The Specter of Stuxnet

 

Unknown-1

Kim Zetter. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital WeaponCrown/Archetype, Nov 11, 2014. Hardcover. 448 pages. $25.00.

Review by Shane Halton

Hollywood has been trying like hell to make cyber sexy. We’ve already had a Die Hard movie about cyber terrorism and soon we’ll have an international cyber thriller starring Thor, certainly the tannest hacker in film history. These types of movies have a long pedigree and all use the same basic template: there’s a group of heroes running around trying to catch a hacker before he uses his hacker skills to either blow something up (Live Free or Die Hard) or steal a lot of money (Goldeneye). This is the Cyber Warfare as Action Movie model.

The story of the Stuxnet Worm, as told by Kim Zetter in her fantastic book, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, could have continued this well-trodden path. The story has explosions (!) and the release of poisonous gas (!) but largely eschews the action movie format in favor of something of a cross between a more cerebral version of CSI and a 70s conspiracy thriller. Zetter wisely channels her narrative through the perspective of private sector forensic cyber researchers at Kaspersky Labs, Symantec, and VirusBlokAda, the Belarussian cyber security company that first detected Stuxnet in the wild and attempted to dissect it. These researchers worked the Stuxnet case (and the related ‘Flame’ Worm) on and off for years, always trying to tease out the answer to its central mystery– who created this thing and for what purpose?

Once the culprits and their nefarious intentions are ‘revealed’ (Zetter’s best guess is that Stuxnet was developed by the NSA and the Israelis, both of whom unsurprisingly failed to confirm or deny ownership), Ms. Zetter succinctly explains why releasing a Worm as powerful and potentially dangerous as Stuxnet might have been the least worst option available to the West when it was confronted with the looming threat of an Iranian nuclear weapons program. The author states that Stuxnet originally started out as a reconnaissance program designed to map the contours of the secret Iranian enrichment program. Later versions of the virus were more geared towards industrial sabotage- randomly altering the speed of centrifuges, opening and closing critical valves and reporting bad data back to the control system all in an effort to degrade the Iranians’ ability to enrich uranium. Though the required repairs to the program were costly and time-consuming, Iran was able to invest the time and resources necessary to overcome the damage caused by Stuxnet.

Once the big mystery is revealed, all that is left are the ramifications. Ms. Zetter spends the final third of the book expanding the aperture of her story in ways that are as compelling as they are unsettling. She delves into the ‘grey market’ of zero day vulnerabilities (software vulnerabilities that haven’t been publicized yet), in which individuals and hacker groups discover, catalogue and sell off software vulnerabilities to the highest bidder. Some of the buyers are software companies, others are security companies and some are hacker groups and nation states. Why would nation states be interested in software vulnerabilities? Ms. Zetter convincingly argues that organizations like the NSA, Mossad, and equivalent agencies in Russia and China use these vulnerabilities both to protect themselves from attacks and create offensive cyber weapons. Ms. Zetter describes how this process has likely increased exponentially since Stuxnet was first discovered in 2010.

The author goes on to describe the dilemma facing the NSA with regard to such vulnerabilities — to patch or not to patch? If you rigorously push out patches to software vulnerabilities you can help protect everyone. But if your goal is to gain access to and subvert enemy computer system the opposite logic is at least as compelling – patch nothing and exploit everything. Ms. Zetter quotes an analyst who describes this as akin to withholding a vaccine from everyone in order to ensure your enemy is infected with a disease. This discussion is extremely timely as well. During his May 2015 filibuster of the renewal of the Patriot Act, Senator Rand Paul (R-Ky.) cited documents leaked by the NSA contractor Edward Snowden discussing this dilemma and other instances where the NSA has been accused of deliberately watering down encryption standards in order to ensure it maintained its ability to access every computer system in the world.

