Tag Archives: cyber

The Navy Needs to Do More Than Rebuild for the Future, It needs to Reinvent Itself

It is time for a Navy-wide campaign to rethink force strategy, design, and culture for competition in a digitized world.

By Frank T. Goertner

When paradigms change, the world itself changes with them.1

— Thomas Kuhn

Return to great power competition; revisionist powers; renewed capabilities; rebuild our military: such phrases feature prominently in recent U.S. national security guidance. They convey an imperative to look to the past as the nation prepares for a potentially volatile future. For American navalists in particular, they offer nostalgic optimism. Three times in the 20th Century, the Navy confronted rivals to U.S. sea power and prevailed. As the world returns to similar heights of geo-strategic rivalry, it is tempting for Navy leaders to approach the future via plans to rebuild past success. With concerted effort, the Service can revise known strategies, renew forgone capacity, and return to prior postures for the contests ahead. This approach would appear logical. It would also be a mistake. 

The world and its competitive landscape are changing in profound ways. The advance and proliferation of digital technologies among interdependent societies has established digitized information as a new global commodity of unprecedented strategic value. This development is upending competitive norms across and within human enterprises around the world and inspiring new paradigms that will reshape future contests between them. We see this in markets and geopolitics alike.    

For the Navy, one such enterprise, this implies that the approaches most pertinent to its future may not be behind it, but around it. This is not to say history is irrelevant. But alongside its lesson, Navy leaders should account for how commercial peers and maritime rivals are preparing their own enterprises for the contests ahead. As important, they should do so free of any assumptions that could self-constrain the Navy’s ambitions for its future within paradigms of its past.

A glance around at the Navy’s peers and rivals suggests that an approach to rebuild for the future is not enough.  Navy leaders should promote new competitive paradigms to fully leverage digitized information and harness its strategic value. They need a campaign to rethink force strategy, design, and culture for the contests ahead. In sum, the Navy needs to reinvent itself as a digitized enterprise for the digitized world.

The Market and Its New Norms

“Data [is] to this century what oil was to the last one. . . It changes the rules for markets and it demands new approaches.”2

-The Economist

Information has always been a source of competitive advantage in the market, but digitized information in a globalized and digitized economy is something new. It is a global commodity that can assume unprecedented levels of strategic value. In industries around the world, control of digitized information has become as – sometimes more – determinative of competitive outcomes than ownership of physical space or manipulation of material goods. 

It is a phenomenon that Chris Anderson of WIRED magazine terms 21st Century Free,3 and Andrew McAfee and Erik Brynjolfsson of MIT call the new economics of free, perfect, and instant.4 Digitized information, for decades one of many resources used by firms to enable operating efficiencies or assist in corporate planning, is emerging in the 21st Century as a driver of new competitive norms. It can be accessed and transmitted at unparalleled scale, scope, and speed. With near-zero marginal costs to produce, it can grant firms extraordinary levels of efficiency as they shift from material to digital infrastructure. It can assume considerable monetary value and hold that value across traditional industry and national boundaries. It can be harnessed for innovation and expansion into new, often unexpected, sectors. In short, a firm that can effectively amass, manipulate, and control digitized information can achieve unprecedented levels of command over what Michael Porter of Harvard refers to as a new competitive landscape of smart, connected products.5

To account for these new norms, firms in an array of industries are promoting new competitive paradigms. They are migrating from 20th Century corporate thinking based in competition for profits within material manufacturing or services toward new thinking that prioritizes competition for access, manipulation, and control of digitized information alongside – often in place of – traditional sources of profit. Some go so far as to completely invert previous paradigms. Firms that once saw digitized resources as means to achieve ends within a competition for physical resources now see physical resources as means to achieve ends within the competition for digitized information.6

Commercial Peers and Their Race to Reinvent

“If you won’t or can’t embrace powerful trends quickly… you’re probably fighting the future. Embrace them and you have a tailwind.”7

– Jeff Bezos

The challenge is that paradigms don’t change easily.  Moreover, if they don’t change fast enough, a firm risks obscuring its vision for the future within lenses ground in the past. Therefore, executives of the most successful firms are promoting their new paradigms with campaigns to rethink corporate strategy, design, and culture for the market’s new norms. In effect, they are reinventing their firms as digitized enterprises for a digitized world.8 What does this entail?

First, it takes executive commitment to reshape strategic perspectives to account for the new competitive norms of a digitized market.9 From the top down, executives and their strategic planners must embrace the fact that digitized information is no longer merely a means to enhance value of current service or production techniques. As a strategic commodity, it can often be the source of new value and innovation.10

Second, it takes a disciplined effort to redesign platforms and operations, not only within existing functions, but also into new frontier functions that command of digitized information can make accessible.11 One approach that has gained prominence is the digital platform approach; focusing design efforts on platforms that integrate digital and material resources, re-aligning current operations and investments to support those platforms, and posturing both to outperform competing platforms by beating competitors to market to learn early and learn fast from the environment.12 This is often complimented by a digital journey approach to iterative platform re-design; mapping theoretical customer journeys across each platform of a firm in order to identify both efficiencies to improve value and options to open new competitive fronts along the way.13

Third, it takes planning to evolve a digital culture or digital DNA14 of the workforce to ensure they build human-machine teams to engage in a digitized world. This includes experimenting with organizational balance between minds and machines15 as well as talent management models to develop leaders to translate digitized information into human action – leaders Robert Reich of Harvard calls symbolic analysts.16

For an idea of how this looks in practice, Marriott is a firm driving to reinvent. For five decades through the 1990s, Marriott was a leading owner of lodging and dining facilities. As of last year, it owned just 22 hotels worldwide; yet still claimed control of “more than 6,000 properties in 122 countries and territories.”17 In the two decades between, Marriott executives promoted a new competitive paradigm that prioritized digitized information as a global commodity and strategic priority on par with – sometimes superior to – material sources of value. As evidence of how comprehensive this paradigm shift has been, Marriott’s 2016 acquisition of Starwood Hotels was the biggest deal in hospitality history. Yet consider what aspect of the deal Marriott flagged to investors in its annual report: “With the acquisition, Marriott now has the most powerful frequent traveler programs in the lodging industry.”18 For Marriott, the deal’s value derived at least as much from the digitized information gained as in material resources. Since the deal, Marriott’s focus has been to harness the strategic value of that commodity. They use a platform approach to integrate material and digital resources across reservation, financial, and management systems. Executives are envisioning Marriott customers as digital immigrants, with planners evaluating each immigrant’s digital journey, “from searching for a hotel room . . . through and then after the stay.”19 And Marriott personnel are retooling practices to align human talents and machine tasks across the merged digitized enterprise.  

General Electric (GE) and Boeing offer additional examples somewhat closer to the Navy. GE is racing to preserve its claim as the last original American industrial firm in the DOW by reinventing itself around its digital platform – PREDIX. Boeing, for its part, now refers to “data as fuel,” and is proactively exploring how to design future systems, platforms, and workforces around its own digital platform – Analytx.20 Both, like Marriott, are racing to reinvent themselves as digitized enterprises for the digitized contests they see ahead.

