Tag Archives: third offset

A Cyber-Information Operations Offset Strategy for Countering the Surge of Chinese Power Pt. 2

The following is a two-part series on how the U.S. might better utilize cyberspace and information operations as a Third Offset. Part I evaluated current offset proposals and explores the strategic context. Part II provides specific cyber/IO operations and lines of effort. Read Part One here.

By Jake Bebber

Targeting China’s ability to control information is an efficient means to offset Chinese power. To be effective, the United States should adopt a “whole of government” approach, leveraging cyberspace and other information related capabilities that can hold China’s domestic internet filtering, censorship, and information dissemination capabilities at risk. This campaign should operate across the entire spectrum of conflict and engagement, from public diplomacy and strategic communication, to battlespace preparation, limited conflict, and if de-escalation is unsuccessful, full-spectrum military operations. It will likely require coordination and administration at the highest civilian leadership level. This will be a long-term campaign aiming to counter China during the critical window in the next ten to twenty years when Chinese economic and military power will surge, and then subside as demographic factors limit its growth causing China to enter into a period of decline and inherently shifts its focus inward to to maintain stability.

The United States will have to address three broad issues: access, authorities, and capabilities. Internet access into China is restricted from the outside, and it is reasonable to assume that during a period of rising tensions or even conflict, traditional means of accessing China’s “red space” (civilian, military, and government networks) will not be available. The U.S. will need alternative avenues into Chinese networks, which may take the form of radio frequency injection into wireless networks (Bluetooth, WiFi and WiMAX)[i] to other methods targeting the physical and logical network layers and cyber-persona layers[ii] of cyberspace for preplacement of access.

Figure 1. The Three Layers of Cyberspace[iii]
The Three Layers of Cyberspace [iii].

The authority of the U.S. government to operate in cyberspace crosses boundaries and jurisdictions, and largely depends on the function of the agency or entity. Traditional military activities conducted by the Department of Defense are covered under Title 10 of U.S. Code, with the principal being the Secretary of Defense. Other titles supporting cyberspace operations include foreign intelligence collection (Title 50), domestic security (Title 6), law enforcement (Title 18) and government information technology security and acquisition (Title 40).[iv] These authorities will have to be aligned and deconflicted.

The capabilities required run the spectrum. They can include fully attributable on-net operations, such as a Foreign Service Officer participating in an online forum or social network to communicate U.S. policy, to the development of tools and malware that can degrade and disrupt command and control networks. Other possibilities include the distribution of encrypted personal communication devices and unattributable social media and organizing applications that permit dissident groups within China to maintain situational awareness.

There have been attempts to respond to China’s growing Internet censorship capabilities by those in the telecommunications industry and by the U.S. government. The Global Network Initiative was started in 2008 by industry, civic organizations, and universities to “promote best practices related to the conduct of U.S. companies in countries with poor Internet freedom records.” In 2011, the President issued the “International Strategy for Cyberspace.” Its goals include “enabling continued innovation for increasing economic activity, increasing individuals’ ability to communicate with one another, safeguarding freedom of expression, association, and other freedoms, and enhancing both individual privacy and national and international security.” The U.S. Department of State includes Internet freedom as a part of its global human rights agenda. In 2006, State formed the Global Internet Freedom Taskforce which later became the NetFreedom Taskforce, to coordinate State Department efforts monitoring Internet freedom. Both the State Department and U.S Agency for International Development have received funding for the development of Internet censorship circumvention technologies, training of non-government organizations and activists, media assistance, and leading international policy formulation on Internet freedom.[v]

The Broadcasting Board of Governors, which oversees the Voice of America (VOA) and Radio Free Asia (RFA) programs, also supports counter-censorship and circumvention software development and distribution. The VOA sends daily emails to “8 million Chinese citizens … with international and domestic news stories as well as information about how to use proxy servers.” The RFA has implemented the Freedom2Connect program to “research, develop, and deliver online tools for Internet users in China to securely browse online and send secure e-mail.”[vi]

While important, the current response by industry and government lacks both the senior policy coordination required of a grand strategy or adequate funding to keep up with China’s growing Internet monitoring and censorship capabilities. They do not fully leverage other assets and tools at America’s disposal. The U.S. can and should be doing much more to attack China’s critical vulnerabilities in information control.