Perhaps the most disturbing part of the story is the uncertain fate of Stuxnet itself. It is important to think of Stuxnet as being composed of two parts: the missile and the warhead. Zetter says Stuxnet’s designers spent a lot of time developing a ‘missile’ that could exploit vulnerabilities and avoid detection long enough to get its ‘warhead’ to the part of the system it’s targeting. When Stuxnet was released into the world it accidentally ended up on tens of thousands of computers across the globe. When the private sector researchers discovered and dissected it they published their findings (including the Stuxnet source code) online. Remember, every copy of Stuxnet contains the plans to build another Stuxnet, with the option to modify the missile or warhead portions as required. This means that since 2010 the plans to build your own copy of the most dangerous cyber weapon in history have been available for free online. One cyber security expert interviewed in the book likens the release of Stuxnet to following up the bombing of Hiroshima with an air drop of leaflets describing how to build an atomic bomb.

This book does two important things well. First, it tells the origin story of a dangerous new class of weapon in a way that is accessible to the educated lay reader. PW Singer, in his book on cyber security, describes ‘the glaze’ which is ‘the unmistakable look of profound confusion and disinterest that takes hold whenever conversation turns to workings of a computer.’ By keeping the focus on the human drama of the researchers unpacking the mystery of Stuxnet, Ms. Zetter never lets readers fall victim to the glaze. Second, the book serves as an excellent practical guide to the language and concepts of the cyber world; language and concepts that will undoubtedly play an ever larger role in our national dialogue as time goes by. 

Lieutenant Junior Grade Shane Halton is a naval intelligence officer currently stationed at the Joint IED Defeat Organization. He served as an enlisted intelligence specialist before commissioning through the STA-21 program. He has written about global air defense modernization trends and the effects of big data on intelligence analysis for Proceedings magazine. The views above are the author’s and do not represent those of the US Navy or the US Department of Defense.

EUNAVFOR: Switching from pirates to migrants?

A human disaster is currently happening in the Mediterranean Sea where more than 10,000 migrants have been picked up as they attempted to enter Europe from Libya. The International Organization for Migration estimates that nearly 1,830 migrants have died on the sea route this year compared to 207 in the same period last year.

Traffickers started taking advantage of the breakdown of authority in Libya to pack boats with paying migrants willing to cross the sea for a better life. Meanwhile, the European operation against piracy in the Indian Ocean (EUNAVFOR Atalanta) has become a reference for possible maritime operation in the Mediterranean against those traffickers.

EUNAVFOR: an operation meant to fight piracy

ATALANTA
Operation Atalanta, as of June 2015. Along with AoR.

Created in 2008 as an operation to protect merchant ships against pirate attacks, mainly in the Gulf of Aden and particularly in the IRTC (International Recommended Transit Corridor) put in place to make sure vessels from the World Food Programme would reach the populations in need, Atalanta has become much more than a simple EU joint operation.

If the destruction of ships was not part of the original objectives of Atalanta, its actions soon grew offensive: in spring 2010, 18 months after its start, Atalanta adopted enhanced intelligence and surveillance methods allowing it to disrupt both “pirate bases” and pirate ships.

The tactics used by the EU operation (and by other forces) to enter a maximum of mother ships (not simple skiffs) was one of the operation’s success vectors. But those vessels were empty most of the time and no collateral risk was therefore expected.

Recognition means and intelligence

Operation Atalanta has strong recognition means with several maritime patrol aircraft based in different parts of the Indian Ocean (mainly in Djibouti and Seychelles) to regularly cover the area. From time to time, an AWACS aircraft is also required to lead strategic surveillance of the zone. And at the tactical level, some vessels (mainly Dutch) used maritime drones.

The interrogation of arrested pirates is a very important source of information and merchant ships that cross the zone play an important role in passing information to the  Maritime Security Centre – Horn of Africa, the maritime information centre set up at Northwood military headquarters in the UK and the various information collected in neighbouring countries (Kenya or Djibouti).

The Maritime Security Centre – Horn of Africa (MSCHOA) is an initiative established by EU NAVFOR with close co-operation from industry. It provides 24-hour manned monitoring of vessels transiting through the Gulf of Aden, whilst the provision of an interactive website enables the Centre to communicate the latest anti-piracy guidance to industry, and for shipping companies and operators to register their vessels’ movements through the region.

Owners and operators who have vessels transiting the region are strongly encouraged to register their movements with MSCHOA to improve their security and reduce the risk of attacks or capture. Additionally, the “Best Management Practices for Protection against Somalia Based Piracy” (BMP) and further information about combating piracy, and what action to take should they come under attack, can be downloaded on the MSCHOA’s website.