The Maritime Operating Environment and Its New Norms

“A war of ideas can no more be won without books than a naval war can be won without ships. Books, like ships, have the toughest armor, the longest cruising range, and mount the most powerful guns.”21

-President Franklin D. Roosevelt

As in business, information has always been an integral part of military competition. The quote above from one of the 20th Century’s great navalists highlights this poignantly. Yet reread it substituting FDR’s books with today’s equivalent, digitized information, and the quote rises to a whole new meaning.

In the 21st Century, digitized information has emerged as a global commodity of unprecedented strategic value in the competition for sea power among maritime nations. With maritime communication, transportation, and national service networks reliant on digital infrastructure, the information they carry has immense geo-political value. Employment of digitized information in automated battle management systems, operational analytics, and cyber operations could drive down marginal costs and augment cumulative effects of military operations at exponential rates. Finally, networked digitized information offers the prospect of widely disbursed forces operating with nearly free, perfect and instant command, control, and communications (C3) with coherency and precision.

As a result, a fight for sea power in an operating environment where digitized information is a global commodity is not just a faster fight or more multi-faceted fight. It is a completely different kind of fight. The contest for Volume, Velocity, Veracity, and Value of Information becomes paramount – so much so that the strategic ends in future digitized conflicts may no longer be control or destruction of physical combat forces and facilities, but rather control of digital devices, connections, networks, and perceptions of those engaged in the contest.22 Marine Lt. Gen. Vincent Stewart, recent Director of the Defense Intelligence Agency, calls it 5th Generation Warfare and the Cognitive Battle.23 Dr. William Roper, recent Director of DoD’s Strategic Capabilities Office, envisions it as digital blitzkrieg in which “whoever collects the most data on Day One just might win the war before a single shot is fired.”24 

In sum, digitized information in the 21st Century maritime operating environment is more than an operational enabler; it is a strategic resource that can be as – perhaps more – decisive to victory as the physical control of territory or the kinetic lethality of material weapons. These are the new norms of the digitized maritime operating environment, and navies around the world are taking note.

Maritime Rivals and Their Race to Reinvent

“Be extremely subtle, even to the point of formlessness. Be extremely mysterious, even to the point of soundlessness. Thereby you can be the director of the opponent’s fate.”25

-Sun Tzu

It is hard to imagine a better resource than digitized information for a modern military in pursuit of Sun Tzu’s timeless ambitions. This is not lost on 21st Century rivals for U.S. sea power. Both Russian and Chinese military leaders are promoting new paradigms that effectively invert past thinking on military competition, migrating away from 20th Century doctrine focused on a digitally-enabled fight for control of the territory and infrastructure that have historically defined victory. Rather, they are strategizing for a materially-enabled fight to control the digitized information that could define victory in a future fight. In effect, like their commercial peers, each is racing to reinvent themselves as digitized enterprises for the digitized contests they see ahead. What does this entail?

First, Russian and Chinese leaders appear committed to reshape strategic perspectives to account for the new norms of a digitized operating environment. In both practice26 and in doctrine,27 Moscow has elevated manipulation and control of digitized information to an unprecedented level of prominence in their strategic planning. Information Confrontation is the Russian’s name for their new approach. Surpassing traditional information warfare, its ambition is to align missions and operations across digitized diplomatic, economic, military, political, cultural, and social enterprises such that national influence can be targeted with new levels of efficiency and precision, plus in new unprecedented ways.28 Similarly, China is advancing its sea power with a new approach the Department of Defense terms Low Intensity Coercion.29 Through precisely coordinated diplomatic, economic, and military ventures; they seek to integrate digitized and material resources under centralized command and control in what Admiral James Stavridis has called “a kind of hybrid war at sea.”30 Further, like Russia, their ambition is unconstrained by 20th Century concepts. In the words of Elsa Kania of the Center for New American Security, Beijing’s ultimate aim is to “fundamentally change the character of warfare” and thus seize “the ‘commanding heights’ of future military competition.”31

Second, both rivals are intent to redesign platforms and operations and evolve a digital culture to account for their new strategic perspectives and make best use of digitized information as a strategic resource. Russia’s hybrid social media tactics in Ukraine,32 emphasis on offensive cyber,33 development of deep-sea capabilities to hold sea-bed communications cables at risk,34 and alleged GPS-spoofing in the Black Sea35 offer a sense how they are retooling Russian forces, to include the Russian Navy, for the new norms of the digitized operating environment. Similarly, Beijing’s investments in unmanned air, surface, and undersea vehicles; advanced cooperative maritime surveillance and targeting systems; electromagnetic pulse weapons; and quantum technology offer an idea of how they too are retooling their military for digitized maritime contests.36 It also appears Russia and China have started to align toward a digital platform approach in designing for force-wide employment of Artificial Intelligence (AI). Russian President Vladimir Putin recently asserted that the nation and military that leads in AI will rule the world.37 The Chinese military sees it as their “trump card”  in leading progress from today’s ‘informatized’ ways of warfare to future ‘intelligentized’ warfare,” and Beijing has set a goal for China to be the premier global innovation center in AI by 2030.38 Both nations are aggressively investing in force-wide AI applications that range from surveillance and decision aids to fully automated lethal systems. Fully realized, a Russian or Chinese Navy redesigned around a force-wide AI digital platform could credibly overmatch rivals in employment of digitized information for unmanned systems; intelligence fusion, processing, and analysis; operational training, war-gaming and simulation; information warfare; and support to both strategic and tactical command and control. Perhaps of greatest concern, though, is that both appear intent on being first to learn early and learn fast in the operating environment.39 

The U.S. Navy’s Choice: Rebuild or Reinvent 

“The future cannot be predicted, but futures can be invented.”40

-Denis Gabor

With peers and rivals racing to define their futures, the U.S. Navy is presented with a choice for its own — rebuild or reinvent?

Some will read this as a retread of the classic force planning calculus of capacity versus capability, and they will claim it’s nothing new. Others will say that it is a false choice, with the decision already made to do both.  The Service has committed to grow its force structure, reconsider its force posture, and upgrade its systems and personnel. Either argument misses the point. Before the Navy strikes for new capacity, new capabilities, or both, Navy leaders must decide what kind of enterprise the Navy will be for the contests they see ahead. Even if the targets for capacity and capability are clear, what is not is the lens through which the Navy will sight them. And that lens matters immensely. It will shape the assumptions from which its leaders depart, the questions its planners ask in charting the course, and the criteria for prioritizing decisions along the way.

A choice to rebuild is a choice to retain current paradigms or adapt incrementally from those of the past. It is a choice to keep strategic focus on a fight for control of territory and infrastructure, knowing that rivals have shifted their focus to a fight prioritizing control of digitized information as much – or more – than the physical geography it passes through. It is a choice to grow the force within current fleet structure, expand concepts rooted in current functions and missions, innovate within current program and budgetary decision processes, and adjust current personnel models – all of which were designed for contests in a pre-digital world. Ultimately, it is a choice to return to the type of force that America knows how to build and how to fight.

How would a rebuilt Navy look? It would be a Navy of digitally augmented Carrier Strike Groups and Air Wings to sustain manned power projection missions, digitally enhanced submarines to sustain predominately nuclear deterrence missions, digitally assisted surface action groups to re-attain capacity for sustained geo-spatial sea control, and maritime security missions with more and better data but still processed through human constraints on how to use it. It would be a Fleet with new digital resources, but still postured to defend and secure maritime infrastructure, trade routes, and allies prioritized within a pre-digital terrain where maneuver and coercion played by different rules. Finally, it would be a workforce of Sailors and civilians enabled by digitized resources such as AI and robotics to execute today’s requirements, but not necessarily teamed with them to define and explore new frontiers – frontiers such as fully or semi-autonomous long-endurance strike groups, offensive sea-based cyber operations, or non-nuclear deterrence forces for digitized coercion. 

