in critical industries. Cumulatively, China’s Cyespg has eroded the advantages of other nations in S & T, Innovation and Competitiveness with a primary aim of gaining parity with the U.S. military’s technical and industrial position and create potential vulnerabilities should a conflict arise.

China’s Offensive Cyber Warfare Initiatives

Many Chinese CyW initiatives were devoted towards proactively gaining “information dominance,” i.e. to gather, transmit, manage, analyze, and exploit fleeting windows of information irrespective of geography. The process starts with network reconnaissance (to gain an understanding of critical adversary networks, support systems, identify vulnerabilities), and manipulate adversary perception to gain strategic advantage. This is followed by posturing Network forces to conduct “system sabotage” at a time and place of the PRC’s choosing and render the target’s information systems impotent, or to illuminate the adversary’s “cyber geography”.

During 1999-2004, China launched many Denial of Service (DOS), Destruction of Data and defacement of foreign websites attacks. The US Dept. of Energy laboratories, Naval War College, National Defence University, Dept. of Communications and Dept. of State were targeted during 2003-2005. Economy oriented Cyber Espionage (Cyespg) operations dominated Chinese CyW effort during 2006–2014. In 2016, this focus shifted to accessing government and infrastructure secrets. Some significant events of Chinese hacking are: the Personal computer of the US Secretary of Defence, Senator John McCain and President Obama’s campaign (2007); targetting many nations e.g. Canada6 (2008 to 2013), Networks of Indian government and National Security Council (2010)7 and the Australian Security and Intelligence Organization (May 20138).

The prominent individual commercial entities targeted were: The Google server (Taiwan, 2009). In 2011, hacking of RSA networks, Oil companies (to learn about oil prices, bidding and drilling rights); and various law firms (to access secret deals, privileged data etc.). The Edward Snowden disclosures of 20 May 2013 were used to refute many Cyespg allegations.

In 2015, the New York Waldrof Astoria had been bought by a Chinese insurance firm that caused security concerns to the US agencies. President Obama stayed in another hotel during his visit for attending the UN General Assembly (UNGA)session and this was just weeks before Xi's visit to attend UNGA session.9

The PLA anticipates control of “strategic frontiers” e.g. space, cyberspace, and the electromagnetic domain to be vital for victory in future battles. In December 2015, the Strategic Support Force (SSF) for its electronic, information and cyber warfare initiatives was created10. Believed to be the umbrella organization, and PRC’s main cyber and space defence outfit, it operates independent of the military and reporting directly to the CMC; it supports innovation and military development, including through cyber espionage. It targets foreign systems, enabling developing critical concepts for PLA strategy and doctrines.

China established the Cyber Security Association of China (CSAC) on 26 Mar 2016. On 21 Apr 2016, it formed the Joint Force Command for better integration of cyber capabilities into military operations. In January 2017 the Central Commission for Integrated Military and Civilian Development (CCIMCD) was established. Creation of these organizations underlines the importance given by China to its Cy-ops. China is estimated to be responsible for 50 to 80 percent of cross-border intellectual property theft worldwide, and over 90 percent of cyber-enabled economic espionage in United States.

The significant Chinese cyber-attacks launched against the private Korean company, in 2017, on whose land the US - THAAD missile defence system was to be positioned is an example11.

Consequent to the 2013 Mandiant Report cataloguing Chinese cyber-attacks12, a decline in the overall number of Chinese network intrusions, was seen since 2015. It would be wrong to conclude that the Chinese cyber activity has declined (or ceased) after the report was made public. Inevitably, such admissions do not include all the chinks unearthed. Either they are sensitive, withhold details of detection techniques or to lure the attacker in believing his forays remain undetected and thus to reveal more of his attack methodologies.

It can be reasonably concluded that the Chinese intrusions have become more focussed and reengineered towards intruding and compromising corporate networks.”13 They could have changed the designations, attack methodologies, of the compromised Advanced Persistent Threats (APTs) or created new ones. No successful investments are totally abandoned just because a compromise happened. More so, when today, the need to access information about US and its allies has become more acute for China.

Chinese Counter (Defensive) Cyber Warfare Initiatives

No worthwhile offensive capability can be sustained in the absence of a corresponding strong defensive measures. China has paid equal and adequate attention to the defensive CyW aspects, building up a national cyber defense, mainly in response to a series of incidents—Stuxnet, the Arab Spring, and the Snowden exposures, each of which revealed unique threats and cyber domain vulnerabilities.

The over pervasive information insecurity resulted in a complete overhaul of legal and regulatory regimes overseeing information security, spearheaded by the Cyberspace Administration of China (CAC - founded in 2014), bringing the National Cybersecurity Law (NCL) in November 2016 and implemented in June 2017). The law created a central enforcement mechanism to regulate content management, device management, cyber security information sharing, encryption, and supply-chain security.

During Aug/Sep 2017, the government ordered its departments for phased replacement of existing computer hardware and software with domestic substitutes citing information security reasons. These were aimed at reducing use of computers, servers, semiconductor chips and software made by Western firms. Concurrently, the goal was also to build its own core technologies, lessen its dependency on imports and become a big player on the global tech stage. In Dec 2017, China’s first Cyber Security Innovation Centre was set up (under CCMICD, but operated by China’s premier cybersecurity company - Qihoo 360 Enterprise Security Group14.

On a more general level, China offers its own internet “Baidu” for its netizens. Popular social media platforms like Facebook are banned; Chinese are encouraged to use the ‘Weibo” which is heavily monitored and censored. These extend to foreign visitors. China’s stringent laws favour local firms. Tax holidays are given only to local Chinese firms who also get preference in bidding for contracts. Licenses are granted to foreign hi tech companies for setting up high tech ventures, only in collaboration with local business houses. Foreign firms are prohibited from locating their servers abroad.