A further initiative was the introduction of Group Transits; vessels are co-ordinated to transit together through the IRTC. This enables military forces to “sanitise” the area ahead of the merchant ships. MSCHOA also identifies particularly vulnerable shipping and co-ordinate appropriate protection arrangements, either from within Atalanta, or other forces in the region.

In 2012, the need for ground actions was put forward.

Operations on land

In 2008, the crew of the Ponant, a French ship has been reported as having been taken in hostage by one of the four most powerful local groups, the Somali marines, who usually launched their operations from Garaad.

After the release of the Ponant, Admiral Gillier launched a helicopter raid by boarding commandos to intercept pirates on land. This air raid took place with the agreement of the Somali government. This is the only time where pirates were followed on land after the ransom was paid. The question was asked if the extension of Atalanta’s mandate would allow armed forces to track pirates on land. In April 2012, authorizations to destroy the logistics depots, i.e. “pirates bases” was obtained. These actions were also a way of saying to pirates “we can reach you anywhere.” This possibility of ground action, however, has been used only once, in May 2012, in an action by the Spanish navy. It was apparently enough to convince some local leaders that it was too dangerous for them to help pirates.

Recent actions in Yemen

In the margin of Atalanta, the French patrol boat L’Adroit was deployed on March 30, for two weeks off the Yemeni coast, where he led the evacuation of 23 French nationals from Aden, in difficult conditions. L’Adroit also escorted several Yemeni dhow between the ports of Djibouti and Al Mukah, contributing to the evacuation of nearly a thousand people from Yemen, including more than 500 Djiboutian refugees. The French ship then made call in Djibouti to refuel. Several authorities went on board, including the Ambassador of France to Djibouti, to congratulate the crew for its actions. L’Adroit now resumes his patrol off the Somali coast as part of the EU mission Atalanta to fight against piracy.

EUNAVFOR MED: Switching from pirates to migrants?

TRITON
Operation Triton, as of June 2015.  Along with Malta’s SRR AoR.

This triple action: information, sea destruction and destruction on land was recently considered as a model for a possible CSDP operation against human traffickers in the Mediterranean. On 23rd April, an extraordinary European Council gathered to speak on the sensitive subject of migrants in the Mediterranean.According to a draft declaration, EU leaders turn towards Atalanta to reduce –if not end- the shipwrecks of migrants. We must “undertake systematic efforts to identify, capture and destroy the ships before they are used by traffickers”, the document reported.

The head of European diplomacy,Federica Mogherini, “was invited to immediately begin preparations for a possible security and defence operation, in accordance with international law.” The head of the Italian Government, Matteo Renzi, even requested the examination of the possibility of conducting “targeted interventions” against smugglers in Libya, which over the years became the country of embarkation of migrants and asylum applicants towards Italy and Malta.

If accepted, the organization of the EU military operation would be a first in the fight against illegal immigration but, of course, its implementation would take time. But in order to do destroy boats in Libya, a legal mandate is required from the UN. The ground action possibility for the Atalanta naval force in Somalia was almost never used because of its difficulty. EU leaders also need to think about measures to intervene during the crossing of migrant boats. And this would probably require giving more money to Frontex, the EU’s border control agency. However, the destruction of ships used by migrants already takes place at sea.

There are three main reasons for this:

First, abandoned vessels are a hazard to navigation, especially at night, when, because of their size and lack of lighting, they cannot be seen, even in good weather. Second, a ship lost at sea can be seen from an airplane and it is not always clear if anyone is onboard. To maintain the high quality of emergency rescue at sea, it is necessary to destroy those boats immediately after all migrants have been evacuated.Third, abandoning a vessel could lead to the risk of it being used once again by a new team of traffickers.

For example, German Chancellor Angela Merkel has officially confirmed on the 19th May during a joint press conference with President Hollande, that, since the beginning of sea rescue operations where the German navy was involved, “five inflatable boats and a wooden boat were sunk”.