A rebuilt Navy is fine if the fight the Navy sees ahead is the fight it sees behind. The challenge is that the Navy’s peers and rivals, embracing new paradigms, are assuring that won’t be the case. The rebuilt Navy may be suited for the fight the U.S. wants to fight, but how well can it secure victory in a materially-enabled fight for digitized information? As important, how well does it deny rivals their access to this new strategic commodity?

In the end, a rebuilt Navy in contest with reinvented navies could be precisely the right Navy for precisely the wrong fight. If Russia and China are right, and victory in a digitized world rests as much – or more – on command of digitized information as it does material resources, then this approach cedes strategic aperture to rivals choosing to reinvent instead of rebuild. Even if hypothetical, this is a mistake the U.S. Navy cannot afford.                 

The Navy Should Aim to Reinvent – Here’s How

“For 240 years, the U.S. Navy has been a cornerstone of American security and prosperity.  To continue to meet this obligation, we must adapt to the emerging security environment.”41

-Admiral John Richardson, CNO

The U.S. Navy should set its sights beyond rebuilding and aim to reinvent itself as a digitized enterprise for a digitized world. Fortunately if it does, there are initiatives already underway that move in the right direction.

The quote above shows Navy leadership has a healthy appreciation for the need to not just grow, but to change along the way. They also acknowledge the imperative to leverage digitized information as it does. Over the past decade, the Navy has developed an Information Warfare Community, stood up Fleet Cyber Command, established a Digital Warfare Office, and founded a Center for Cyber Studies at the U.S. Naval Academy. It has established Navy Information Forces, created a Navy Information Warfighting Development Center, and issued a Strategy for Data and Analytics Optimization. Alongside these, the Service has promoted a series of strategic plans and roadmaps for science and technology as well as directives and initiatives to promote a data savvy workforce. Moreover, there is a growing voice that further efforts are warranted to ensure these efforts deliver faster – even “exponential” operational effects.42

However, the Service has yet to progress from individual calls to action and policy initiatives toward driving the type of holistic campaign it will need to truly reinvent itself. The Navy’s functions and missions remain defined by a maritime strategy rooted in paradigms and assumptions of the 20th Century. Its program management, budgetary decision processes, and doctrine development remain confined within an organizational construct of “N-codes” largely static for the past two decades. Finally, the majority of its people – both civilian and military – continue to be led, organized and trained with personnel models and mindsets built for pre-digital contests between pre-digital navies.  

To reinvent, the Navy must move beyond piecemeal programs and calls for change. The Service needs a campaign to holistically rethink force strategy, design, and culture for competition in a digitized world; a roadmap to guide every N-code, every program, and every fleet through a decisive and conclusive migration to a new paradigm. Judging from peers and rivals around it, three lines of effort would offer a solid start:    

(1) Reshape strategic perspectives with a new maritime strategy for the digitized world. 

Navy leadership should promote efforts to aggressively rethink 20th Century paradigms of sea power. This should start with a new maritime strategy focused on defining new national-level ends and means for maritime contests in which digitized information is a global and strategic commodity. A component of this should be an analysis of how sea power itself may be changing, addressing hard questions head-on about the evolving nature and character of the Navy’s traditional functions. What is the nature of deterrence in a digitized and automated multi-rival competition? How do definitions of power projection shift with new options for digitized escalation that precede the traditional material kill-chain? How does the Navy balance spatial, temporal, and cross-spectral dynamics of sea control in a digitized fight? What types of maritime security regimes should the United States promote in a digitized maritime domain populated with ever-growing numbers of both humans and machines? Should the Sea Services pursue a U.S. version of interagency Information Confrontation or Low-Intensity Coercion? Most importantly, the strategy should not evade a blunt assessment on which of today’s naval missions will endure, which could become superfluous, and what new potentially unprecedented missions our Navy and Sea Services will need in order to fight and win as a digitized enterprise in a digitized world.

(2) Redesign the Fleet around platforms and journeys of a digitized fight

Navy force strategists and planners should be encouraged to re-envision Fleet missions, structure, and posture as operational components of a digitized Fleet. This implies moving past benchmarking approaches toward digital solutions as either an enabler or alternative to existing programs. Instead, the Navy needs to think of the future Fleet as a system of digital platforms for the future and experiment with ways to fight that system in new missions and innovative ways. It should then align and prioritize its investments and analytic processes to optimize the digitized missions – or journeys – of its future forces and Sailors on those platforms. This should prompt Navy force planners to invert traditional planning inquiries and collaborate toward optimizing both digital and material solutions between, and not just within, their programs. For example, instead of asking, “how can the Navy employ AI to improve program ‘X’?”  They should ask, “how can the Fleet as a system of digital platforms leverage AI to counter the Russian undersea cable threat or Chinese drone swarming?” Then, in building architectures for these solutions, they should think through the journey of each applicable weapon or payload along the kill chain, each Sailor or system along the deployment cycle, and each ally or partner that could interphase for the mission. A key part of this should also be experimentation on precise levels of velocity and veracity of information that commanders will need to conduct future Fleet missions, whether they be at the strategic, operational, or tactical level of maritime contest. Existing Navy initiatives to build a Fleet Tactical Grid and define a Future Fleet Design and Architecture for 2045 are notable steps in the right direction. But they need to be linked to a broader effort for Service-wide reform of operational doctrine, programs, and structures for the digitized contests ahead. 

(3) Evolve a digital culture of human-machine teams, and equip them to lead the digitized Service. 

Navy personnel, both military and civilian, should be cultured to embrace the digitized force they will comprise – a force for which command and employment of digitized resources is more than just a means to win the fight at and from the sea; it might well be what the fight is all about. This means accepting that the optimal mix and dispersion of human and machine tasks within a digitized architecture may change dramatically from traditional models. How will the Navy recruit, train, distribute, evaluate, and ultimately co-evolve a workforce of human-machine teams? How will it tailor access and use of digital information for digitized operations? How will it grow and retain a cadre of symbolic analysts and innovators to drive it through the exponential change it seeks? And can they make use of digitized solutions to improve and accelerate learning and thinking along the way? In short, reinvention into a digitized force cannot give short shrift to the need to invest deliberately in tomorrow’s Navy Sailors, civilians, and the machines with which they will fight. 

For a Navy steeped in traditions, reinvention will not be easy. Even more challenging, it must beat two maritime rivals in a race to the future. It will therefore need to be deliberate, it will need to be fast, and it will need to be decisive. That calls for Navy leaders to launch a holistic campaign to guide the Service to the future it seeks to invent for itself and for its nation, without a moment to lose.    

Frank Goertner is a U.S. Navy Commander serving as a Strategic Planner in the Office of the Chief of Naval Operations, Future Strategy Branch. The views and opinions expressed are the author’s alone and do not represent the official position of the U.S. Navy, U.S. Department of Defense, or U.S. Government.

[1] Thomas Kuhn, The Structure of Scientific Revolutions: 50th Anniversary Edition (The University of Chicago Press, Chicago) 2012, 111.

