As Timothy L. Thomas notes in his essay "Like Adding Wings to the Tiger: Chinese Information War Theory and Practice," some Chinese military strategists wish to create an electronic equivalent of the Maoist People's War in which a mass of civilian users armed with cheap hacking software launch a human wave attack on enemy servers. During the Kosovo War, for example, Chinese nationalist hackers (and most likely some military personnel) defaced American civilian and military sites and launched denial of service attacks.
Another school of thought within the Chinese military sees information conflict in different terms. Eschewing the confines of Marxist theory, they seek a disciplined and efficient corps of military hackers who can skillfully take down networks in targeted attacks, most likely in support of a regular military operation. The kind of penetrative attacks they advocate are somewhat more rare, but China consistently probes US networks to uncover breaches in security. If this report is true, it would only be the most prominent case.
We should see this in the broad context of China's interest in asymmetrical assets to counter American military might. As RAND's Roger Cliff noted in his September 15, 2005 testimony before the US-China Economic and Security Review Commission, China's security planners subscribe very much to Basil Liddell Hart's "Indirect Approach:"
A sixth and seventh strategic principles are avoiding direct confrontation and conducting “key point strikes”. The principle of avoiding direct confrontation stemsHacking is only a small part of of this. However, these theories are just abstract concepts at the moment. They have not been tested, and there is no empirical data on their efficiency. And given China's general military weakness in comparison to American forces, we should be very cautious about building them into a towering dragon. There is a regretful tendency for analysis of Chinese capabilities to degenerate into Washington Times-style "The Next War with China" alarmism. For a great debunking of this analytical fallacy, see Arms Control Otaku's skeptical posts on China-bashing and threat inflation.
from the recognition that China cannot win in direct, force-on-force combat with a
militarily superior adversary such as the United States. The complementary key point strike concept provides an alternative approach by postulating that all militaries are reliant on the performance of certain critical functions, any one of which, if disrupted, will render that military unable to conduct effective operations. Five types of targets for key point strikes are identified: command systems, information systems, weapon systems, logistics systems, and the linkages between these systems. Disrupting any one of these areas is said to be a way of neutralizing an enemy’s fighting strength. In the context of a conflict between the United States and China, this principle means that the United States must be prepared for attacks that are focused not on its military forces, but on its command systems, information systems, logistics systems, and the communications and transportation systems that link them.
Additionally, as Robert Economist notes, China's interest in "indirect" weapons is not part of some devious strategy to destroy America--it is a normal attempt to maintain the "minimum means of reprisal" against a vastly more powerful strategic competitor. Any competitor would do the same.
UPDATE:
Subadei raises a point that I should clarify:
I do not subscribe to the "China is the next Great Threat" diatribe bandied about by some. Quite the contrary. However, allow me the role of devil's advocate here and assume the recent Pentagon hacks were, in fact, an action taken by a Chinese Super Geek division of the Peoples Army. Why provoke said rival by honing their cyber-forces on America's networks? Why not Taiwan or India?I make no definite claims about the motivation behind the supposed hack--China watching on a grand scale has always been extremely difficult and we can't extrapolate the role this supposed operation plays in its grand strategy (beyond, of course, a continuation of probing assets). When I say that it's not an "insidious strategy" I'm referring to the broader Chinese buildup of asymmetric assets, not the still murky Pentagon hack.
In other words: If this isn't some insidious strategy and is, in fact an attempt at keeping a minimal system of reprisal against a greater power than why is it being "tested" on the greater power's networks
But in answer to Soob's question, we can speculate. For one, the PLA probably judges the American networks as the gold standard to hone its warfighting prowess. There is also utility in sending a very public signal (like the anti-satellite missile) that it possess some countermeasure to American military strength, both for internal and external audiences. This could also be PLA internal battles playing out in the open---hacking into the Pentagon sounds like a good reason to bolster the position of a particular faction. Lastly (and least likely), there's the possibility that the PLA feels that a confrontation with Taiwan and its superpower ally is looming on the horizon and it needs to prepare.
Personally, I feel that the very public (and brazen) hack is probably a Chinese reminder of their possible capabilities to Taiwan and America and an offering to nationalists in need of some red meat.
8 comments:
"Additionally, as Robert Economist notes, China's interest in "indirect" weapons is not part of some devious strategy to destroy America--it is a normal attempt to maintain the "minimum means of reprisal" against a vastly more powerful strategic competitor. Any competitor would do the same."
I do not subscribe to the "China is the next Great Threat" diatribe bandied about by some. Quite the contrary. However, allow me the role of devil's advocate here and assume the recent Pentagon hacks were, in fact, an action taken by a Chinese Super Geek division of the Peoples Army. Why provoke said rival by honing their cyber-forces on America's networks? Why not Taiwan or India?
In other words: If this isn't some insidious strategy and is, in fact an attempt at keeping a minimal system of reprisal against a greater power than why is it being "tested" on the greater power's networks?
Oh, and welcome back!
Thanks! I'm glad to be back too.
Good post. I have some thoughts about the Chinese and the Indirect Approach, but I'll save these for a post.
One thing to note is that the recent spate of cyber attacks were also directed against Whitehall and the German government system, and that Taiwan is regularly targeted. Perhaps India, Japan and other Asian countries as well.
"One thing to note is that the recent spate of cyber attacks were also directed against Whitehall and the German government system, and that Taiwan is regularly targeted. Perhaps India, Japan and other Asian countries as well."
Interesting. This adds a whole new dimension on the cyber-war discussion.
Sorry - I was speculating when I said "Perhaps India, Japan and other Asian countries as well" - needed a question mark after it.
The Guardian has some good articles on 'Titan Rain' (this apparently is what the Pentagon calls the Chinese hacking attacks), with a focus on the attacks on the British systems.
I'm very dubious about how meaningful the whole TITAN RAIN thang is; it's trivial, after all, to disguise the source of an intrusion, and the APNIC region is well-known as a heavy source of spam and malware; i.e. it's rich in hacked machines.
Further, China seems to be developing quite a vigorous hacker community without any need for military involvement.
Finally, why would PLA hackers waste their time on nonoperational functions like government websites, when they could be targeting commercial data centres, Internet routers, and the like (i.e. "something useful")? I can see the benefit in terms of cyber-intelligence of trying to get access to classified information, but not in terms of cyber-war; would anyone notice if whitehouse.gov was down?
I have some thoughts on this here.
Hah, from May 11, 2005, posted to my blog Phatic Communion: Cyber Rattling. (someone mentioned Japan?)
There are a couple of other small posts on PC about the same time looking at the China hacking through the lens of Unrestricted Warfare, which I'd just discovered.
Post a Comment