The High Representative of the European Union for Foreign Affairs and Security Policy, Federica Mogherini, declared: “the fundamental point is not so much the destruction of the vessels but it is the destruction of the business model of the traffickers. If you look at business model of the traffickers and the flows of money involved in trafficking, it may be that that money is financing terrorist activities.” Stressing the same point, NATO Secretary-General Jens Stoltenberg said: “one of the problems is that there might be foreign fighters, there might be terrorists, also trying to hide, to blend in on the smugglings vessels trying to cross over into Europe.”

Know your enemy!

On 18th May, Ministers of Foreign Affairs and Defence of the 27 Member States of the EU (Denmark opted out of the common defence agreement after the Danish ‘no’ vote at the Maastricht referendum in June 1992) gave their “green light” to EUNAVFOR Med. Since the United Nations did not take any resolution yet, the operation should start with a first phase: the exchange of information and intelligence. This is fundamental, since, without an accurate tracking of information concerning different traffickers, different means employed, etc., it would be almost impossible to fight this traffic. This means air observation (maritime surveillance aircraft, UAVs, helicopters …) and imaging (radars, satellites, etc.).

Furthermore, if the goal is to neutralize these networks and to bring the perpetrators to justice, it is necessary, indeed, to have specific evidence against them. Laws also need to be updated to arrest traffickers on the high seas.

It will not be too difficult to organize action in the Libyan waters since most of the interested navies such as Greece, Italy, France, Spain etc. are already almost positioned in the international waters near Libya. The Mediterranean is really a “mare nostrum”. All European marine meet there to participate in combined manoeuvres (within NATO in general) or to visit the Indian Ocean – to participate in the anti-piracy operation in the operation of allies in Iraq, etc. – So, the cost for the navies to act through EUNAVFOR Med is reduced.

The General Operations Quarter installed in Rome, is already operational as it is currently used for Triton operation conducted under the aegis of Frontex (the European border control agency). Its military commander is Credendino Enrico, an Italian admiral. After this first phase centred on intelligence gathering and surveillance of smuggling routes leading from Libya to southern Italy and Malta, EU ships would start chasing and boarding the smugglers’ boats in a second phase. Summer is the high season for trafficking; this is why it is necessary to act quickly.

A dramatic situation but where is solidarity?

Despite the show of unity on the military action, the EU appears increasingly divided on the question of mandatory numbers of asylum seekers which should be accepted by member states, according to population size, wealth, and the number of migrants already hostel, as proposed by the European Commission on 13th May.

Ten countries have already spoke out against it, namely Spain, France, Britain and Hungary. Spanish Foreign Minister Jose Manuel Garcia-Margallo said the proposed quota for Spain doesn’t take into account the nation’s sky-high jobless rate of 24 percent and its efforts to prevent illegal migration from African nations. Police in the Sicilian port of Ragusa, meanwhile, arrested five Africans suspected of navigating a rubber life raft packed with migrants that was intercepted at sea last week. Hungary’s PM Viktor Orban has said the plan is “madness” and France’s Manuel Valls called it “a moral and ethical mistake”.

Why are all politicians so afraid to hold a hand to migrants? In 1979, French politicians and intellectuals put their disagreements aside and welcomed more than 128,531 Vietnamese and Cambodian refugees, fleeing communism and ethnic persecution, not knowing where to go.” Jean-Paul Sartre and Raymond Aron, two intellectuals, who were politically opposed, gathered around a common cause. A few months earlier, this heterogeneous coalition was established to charter a boat, with MSF, to travel around the South China Sea and bring relief and assistance to boat people in distress.

France hosted and helped migrants to settle and be integrated on its soil. Much of the Asian community in France, especially in the thirteenth arrondissement of Paris, is the result of this wave of immigration of boat people fleeing the former French colonies in Indochina.

Today, thousands of men and women are fleeing war in Syria – a former territory managed by France-,or the dictatorship in Eritrea, or the poverty of sub-Saharan Africa and no one is there to hand them a hand. David Cameron recently announced that he would send a ship of the Royal Navy in the Mediterranean but any migrant rescued by the British Navy would be deposited on the coasts of the closest countries, probably Italy.

We can find thousand of reasons not to help these people but I have one question: when did we stop being human?