[2] “Fuel of the Future:  Data is giving rise to a new economy,” The Economist, 6 May 2017

[3] Chris Anderson, Free: How Today’s Smartest Businesses Profit by Giving Something for Nothing (New York: Hachette Books, 2015), 12-13.

[4] Andre McAfee and Erik Brynjolfsson, Machine Platform Crowd: Harnessing Our Digital Future (W.W. Norton & Company, New York, 2017), 137.

[5] Michael E. Porter and James E. Heppelmann, “How Smart, Connected Products are Transforming Competition,” Harvard Business Review, November 2014

[6] Jacques Bughin, Laura LaBerge, and Anette Mellbye, “The Case for Digital Reinvention,” McKinsey Quarterly, February 2017.

[7] Jeff Bezos, “2016 Letter to Shareholders,” Amazon.com, 12 April 2017.

[8] Jacques Bughin, Laura LaBerge, and Anette Mellbye, “The Case for Digital Reinvention,” McKinsey Quarterly, February 2017.

[9] Thomas M. Siebel, “Why Digital Transformation is Now on the CEO’s Shoulders,” McKinsey Quarterly, December 2017.

[10] Jaques Bughin Nicholas Van Zeebroeck, “Six Digital Strategies, and Why Some Work Better than Others,” Harvard Business Review (online), July 31, 2017.

[11] Gerald C. Kane, Doug Palmer, Anh Nguyen Phillips, David Kiron, and Natasha Buckley, “Achieving Digital Maturity,” MIT Sloan Management Review, Summer 2017.

[12] McAfee and Brynjolfsson, Machine Platform Crowd, 166.

[13] Andrew Bollard, Elixabete Larrea, Alex Singla, and Rohit Sood, “The Next-generation Operating Model for the Digital World,” Digital McKinsey (online), March 2017.  

[14] “Building Your Digitial DNA: Lessons from Digitial Leaders” Deloitte MCS Limited, https://www2.deloitte.com/mk/en/pages/technology/articles/building-your-digital-dna.html.

[15] McAfee and Brynjolfsson, Machine Platform Crowd, 32-85.

[16] Robert Reich, The Work of Nations: Preparing Ourselves for 21st-Century Capitalism (Alfred A. Knopf, New York) 1991.

[17] “Marriott International, Inc. 2016 Annual Report,” Marriott International 2016.

[18] IBID

[19] Peter High, “Marriott’s Digital Chief On The Advantages Of The Digital Immigrants.”  Forbes (online) 15 May, 2017

[20] Ted Colbert and “Data as jet fuel: An interview with Boeing’s CIO” McKinsey Quarterly, January 2018.

[21] Franklin Roosevelt, “Letter to W. W. Norton, Chairman of the Council on Books In Wartime”, December 1942

[22] Linton Wells, “Prepared for the Battle but Not the War,” U.S. Naval Institute Proceedings Magazine. 143/11 Nov 2017.

[23] Kimberly Underwood, “Cognitive Warfare Will Be Deciding Factor in Battle.” The Cyber Edge (online), 15 August 2017

[24] Patrick Tucker, “The Next Big War Will Turn on AI, Says The Pentagon’s Secret-Weapons Czar.” DEFENSE ONE (online), 28 March 17.

[25] Sun Tzu, The Art of War, Translated by Thomas Cleary (Shambala, Boston, 2003), 108.

[26] Jim Rutenberg, “RT, Sputnik and Russia’s New Theory of War.

How the Kremlin built one of the most powerful information weapons of the 21st century — and why it may be impossible to stop.” The New York Times Magazine, Sep 13, 2017.

[27] “Russia Military Power: Building a Military to Support Great Power Aspirations.” Defense Intelligence Agency, 2017 www.dia.mil/Military-Power-Publications


[28] IBID

[29] “Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China 2017.” Office of the Secretary of Defense, May 2017, 12.

[30] James Stavridis, “Growing Threats to the U.S. at Sea:  With Russia and China Expanding Their Naval Capabilities, What Can the U.S. Do to Prepare?” THE WALL STREET JOURNAL, June 2, 2017

[31] Elsa B. Kania, “Battlefield Singularity: Artificial Intelligence, Military Revolution, and China’s Future Military Power.” Center for New American Security, Nov 2017, 4-5

[32] Russia Military Power: Building a Military to Support Great Power Aspirations.” Defense Intelligence Agency, 2017

[33] IBID

[34] Rishi Sunak, “Undersea Cables: Indispensable, Insecure.” Policy Exchange, 2017.

[35] Elizabeth Wise, “Mysterious GPS glitch telling ships they’re parked at airport may be anti-drone measure.” USATODAY, Sept. 26, 2017

[36] Ronald O’Rourke, “China Naval Modernization: Implications for U.S. Navy Capabilities—Background and Issues for Congress.” Congressional Research Service, December 2017.

[37] “Putin: Leader in artificial intelligence will rule world.” AP News (online) 1 Sep 2017

[38] Kania “Battlefield Singularity: Artificial Intelligence, Military Revolution, and China’s Future Military Power,” 4-5

[39] Tom O’Connor, “U.S. Is Losing To Russia And China In War For Artificial Intelligence, Report Says,” NEWSWEEK (Online), 29 Nov, 2017.

[40] Dennis Gabor, Inventing the Future. (Alfred A Knopf, New York), 1963, 207.

[41] John Richardson, “Design for Maintaining Maritime Superiority,” U.S. Navy (online) , Jan 2016 www.navy.mil/cno/docs/cno_stg.pdf

[42] John Richardson, “The Future Navy,” Navy.mil (online), 17 May 2017.

Featured Image: United States Navy sailors monitoring radar and other instruments aboard the guided-missile cruiser Chancellorsville in the South China Sea. (Bryan Denton for The New York Times)

Cyberphysical Forensics: Lessons from the USS John S. McCain Collision

By Zachary Staples and Maura Sullivan

The 2017 back-to-back collisions of two Navy destroyers led to much speculation about the role of cyberphysical interference in the disasters. As the senior officer representing the U.S. Navy engineering community during the USS McCain cyber assessment, it is clear that we do not yet have the basic tools to definitively answer the question, “were we hacked or did we break it?”

Cyberphysical systems are the backbone of the global infrastructure we rely on for transportation, power, and clean water, and are growing at an exponential rate. The deep integration of physical and software components is not without risks and most industries are technically and organizationally unprepared to conduct forensic examinations. The ability to trust cyberphysical systems is dependent on our ability to definitively identify and remedy cyber interference, which is dependent on our understanding of how data flows impact the physical world.

There are broad lessons from the USS McCain cyber assessment that highlight the type of forensics needed to build and sustain cyberphysical infrastructure around the globe. In order to prevent and respond to future cyberphysical events, whether malicious or accidental, the Navy and organizations dependent on cyberphysical systems must establish post-event procedures for cyber forensic investigations, develop trusted images, and integrate threat intelligence with engineering teams.

Post-event Procedures

Post-incident shipboard forensic examination is a unique activity that is separate and distinct from cybersecurity evaluations or responses to network intrusion or malware. Typically, when cybersecurity operations centers observe malicious communications or indications of compromise within their operating network, they have a clear map of the network and key pieces of information, such as an initiating IP address or malware signatures, from which to begin the forensic mission. They start by identifying and classifying malware on the offending endpoint and can take immediate actions to observe the adversary in their system and identify what is being targeted, while simultaneously acting to clean and quarantine the network.