Despite the aforesaid, a serious limitation exists. China imports most of its high performance semiconductor chips. In 2017, China spent US$260 billion on chip imports (more than the US$162 billion it spent on crude oil). China’s hi-tech semi-conductors production capability being only 16 per cent of the demand, it now aims to start domestic production Under “Made in China 2025”. 15

Employment of CyW Resources

PRC views information as a strategic resource to be harvested and accumulated, while simultaneously denying it to the adversary. The amalgamation of Government, military and civilian agencies work to gain ascendancy over the adversary’s command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) networks and other essential information systems, thereby preventing effective responses or retaliation. This is done in conjunction with simultaneous deployment of China’s formidable conventional strike, ballistic missile, and maritime power projection forces.

Recent PLA thinking indicates that network (CyW) warfare forces will be charged with network attack and defense, space forces will focus on ISR and navigation, and electronic warfare forces will engage in jamming and disruption of adversary C4ISR. CyW will cover Network Identification and Access; Gaining insights into research on nascent technologies and manufacturing plans; logistics and infrastructure operations; adversary C4ISR; Strategic, Military, Critical Infrastructure, Power grids, Oil and Natural Gas pipelines etc.

Ipso facto, a majority of PRC attempts to dominate Cyberspace are conducted preemptively, in peace time. During active hostilities, China’s CyW may aim to interfere and manipulate flight parameters of missiles, aircraft, satellites; information flow from Headquarters to field formations et al.

Concluding Remarks

For China, control of information space is a ‘Geo-economic’ and ‘Geo-informational’ struggle. China is rapidly expanding its geo-economic and geo-informational programs, leveraging its state-owned enterprises to provide funding, resources, and informational infrastructure throughout Africa, Asia, Europe, and the Americas. As more countries, especially BRI recipients, become dependent on Chinese financing, development and infrastructure, they will find it harder to oppose or resist governance regimes that promote Chinese interests.

China has woven a wide, intricate, well-coordinated effort of government, commercial entities, resident and Chinese nationals returning or living abroad to gain information and wage CyW against many countries and in various verticals. China is acknowledged as a prominent CyW practitioner by US, Japan, Australia, Israel and India.

The first category of China’s CyW targets i.e. those who know that they are victims of Cyber-attacks like USA, Germany, Japan, India would necessarily respond by initiating counter measures, securing their networks and information or project false depiction, to learn more details about the attacker’s modus operandi, tools and interests.

Victims of the second type i.e. those who do not know that they have been targeted like developing Afro-Asian countries - especially BRI beneficiaries, lack inherent defensive capability and may seek third party aid. The ‘rescuer’ would provide aid depending on his perceptions and interests. Alternatively, the targeted party could continue unaware! Disastrous consequences await the latter.

Recognizing the inadequacies of the October 2015 agreement with China, and how Beijing violated the agreement President Trump, in 2017, has taken America’s “objections” to China’s cyber activities and capabilities to a whole new level.

Nations will need to continuously evaluate their electronic environment for security implications arising out of growing Chinese cyber threat. Periodic regular audits will need to be done to check efficacy and adequacy of their policies and practices to secure their networks, information, space, strategic resources, critical infrastructure, economic arrangements, and the events that mold and shape public understanding, attitude, and opinion. Overall, ramping up the silent, behind-the-scenes cyber warfare will define outcomes of future wars.

End Notes
  1. https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf
  2. China’s National Defense paper, http://en.people.cn/whitepaper/defense2004/defense2004.html
  3. https://nationalinterest.org/blog/buzz/hacked-how-china-stole-us-technology-its-j-20-stealth-fighter-66231
  4. “China’s National Defense in the New Era”, 24 July 2019 available at http://eng.mod.gov.cn/publications/2019-07/24/content_4846452.htm
  5. Office of the Director of National Intelligence, National Counterintelligence and Security Center, “Foreign Economic Espionage in Cyberspace,” July 26, 2018.
  6. https://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618
  7. New York Times, 05 April 2016 and https://www.manoramaonline.com/technology/technology-news/2018/06/06/china-link ed-to-cyberattacks-dating-from-2009-report-says.html.
  8. http://www.abc.net.au/news/2013-05-29/brandis-briefed-by-asio-on-china-hacking-claims/4719886
  9. https://www.scmp.com/news/world/article/1857499/obama-issues-tough-warning-china-against-cyber-attacks-ahead-xi-jinpings?page=all
  10. https://www.rand.org/pubs/research_reports/RR2058.html
  11. https://www.bbc.com/news/business-39176388
  12. Mandiant APT 1; www.mandiant.com
  13. “Redline Drawn: Cyber Recalculates its Use of Cyber Espionage,” FireEye, June 2016
  14. Qihoo 360, is a controversial Chinese internet security company who has been involved in many law suits worldwide including from the Chinese companies Baidu, TenCent, Amiage and Soguo .
  15. Elain Chan, “Made in China 2025: how new technologies could help Beijing achieve its dream”, 18 Sept 2018, The South China Morning Post available at https://www.scmp.com/business/article/2165575/made-china-2025-how-new-technologies-could-help-beijing-achieve-its-dream

(The paper is the author’s individual scholastic articulation. The author certifies that the article/paper is original in content, unpublished and it has not been submitted for publication/web upload elsewhere, and that the facts and figures quoted are duly referenced, as needed, and are believed to be correct). (The paper does not necessarily represent the organisational stance... More >>


Image Source : https://moderndiplomacy.eu/wp-content/uploads/2018/02/cyberchina.jpg

Post new comment

The content of this field is kept private and will not be shown publicly.
6 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Contact Us