After studying law and international relations, Alix started working on the first cycle of conferences “Defence and Environment: a new way of thinking” about the impact of defense activities on the environment. Alix served as a Navy officer and a political adviser to the New Zealand Consul in New Caledonia.  Since 2013, Alix is also the Asia-Pacific market analyst for the French and English publications of Marine Renewable Energy as a renewable energy consultant. She currently lives in New Caledonia. She is writing a PhD on the law of marine energy resources.

Louis Martin-Vézian is the co-president of the French chapter of CIMSEC, and produces maps and infographics features on CIMSEC and other websites. His graphics and research were used by GE Aviation and Stratfor among others.

China’s Evolving Perspectives on Network Warfare: Lessons from the Science of Military Strategy

This article by Joe McReynolds originally appeared in the Jamestown Foundation’s China Brief and can be found in its original form here

When tracking the development of China’s military capabilities, Western People’s Liberation Army (PLA) watchers encounter frequent challenges in determining which data sources they should draw upon for their analysis. Purely quantitative measurements of the PLA’s nominal force strength, though often valuable, may not provide insights into challenges the PLA faces in the real-world execution of its missions, while writings on Chinese military strategy by any given PLA author may not reflect the PLA’s broader institutional stance or limitations imposed by inadequate material capabilities.

If one analyzes China’s approach to network warfare in particular, these challenges are multiplied. [1] “Cyber weapons” are not publicly viewable and quantifiable in the same sense as submarines or aircraft, and often the PLA will not admit even their existence. And just as in U.S. discussions of “cyber war,” charlatans and self-promoters abound; although it is easy to find writings by PLA officers theorizing loosely and grandiosely about information warfare, they are often speaking only for themselves rather than for their respective military institutions.

Roughly once every 15 years or so, however, the PLA’s influential Academy of Military Sciences (AMS) issues a new edition of The Science of Military Strategy (SMS), a comprehensive, generally authoritative study of the PLA’s evolving strategic thought that escapes much (though not all) of the shortcomings of other PLA original sources. The AMS plays a much more central role in the formation of China’s military strategic thought than its academic counterparts in the United States, and the SMS is its flagship external product. It is the result of dozens of high-level PLA authors working together over a period of years to produce a heavily vetted consensus document.

As a result, each new edition of the SMS is closely scrutinized by China hands in the West for the valuable insights it provides into the evolving thinking of the PLA on a range of strategically important topics. The newest edition of the Science of Military Strategy has recently been released, with Western PLA analysts beginning to obtain copies since summer 2014. Although no English translation is currently available, a book forthcoming this year from The Jamestown Foundation, China’s Evolving Military Strategy, will aim to convey the central insights contained within this important new document to Western policy and analysis audiences.

The SMS is a particularly valuable resource for understanding China’s evolving strategic approach to network warfare. A study that aims to be as comprehensive as the SMS cannot afford to ignore network warfare due to the centrality of information warfare to modern war-fighting, and the process by which the SMS is written ensures that the information analysts receive on network warfare represents something approaching an authoritative consensus within the PLA. The following are the most important revelations from the new SMS on the PLA’s approach to network warfare:

The Fig Leaf is Gone: China’s Network Warfare Forces Are Now Explicitly Acknowledged

In recent years, official PLA publications have repeatedly issued blanket denials of offensive activities in the network domain, such as that “the Chinese military has never supported any hacker attack or hacking activities” (China Armed Forces / 中国军队, No. 20, 2013) even as the evidence conclusively attributing various large-scale cyber intrusions to China has continued to mount. The release of the new SMSremoves that barest fig leaf of plausible deniability. The SMS not only explicitly acknowledges that China has built up network attack forces, but divides them into three types:

  • The PLA’s “specialized military network warfare forces” (军队专业网络战力量), which are military operational units specially employed for carrying out network attack and defense
  • “PLA-authorized forces” (授权力量), which are teams of network warfare specialists in civilian organizations such as the Ministry of State Security (MSS), the Ministry of Public Security (MPS) and others that have been authorized by the military to carry out network warfare operations
  • “Non-governmental forces” (民间力量), which are external entities that spontaneously engage in network attack and defense, but can be organized and mobilized for network warfare operations