In stark contrast, post-incident cyberphysical assessment requires an undirected baseline on a variety of media, including hard drives from voyage management systems, machinery control stations, and IT network endpoints. Greatly complicating post-incident response is the fact that many segments of the network will likely be shut off by design or physically destroyed by the casualty itself. The task of cyber forensic teams is essentially the equivalent of trying to determine why a building collapsed without blueprints, physical access to the structure, or any data on what happened immediately prior to the collapse.

The technical understanding and research required to define standard operating procedures for shipboard cyber forensic investigations do not currently exist. While the task of developing a comprehensive approach to shipboard cyber forensics is daunting, the military has experience developing specialty training paradigms, such as submarine navigation and tactical aviation. Hunting a cyber adversary in industrial control systems is a complex task requiring unique operational and tactical expertise. An achievable near-term milestone would be to create procedures for an attack surface assessment for a routine pre-planned mission, which could provide a test-bed for developing more comprehensive procedures, as well as a better understanding of capabilities and gaps.

Trusted Images

All ships operate three main networks: the voyage network that supports the safe navigation of the vessel, the engineering network that controls propulsion along with material handling and auxiliary systems, and the administrative network that supports business operations and crew welfare needs. U.S. Navy vessels also have a combat systems network. The interconnectedness of operational and information technology networks means that traditional information technology tools and perimeter-based security solutions are inadequate for cyberphysical systems. For example, the addition of even simple PKI security can overwhelm the processing power of installed cyberphysical processors and cause a system crash instead of preventing unauthorized access. Additionally, in order for systems like GPS to function, the system must allow access to all properly formatted traffic, rendering perimeter defense insufficient. Security for complex cyberphysical systems requires capturing data flows and developing contextually aware algorithms to understand the dynamics during shipboard operations.

To generate network situational awareness sophisticated enough to do cyber forensics, the team will need to search for electronic anomalies across a wide range of interconnected systems. A key component of anomaly detection is the availability of normal baseline operating data, or trusted images, that can be used for comparison. These critical datasets of trusted images do not currently exist. Trusted images must be generated to include a catalog of datasets of network traffic, disk images, embedded firmware, and in-memory processes.

1. Network Traffic: A common attack vector is to find a computer that has communications access over an unauthenticated network, which issues commands to another system connected to the network (i.e. malware in a water purification system issuing rudder commands). Cyberphysical forensics require network traffic analysis tools to accurately identify known hosts on the network and highlight anomalous traffic. If the trusted images repository contained traffic signatures for every authorized talker on the network, it would allow forensic teams to efficiently identify unauthorized hosts issuing malicious commands.

2. Disk Images: Every console on the ship has a disk that contains its operating system and key programs. These disks must be compared against trusted images to determine if the software loaded onto the hard drives contains malicious code that was not deployed with the original systems.

3. Embedded Firmware: Many local control units contain permanent software programmed into read-only memory that acts as the device’s complete software system, performing the full complement of control functions. These devices are typically part of larger mechanical systems and manufactured for specific real-time computing requirements with limited security controls. Firmware hacks give attackers control of systems that persist through updates. Forensic teams will need data about the firmware in the trusted image repository for comparison.

4. In-memory Processes: Finally, advanced malware can load itself into the memory of a computer and erase the artifacts of its existence from a drive. Identifying and isolating malware of this nature will require in-memory tools, training, and trusted images.

In addition to the known trusted images, future forensic analysis would benefit from representative datasets for malicious behavior. Similar to acoustic intelligence databases that allow the classification of adversary submarines, a database of malicious cyber patterns would allow categorization of anomalies that do not match the trusted images. This is a substantial task that will require constant updating as configurations change. However, there are near-term milestones, such as the development of shipboard network monitoring tools and the generation of reference datasets that would substantively improve shipboard cybersecurity.

Organizational Integration

As future shipboard assessment teams work to confirm or refute the presence of cyber interference, they will need the assistance of a cyber intel support team to validate assumptions about their findings aboard the vessel. The basic flow established in the USS McCain investigation was to look at the physical systems involved in causing the collision (i.e. propulsion, steering) and then begin looking for cyberattack vectors to those systems.

Ruling out cyber interference requires evidence of absence, which can be uniquely challenging. In order to refute a particular attack vector, coordination with a cyber intel support detachment is essential to understanding the range of possible cyberattack scenarios for a particular physical effect. For example, advanced cyber effects could be delivered over a radiofrequency pathway. Therefore, cyber investigators will need to understand the electromagnetic environment the ship is operating within, as recorded in national systems, and give access to analysts capable of identifying anomalies in the signal pathway.

Shipboard assessment and cyber intel support teams each have specific sets of expertise necessary to understand the full suite of cyberattack vectors and their potential impacts on shipboard systems. Cyberattack tactics are constantly changing and the highest levels of technical expertise and security clearance are required to keep abreast of the potential methods to penetrate networks and attack industrial control systems. Cyber intel teams will never have the engineering expertise to understand the full range of potential physical impacts on shipboard systems. As was demonstrated with Stuxnet and the attack on the Ukrainian power grid, the most successful cyberphysical attacks exploit the organizational gap between engineering and cyber teams.

Organizational constructs for cyberphysical systems will never be straightforward because cyber risk cuts horizontally across engineering systems and traditional intelligence activities. Organizational integration between the cyber and engineering communities must be practiced and continually refined in order to prevent and respond to cyberphysical interference. A near-term milestone would be to execute joint training exercises between the cyber intel and engineering communities in order to promote cross-disciplinary understanding and begin to build out the template for future organizational integration.

Conclusion

Network connectivity in industrial control systems has revolutionized the way humans interact with physical systems and ushered in a new era of capabilities from energy generation to manufacturing to warfighting. These advancements are not without risks, and to avoid cyberphysical catastrophe, the development of tools to ensure resilience, security, and safety must keep pace. Shipboard forensics provide a prime example of the current gaps in our ability to understand, monitor, and protect cyberphysical systems. The lessons learned from the forensic examination of the USS McCain can provide the foundation for the procedures, data, and organizational constructs required to create modern tools to monitor and protect cyberphysical systems.

Zac Staples had a 22-year career in the United States Navy as a surface warfare officer specializing in electronic warfare. His final tour was as the Director of the Center for Cyber Warfare at the Naval Postgraduate School, where he led inter-disciplinary research and development teams exploring cyber capability development. Zac holds a B.S. in engineering from the U.S. Naval Academy, a Masters in National Security Affairs from the Naval Postgraduate School, and is a distinguished graduate of the Naval War College.

Maura Sullivan specializes in systemic risks and data-driven emerging technologies. Maura was the Chief of Strategy and Innovation at the U.S. Department of the Navy, where she developed and implemented the strategic roadmap for emerging cyberphysical technologies. Previously, Maura led a start-up within the global catastrophe risk company, RMS, developing software and consulting solutions for managing systemic risks for financial and insurance markets. She was a White House Fellow, has a Ph.D. in epidemiology from Emory University and a B.S and M.S. in earth systems from Stanford University.

Zachary Staples (USN, Retired) and Maura Sullivan, PhD are the co-founders of Fathom5, a maritime cybersecurity company.

Featured Image: Operations Specialist 3rd Class Daniel Godwin, from Milton, Fla., stands watch in the Combat Information Center aboard the aircraft carrier USS Enterprise (CVN 65). (U.S. Navy photo)

Port Automation and Cyber Risk in the Shipping Industry

CIMSEC is committed to keeping our content FREE FOREVER. Please consider donating to our annual campaign now so we can continue to provide free content.

By Philipp Martin Dingeldey 

Introduction

To stay ahead of competing ports and technological developments, automation has been heralded as inevitable. Major transshipment hubs and aspiring ports bet their future on automation, which raises the impact  cyber risks could have in the long-run.

Singapore’s Port Modernization

One example of port modernization is Singapore’s Tuas Port Project. To stay ahead of competing ports in Southeast Asia, PSA International and the city state have bet their future on the fully automated port on the western side of the island. The project is set to almost double the port’s current throughput capacity of twenty-foot equivalent units (TEUs) and consolidate all its container operations by 2040.

Singapore’s port is ranked second, behind Shanghai’s mega port, by total TEUs handled. Nevertheless, Singapore’s port is the world’s busiest transshipment hub, and therefore immensely important to global supply chains. The port’s volume growth of 6.4 percent for the first half of 2017 indicates that its investments in modernized berths and joint ventures with liners paid off.

While this is great news for the short term, container vessels on Asia-Europe trade routes will inevitably increase in size, requiring higher handling efficiency to achieve fast turn-around times. By the end of 2018, ultra large container vessels (ULCVs) are expected to gain a share of 61 percent of total capacity, pushing established hubs like Singapore to automate its terminals to stay relevant.

At the same time, next generation container vessels will not only be bigger, but also increasingly automated and even autonomous. As ports and the shipping industry are integral parts of global and regional supply chains, their automation and technological modernization raises the impact and potential of cyber risk.

How Good is Automation?

For Singapore’s port, automation is seen to not only strengthen its position as a transshipment hub well into the future, but also helps it keep up with technological developments and industry trends.

The shipping industry has generally been slow in adapting new technologies, due to its conservative nature and the large number of players involved. Currently, only a fraction of global container volume is handled by fully automated container terminals. In 2016, it was estimated that only 4-5 percent of container volume will be handled by fully automated terminals once ongoing projects were completed. Nonetheless, industry pressure and competition have heightened the need for ports to invest and automate, indicating that the number of automated terminals will increase.

Automated terminals allow ports to handle containers more efficiently by using operating systems to plan storage in accordance with collection and transshipment times. This reduces unnecessary box moves, shortens cycle times, and enables consistent and predictable throughput numbers.

Fully-automated terminals have the advantage of low operating costs and reliable operations, but require higher upfront costs, longer development, offer only low productivity increases at peak times, and have the general difficulty to fully automate a working terminal. On the other hand, semi-automated terminals offer the possibility for greater productivity increases at peak times, are generally understood to have the best overall productivity with less upfront costs, but require higher operating costs and are inconsistent when it comes to handling ULCVs.

While full automation gives large ports like Singapore’s the advantage of reliable, full-time operations at low operating costs, it requires long development times to fix bugs and offers only gradual productivity increases at peak times. On top of that, full automation also increases their vulnerability to cyber risks. This is due to the use of technologically advanced and networked systems.

The investment threshold to enter automation for ports is high, while not necessarily offering major increases in productivity. What automation does offer major port hubs is better predictability and consistency of container moves per hour. Additionally, automation reduces the room for human error, making operations safer. At the same time, automation reduces the environmental impact since terminals are mostly electrified, giving ports an additional competitive edge in an industry increasingly focused on sustainability.

Cyber Risks

The shipping industry and ports are seen by many insiders as underprepared for cyber threats. Even though major players in the shipping industry have recognized and acted on the risks posed by cyber threats, the majority have been slow to recognize potential business risks. Even though awareness has grown, the need for better information sharing persists. Automation further increases the exposure and impact of cyber threats for ports, highlighting the importance of data and system integrity.

The reality of cyber threats to automated terminals was demonstrated in the “NotPetya” cyber-attack in June 2017. The attack forced Maersk to interrupt operations at multiple terminals worldwide, causing logistical havoc for weeks after the attack. Overall, it cost Maersk roughly US$300 million, even though the attack was not specifically directed at the company. The “lucky hit” against one of the industry leaders showcases that even well-prepared firms can suffer financial losses due to cyber threats.

The difficulty with protecting automated terminals from cyber risks lies with their complexity. These terminals use industrial control systems that translate sensorial data and commands into mechanical actions. The network links between mechanical equipment and sensors are exposed to the same threats as data networks. The complexity is further increased by the months and years it can take to figure out and fix bugs and weaknesses in automated systems. In an automated system, different system components have to effectively work together as one, stretching the time needed to figure out and fix bugs. This involves mainly software issues that have to be fixed while also moving boxes of cargo at the terminal.

While ports have to secure themselves from a broad range of risks, cybercriminals can choose from a number of entry points. For example, external vendors, terminal operating systems, and unaware employees may be vulnerable to phishing attacks. Operational systems and data networks are not always up-to-date or properly secured, allowing criminals to gain comparatively easy access to information. To prevent the ports and shipping industry from most attacks, regular operating system updates, stronger passwords, secure satellite connections, resilience exercises, information sharing, and employee awareness campaigns should be practiced.

On top of that, modern ships bear the risk of spreading viruses onto port systems simply via Wi-Fi or other data networks. Industrial control systems are not designed with cyber risks or active network monitoring in mind. This is especially true for ships’ control systems, but can also affect the system components of ports.

Nevertheless, this is only addressing the technical side. The human factor still plays a major role in mitigating cyber risks. Personal details of ship crews can still be easily accessed, making them more vulnerable to social engineering via phishing or other techniques, unknowingly granting access to systems.

Human factors can take the form of criminals, terrorists, competitors, disgruntled employees, and more. Workers at mostly manual terminals, for example, generally do not like automation because it makes their jobs largely redundant. To reduce the chance for cyber threats stemming from or aided by disgruntled employees, ports can offer training and job guarantees to their workforce to make the transition to automation more incremental.

Port authorities, registries, and all major organizations in the shipping industry are increasingly aware of cyber threats and are responding through raising awareness or offering training courses. These are simple steps to better protect information and navigation systems on board ships. For example, BIMCO, the world’s largest international shipping association, made cyber security an important issue for the shipping industry three years ago via an awareness initiative. The association has further advocated the need for guidelines to evolve with the threats, launching the “Guidelines for Cyber Security Onboard Ships” in July 2017, which was endorsed and supported across the industry.

In addition, the Liberian ship registry started a computer-based two-hour cybersecurity training program in October 2017, offering a comprehensive overview of cybersecurity issues aboard ships. Nevertheless, it is unlikely that these courses and campaigns are enough to protect the industry. While it is a step in the right direction, more needs to be done through regulations.

Conclusion and Policy Recommendations

Since 2016, the International Maritime Organization (IMO) has put forward voluntary guidelines regarding cyber risks. Only after 2021 does the IMO plan to enforce a set of binding regulations on cybersecurity. This might be too late for many companies in the industry. Shipping companies should not wait until 2021, but should begin now to implement simple measures, like using firewalls and stronger passwords, to deter criminals from trying to exploit current weaknesses.