This is the first time an explicit acknowledgement was made of the existence of China’s secretive network attack forces from the Chinese side, and it is particularly noteworthy that this acknowledgement extends beyond the military domain and into the network warfare capabilities of civilian government agencies. The AMS’s statement that China’s civilian network attack forces operate under the PLA’s “authorization” may speak to an ongoing power struggle within the Chinese system between the PLA’s leadership and the aforementioned civilian government organs to determine who truly oversees Chinese actions in cyberspace; as unprecedented as it is to have the Chinese military acknowledge the existence of its network attack forces, having a PLA publication be the first to announce the existence of such secretive forces inside the civilian government is particularly unusual, and may represent an attempt to “plant the flag” for the PLA.

This could also seriously complicate China’s international efforts at law enforcement cooperation on cybercrime. The MPS, which is more or less “China’s FBI,” has assisted more than 50 countries in investigating over a thousand cases of cyber-crime in the past decade, and China has established bilateral law enforcement cooperation with over 30 countries (including the United States, the United Kingdom, Germany and Russia), often including a cyber-crime component (China Armed Forces, 2013). With the Chinese now explicitly acknowledging that the MPS has network warfare forces stationed within it, the United States and other targets of Chinese state-sponsored hacking will have to weigh carefully whether cooperation with the MPS on cyber-crime is worth the risks.

Blurring the Divide Between the Military and Civilian Realms

In keeping with Chinese President Xi Jinping’s recent statements that “without network security there is no national security” (PLA Daily, October 7, 2014), the authors of the new SMS break from the previous edition’s vague talk of overall information warfare objectives to concretely assert the centrality of cyberspace power to China’s overall ability to project national power, engage in strategic deterrence, and defend itself in a conflict. However, this “network domain,” which has become so central to the PLA’s warfighting, exists primarily as civilian infrastructure and is used globally for civilian purposes. As a result, although development of elite network warfare personnel remains central to the PLA’s ongoing cyber mission, the authors of the SMS focus an unusual amount of their energies examining the importance of civilian information technology and the civilian Internet to network warfare.

First and foremost, the authors believe that civilian infrastructure in foreign countries can be targeted more freely with network warfare than with conventional weapons, without provoking the degree of conflict escalation that a conventional attack on civilian targets would. This echoes an idea known as “unrestricted network warfare” long advocated by some of the PLA’s more hawkish network warfare theorists, and its presence in an authoritative work such as the SMS suggests that more aggressive voices may be gaining ground in the PLA’s internal deliberations on network warfare strategy (See Dong Qingling and Dai Changzheng, “Deterrence in the Network Space: Is Retaliation Feasible?”). To put it simply, they believe that the old playground sports adage of “no blood, no foul” applies to network warfare, even if the attack in question has debilitating effects on civilian infrastructure, and in a conflict scenario they may advocate that the PLA chooses its targets accordingly.

Second, the authors of the SMS acknowledge that China’s civilian information technology (IT) industry functions as a core component of China’s overall power in cyberspace. Since the development of China’s network warfare capabilities relies heavily on human talent and the civilian IT industry is where the bulk of China’s IT talent is found, PLA analysts believe that civilian industry will continue to serve as an important source of technical talent and human capital for the PLA’s network warfare operations to a degree that is disproportionate to the PLA’s reliance on civilian industry in other realms of warfare. The authors also emphasize the fact that despite recent advances in Chinese IT, key state-of-the-art networking technologies are still advanced primarily in the West, and the bulk of the Internet’s core architecture is controlled by the United States and its allies. Thus, what the West views as the neutral “status quo” of the network domain is, to China, an intolerable “network hegemony” (????) imposed by the United States and others. Based on the increasing prominence of these sentiments within the PLA, the prediction one sometimes hears in the West—that China’s IT development will one day transform it into a “mature” partner interested primarily in cyberspace cooperation to preserve our “mutual” interests—appears likely be overly optimistic. The PLA’s stated intentions to mobilize its civilian IT industry as a component of national power in both peacetime and wartime must be accounted for in the calculus of determining whether any given Sino-U.S. information security cooperation is in the United States’ national interest.