Further, even though the IMO adopted guidelines on maritime cyber risk management into the International Safety Management Code this year, ports and the shipping industry still need to establish a stronger culture on cybersecurity.

Major shipping hubs are part of large and less resilient supply chains, which are essential for regional and international trade. These supply chains depend on a small number of key ports, which are vulnerable to shocks from other ports. To make supply chains and port hubs more resilient to cyber risks, the shipping industry as a whole will have to adjust and prepare.

Companies will have to work together and share information on previous or ongoing attacks, so that experiences and best practices can be shared directly. Unfortunately, this has been difficult to achieve due to worries about how competitors may use the shared information. Singapore has set up the Port Authorities Focal Point Correspondence Network to further the exchange of information on past and current incidents. It remains to be seen if this network has worked to encourage the sharing of information.

Ports are logistical hubs where many companies compete for business, making information sharing naturally difficult. Currently, port security is based on the International Ship and Port Facility Security (ISPS) Code, which is heavily focused on the physical aspects of security. In order to make cyber risks a much more important issue for port security, the whole sector needs to step up and make it a priority.

Cyber risks are not just a technological matter, but require adequate awareness and planning to strengthen a port’s resilience. Training employees actively in security protocols and procedures with information systems is one way of achieving this. At the same time, ports need to engage in contingency and scenario planning to be better prepared should an attack occur. On top of all this, national bodies (e.g. institutes of standards) need to give better guidance on security testing and planning for ports, which should be supplemented by binding guidelines on reporting and information sharing mandated by global bodies like the IMO.

Philipp Martin Dingeldey is a Research Analyst with the Maritime Security Programme at the Institute of Defence and Strategic Studies (IDSS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. For questions and follow-ups he can be reached at research.pmdingeldey@gmail.com.

Featured Image: Port of Singapore (XPacifica/Gettyimages)

The Chinese Dream and Beijing’s Grand Strategy

By Tuan N. Pham

At the 19th National Congress of the Chinese Communist Party (CCP), President Xi Jinping opened the assembly by delivering a seminal report to its members. The three hour-long speech emphatically reaffirmed a strategic roadmap for national rejuvenation and officially heralded a new era in Chinese national development. Beijing now seems, more than ever, determined to move forward from Mao Zedong’s revolutionary legacy and Deng Xiaoping’s iconic dictum (“observe calmly, secure our position, cope with affairs calmly, hide our capacities and bide our time, be good at maintaining a low profile, and never claim leadership”). Beijing also appears poised to expand its global power and influence through the ambitious Belt and Road Initiative, expansive build-up and modernization of the People’s Liberation Army (PLA), assertive foreign policy, and forceful public diplomacy. Underpinning these strategic activities are various ancillary strategies – maritime, space, and cyberspace – all interlinked with the grand strategy of the Chinese Dream.

Xi has irreversibly moved China away from the legacies of Mao and Deng, and resolutely set the country on the continued path of the Chinese Dream – a strategic roadmap for national rejuvenation (grand strategy) that interlinks all ancillary strategies. The following discourse will explore the cohesive alignment of these strategies and the connected strategic themes pervasive throughout them.

Grand Strategy

A closer examination of Xi’s remarks reveals Beijing’s true national ambitions. He spoke at great length about the “Four Greats – experience the great struggle in the new era, construct the great project of CCP building, and promote the great cause of socialism with Chinese characteristics, in order to realize China’s great dream of national rejuvenation.” All in all, the speech outlined Chinese strategic intent in terms of “what” (national rejuvenation), “when” (by what date should national rejuvenation be achieved by), and “how” (ways and means to achieve national rejuvenation).

The “what” and “when” is articulated as: “By 2049, China’s comprehensive national power and international influence will be at the forefront.” In other words, restore the Middle Kingdom’s status as a leading world power and civilization thereby realizing a “modern and powerful China” by 2049.

The “how” consists of several goals. First, promote abroad “socialism with Chinese characteristics in a new era (Xi’s Thoughts).” Until now, Beijing did not actively export its ideology to the world. However, Xi views Western liberal democracy (at best) as an obstruction to China’s rise and (at worst) as a threat to the Chinese Dream. He believes Chinese socialism is philosophically and practically superior to the diametrically opposed modern occidental thought as evidenced by China’s meteoric national development and economic growth; and as a way to catch up with the developed nations and prevent the regression to humiliating colonialism.

The second major goal is to displace the extant Western-oriented world order with one without dominant U.S. influence. This includes offering developing countries a strategic economic and political choice of Chinese “benevolent” governance involving mutual friendship but not encumbering alliances – economic development with political independence. In essence, take note of China, a rising power and growing economic juggernaut that does not have to make political accommodations, an appealing case to developing states, particularly those under authoritarian rule.

The third goal is to further develop the PLA to enable and safeguard national rejuvenation. Xi charges the PLA to realize military modernization by 2035 and become a world-class military by 2049, which means the PLA must attain regional preeminence by 2035 and global parity with the long-dominant U.S. military by 2049.

The fourth goal is to exercise a more assertive foreign policy to promote and advance the Chinese Dream. National security is now just as important as economic development. The new strategic approach calls for the balanced integration of both interests – long-term economic development with concomitant economic reforms intended to restructure and realign the global political and security order and safeguard and enhance the internal apparatuses of China’s socialist system until it can be the center of that new global order.

Maritime Strategy

Chinese maritime strategists have long called for a maritime strategy– top-level guidance and direction to better integrate and synchronize the multiple maritime lines of effort in furtherance of national goals and objectives (the Chinese Dream). For Beijing, last year’s historic and sweeping award on maritime entitlements in the South China Sea by the International Tribunal of the Permanent Court of Arbitration at the Hague – overwhelmingly favoring the Philippines over China – makes this strategic imperative even more urgent and pressing. Shortly after the ruling, the CCP’s Central Committee, State Council, and Central Military Commission signaled their intent to draft a maritime strategy in support of China’s strategic ambitions for regional preeminence and eventual global preeminence. The developing and evolving strategy proposes coordinating Beijing’s maritime development with efforts to safeguard maritime rights and interests.

China’s maritime activities are influenced by Mahanian and Corbettian principles and driven by its strategic vision of the ocean as “blue economic space and blue territory” – crucial for its national development, security, and status. Beijing is on a determined quest to build maritime power, and naval and security issues are only part of that strategic vision. The forthcoming maritime strategy will encompass more than just the PLA Navy, Coast Guard, and Maritime Militia. Also at play is China’s wide-ranging approach to maritime economic, diplomatic, environmental, and legal affairs. Therefore, the new strategy will need to balance two competing national priorities – building the maritime economy (economic development) and defending maritime rights and interests (national security).

A key component of the emerging maritime strategy is Chinese efforts to shape maritime laws to support national rejuvenation. Beijing will try to fill international and domestic legal gaps that it sees as hindering its ability to justify and defend current maritime territorial claims (East and South China Seas) and future maritime interests (possibly in the Indian Ocean, Arctic, and Antarctica) – part of a continuing effort to set the terms for international legal disputes it expects will grow as its maritime reach expands. These developing maritime laws bear watching as a public expression of Beijing’s strategic intent in the maritime domain and a possible harbinger for the other contested domains as well.

Space Strategy

Last December, China’s Information Office of the State Council published its fourth white paper on space titled “China’s Space Activities in 2016.” Since the white paper was the first one issued under Xi, it is not surprising that the purpose, vision, and principles therein are expressed in terms of his worldview and aspiration to realize the Chinese Dream. Therefore, one should read beyond the altruistic language and examine the paper through the realpolitik lens of the purpose and role of space to the Chinese Dream; the vision of space as it relates to the Chinese Dream; and the principles through which space will play a part in fulfilling the Chinese Dream.

Although the white paper is largely framed in terms of China’s civilian space program, the PLA is subtly present throughout the paper in the euphemism of “national security.” The references in the purpose, vision, and major tasks deliberately understate (or obfuscate) Beijing’s strategic intent to use its rapidly growing space program (largely military space) to transform itself into a military, economic, and technological power.

The white paper also highlights concerted efforts to examine extant international laws and develop accompanying national laws to better govern its expanding space program and better regulate its increasing space­-related activities. Beijing intends to review, and where necessary, update treaties and reframe international legal principles to accommodate the ever-changing strategic, operational, and tactical landscapes. By and large, China wants to leverage the international legal framework and accepted norms of behavior to advance its national interests in space without constraining or hindering its own freedom of action in the future where the balance of space power may prove more favorable.

Cyberspace Strategy

On the same day as the issuance of the “China’s Space Activities in 2016” white paper, the Cyberspace Administration of China also released Beijing’s first cyberspace strategy titled “National Cyberspace Security Strategy” to endorse Chinese positions and proposals on cyberspace development and security and serve as a roadmap for future cyberspace security activity. The strategy aims to build China into a cyberspace power while promoting an orderly, secure, and open cyberspace, and more importantly, defending its national sovereignty in cyberspace. The strategy interestingly characterizes cybersecurity as the “nation’s new territory for sovereignty”; highlights as one of its key principles “no infringement of sovereignty in cyberspace will be tolerated”; and states intent to “resolutely defend sovereignty in cyberspace” as a strategic task. Since then, Beijing has steadily increased policy, legal, and technical measures to tighten its state controls of the Internet – limiting the information flow to the populace and curbing the unwanted foreign influence of Western liberal democracy.  

Both the space white paper and cyberspace security strategy reflect Xi’s worldview and aspiration to realize the Chinese Dream. The latter’s preamble calls out the strategy as an “important guarantee to realize the Two Centenaries struggle objective and realize the Chinese Dream of the great rejuvenation of the Chinese nation.” Therefore, like the white paper, one should also read beyond the noble sentiments of global interests, global peace and development, and global security; and examine the strategy through the underlying context of the Chinese Dream. What is the purpose and role of cyberspace to national rejuvenation; the vision of cyberspace power as it relates to national rejuvenation; and through which principles will cyberspace play a role in fulfilling national rejuvenation?

The role of the PLA is likewise carefully understated (or obfuscated) throughout the strategy in the euphemism of “national security.” The references in the introduction, objectives, principles, and strategic tasks quietly underscore the PLA’s imperatives to protect itself (and the nation) against harmful cyberspace attacks and intrusions from state and non-state actors and to extend the law of armed conflict into cyberspace to manage the increasing international competition – both of which acknowledge cyberspace as a battlespace that must be contested and defended.   

The strategy also puts high importance on international and domestic legal structures, standards, and norms. Beijing wants to leverage the existing international legal framework and accepted norms of behavior to develop accompanying national laws to advance its national interests in cyberspace without constraining or hindering its own freedom of action in the future where the balance of cyberspace power may become more favorable.

Four months later in March, the Foreign Ministry and State Internet Information Office issued Beijing’s second cyberspace strategy titled “International Strategy for Cyberspace Cooperation.” The aim of the strategy is to build a community of shared future in cyberspace, notably one that is based on peace, sovereignty, shared governance, and shared benefits. The strategic goals of China’s participation in international cyberspace cooperation include safeguarding China’s national sovereignty, security, and interests in cyberspace; securing the orderly flow of information on the Internet; improving global connectivity; maintaining peace, security, and stability in cyberspace; enhancing the international rule of law in cyberspace; promoting the global development of the digital economy; and deepening cultural exchange and mutual learning.

The strategy builds on the previously released cyberspace security strategy and trumpets the familiar refrains of national rejuvenation; global interests, peace and development, and security; and development of national laws to advance China’s national interests in cyberspace. Special attention was again given to the contentious concept of cyberspace sovereignty in support of national security and social stability.

Connected Strategic Themes

Ends – Chinese Manifest Destiny. Chinese strategists have long called for a comprehensive and enduring set of strategies to better integrate and synchronize the multiple strategic lines of effort in furtherance of national goals and as part of a grand strategy for regional preeminence and ultimately global preeminence. National rejuvenation reflects their prevailing expansionist and revisionist sentiment, and is the answer to their calling. China is unquestionably a confident economic juggernaut and rising global power, now able to manifest its own national destiny – the Chinese Dream – and dictate increasing power and influence across the contested and interconnected global commons in support of national rejuvenation.

Ways – Global Commons Sovereignty (Economic Development and National Security). Beijing’s maritime activities are driven by its strategic vision of the ocean as “blue economic space and blue territory.” China seems to regard space and cyberspace very much in the same manner and context in terms of economic potential (value) and sovereign territory (land) that requires developing and defending respectively. For now, there appears more policy clarity, guidance, and direction for sovereignty in cyberspace, while space sovereignty seems more fluid and may still be evolving policy-wise. Nevertheless, Beijing still needs to balance the two competing national priorities – building the domain economy (economic development) and defending domain rights and interests (national security) – in all three contested and interconnected global commons.

Means – Laws to Support Strategy. Beijing seeks to shape international laws and norms and develop accompanying domestic laws to be more equitable and complementary to its national interests. The legal campaign is part of continuing efforts to set the terms for international legal disputes that Beijing expects will grow as its reach expands across domains. China wants to set the enabling conditions for future presence and operations (and perhaps preeminence) across the contested and interconnected global commons.

Risks – Western Liberal Democracy. Beijing largely sees Western liberal democracy (at best) as an impediment to China’s rise and (at worst) as a danger to national rejuvenation. Many Chinese view the United States as the embodiment of the diametrically opposed modern occidental thought that actively tries to contain their peaceful rise and prevent them from assuming their rightful place in the world. Therefore, they believe the Chinese Dream is not only a strategic roadmap for global preeminence, but also a strategic opportunity to right a perceived historical wrong (humiliating colonialism). China still feels disadvantaged by (and taken advantage of) a Western-dominated (and biased) system of international laws established when it was weak as a nation and had little say in its formulation.

Conclusion

At the end of the day, Beijing has a comprehensive and coherent grand strategy that guides, directs, and synchronizes its strategies. Washington would be prudent to take note and plan accordingly. Otherwise, America risks being outmaneuvered and outmatched across the contested and interconnected global commons and ceding U.S. regional and global preeminence to a more organized, flexible, and agile China. 

Tuan Pham has extensive experience in the Indo-Asia-Pacific, and is widely published in national security affairs and international relations. The views expressed therein are his own and do not reflect the official policy or position of the U.S. Government.

Featured Image: Chinese astronauts Jing Haipeng (L) and Chen Dong wave in front of a Chinese national flag before the launch of Shenzhou-11 manned spacecraft, in Jiuquan, China, October 17, 2016. (REUTERS/Stringer)