“Salami-Slicing” in Cyberspace and Planning for Resilience in the Face of the Inevitable

The SMS authors also focus heavily on the central role of peacetime “network reconnaissance”—that is, the technical penetration and monitoring of an adversary’s networks—in developing the PLA’s ability to engage in wartime network operations. As the SMS puts it, since the technical principles underlying successful penetrations of an adversary’s systems are essentially the same whether the objective is reconnaissance or active disruption, at the appropriate moment “one need only press a button” to switch from reconnaissance to attack.

Despite this ambiguity of intent, since network reconnaissance is both non-destructive (at least initially) and widely engaged in by all nations for the purposes of espionage, the SMS authors believe it has been clearly demonstrated that the act of network reconnaissance alone is unlikely to lead to escalation or the outbreak of war. As a result, PLA strategists appear to have arrived at a strategic understanding of peacetime network operations similar to China’s “salami slicing” tactics for asserting control of disputed islands in the South China Sea: a pattern of taking actions during peacetime that incrementally put China into a superior tactical position should conflict ever break out but that, which while provocative and unwelcomed by China’s neighbors, are unlikely to lead to direct conflict in and of themselves. If conflict eventually does break out, China will be in a better position than they otherwise would; if it does not, they will have incrementally gained much of what they desire without a fight.

PLA analysts understand, however, that network reconnaissance is not by any means one-sided, and believe that just as they are actively attempting to penetrate the networks of their adversaries, the PLA’s networks are likely being repeatedly breached as well. Furthermore, they argue that since China’s “main strategic opponent” (their euphemistic way of referring to the United States) has superior network warfare capabilities, the strict balance of power in a network-domain conflict would not necessarily tilt in China’s favor. As a result, the SMS emphasizes that the PLA must plan for a future of network warfare in which its defenses will inevitably be breached, military networks will at times be taken down by hostile adversaries, and China’s modernized C4ISR systems cannot be fully relied upon. [2] Although they do call for a major effort to strengthen China’s network defenses, this is undertaken in the hope that those defenses will not catastrophically fail, without any expectation that they will fully withstand outside attacks.

For Western military analysts, this line of thinking should trigger particular attention and concern. With China preparing for conflict in the network domain under the assumption that from the outset their information networks will quickly be heavily degraded and only partially functional, there will be a strong incentive in a conflict for the PLA to push the envelope of what is globally considered legitimate in areas such as anti-satellite warfare. The intersection of U.S. technological reliance on space-based C4ISR systems with its distance from East Asia will multiply this incentive, as China will (all other things equal) be able to do “more with less” in its immediate backyard.

Much of the focus by Western analysts when examining China’s approach to anti-access/area-denial (A2/AD), also known as “counter-intervention,” has centered on the physical realm of warfare, including the use of precision-guided munitions reliant on C4ISR. However, as the insights contained in the newSMS demonstrate, this discussion is fundamentally incomplete if it does not take into account China’s evolving approach to network and information warfare. Rightly or wrongly, many Chinese analysts believe that the United States currently possesses what they term a “no satellites, no fight” military force, and in a major conflict scenario they appear increasingly likely to put that presumption to the test.

Notes

  1. Rather than mirroring the United States’ ‘cyber’ concept, PLA writing speaks at the broadest level of the ‘information domain’ and ‘information warfare,’ with network, electromagnetic, psychological, and intelligence warfare each taking place as distinct components of that broader concept. The PLA concept of “network warfare” is roughly analogous to the current United States cyber concept, though not always identical in its details.
  2. C4ISR stands for command, control, computers, communication, intelligence, reconnaissance and surveillance.

Joe McReynolds is a Research Analyst at Defense Group Inc.’s Center for Intelligence Research and Analysis. His research interests primarily center on China’s approach to computer network warfare and defense science & technology development. Mr. McReynolds has previously worked with the Council on Foreign Relations and the Pacific Council for International Policy, and is a graduate of Georgetown University’s School of Foreign Service and Graduate Security Studies programs. He speaks and reads Chinese and Japanese, and has lived and studied in Nagoya, Guilin and Beijing.

Fostering the Discussion on Securing the Seas.