Lines of Effort

Public Diplomacy – At the interagency level, the United States should continue pursuing bilateral, multilateral, and international agreements such as those mentioned above which promote freedom of information, expression and freedom from government oversight and censorship. The U.S. should also continue to strengthen international regimes against cybercrime and intellectual property theft. Internet norms and rules should be standardized across political boundaries where practical. This diplomatic effort ties into longstanding American policy of supporting freedom of speech and protection of universal human rights.

Economic Policy and Trade – Here again, longstanding American policy supporting property rights and free trade legitimize the continued advocacy of international agreements and accords promoting freedom in cyberspace. At the same time, the U.S. must tighten technology export controls to nations like China that continue to restrict access. In the event of industrial espionage or even cyber-attack, the U.S. can impose real economic costs and sanctions. The U.S. can also move on the Global Online Freedom Act, which would, among other things, prohibit U.S. companies from cooperating with foreign governments that engage in censorship or human rights abuses, require the U.S. Trade Representative to report on trade-related issues that arise out of a foreign government’s censorship policies, and impose export controls on telecommunications equipment that can be used to carry out censorship or surveillance.[vii] Some of these provisions can be waived when it suits American interests. In other areas, the U.S. can also promote public cybersecurity regimes, such as international risk insurance tools and accreditation that encourage network protection and hardening in the private sector.

Strategic Communication – In modern war, the actions of a single Soldier, Sailor, Airman or Marine can have a far-reaching impact on national strategy. While this is often used to highlight the potential implications of an untoward or controversial event, the reverse also holds true. The actions of every member of the U.S. government, from Foreign Service officer, embassy staff and humanitarian assistance officer to those of the military can have an equally positive impact if the appropriate messages are coordinated and timed to unfolding events. The United States should expand strategic communication tools such as Radio Free Asia and Voice of America. Using new capabilities in cyberspace and in personal communications, a comprehensive program of unbiased news delivery and strategic messaging to the Chinese public on a much larger scale can, over time, provide alternatives to Chinese government propaganda. Not to be forgotten, approximately two million Chinese visit the United States each year as tourists[viii], and around a quarter of a million Chinese students attend college in the U.S.[ix] Each visitor and student represents an opportunity for engagement.

Cyberspace Operations – Being able to deliver effects in and through cyberspace to China is a question of both access and capabilities. China has one of the most robust and sophisticated information control systems in the world, with multiple internal security and military organizations and tens of thousands of Chinese working daily to censor communications and filter access within China and between China and the world. Network penetrations and preplacement access generation needs to occur now, during peacetime, and continue throughout in order to assure capabilities can be delivered when needed. The fact is that when tensions escalate and China erects more firewalls, penetration becomes that much more difficult, if not impossible. This leaves military commanders and policy-makers little choice but to revert to traditional kinetic tools to dissuade Chinese aggression – exactly the scenario they hope to avoid – and plays to China’s strengths. Developing multiple access vectors now with the capability to hold at-risk, at a time and place of our choosing, information control systems in the long run represent an efficient means of directly attacking China’s most critical vulnerability and holding the Communist Party’s political control at risk. This represents an asymmetric counter to China’s growing A2/AD capabilities, and is a far more efficient and economical alternative.

bebber1
A snapshot image of cyber attacks. Source: Norse Corp.

Cyberspace operations reside on a continuum, sometimes offensive, sometimes defensive and sometimes both simultaneously. At the same time the U.S. is developing access vectors and tools to exploit China’s information control systems, it must also harden its own military, government, and civilian critical infrastructure networks. Research suggests that improving cyber defenses limit incentives to infiltrate networks for espionage, intellectual property theft, or cyber-attack. A resilience model should be adopted. Instead of building “cyber walls” using a traditional warfare model, cyber defense should model biological systems that can adapt and recover. Systems can be designed to turn the table on intrusions, misdirecting them down false alleys or “sinkholing” them in so-called “honeypots” for study. This can even be effective in passing back false information or simply causing the attacker to waste time and resources chasing phantoms.[x] On the offensive side of the continuum, experts like retired Army Lieutenant Colonel Timothy Thomas see the development and fielding of 13 offensive cyber warfare teams as significant. According to him, the Chinese “now know we are ready to go on the offense. There’s something that’s been put in place that I think is going to change their view.”[xi]

Clandestine Action – Due to the difficulties in acquiring and maintaining access in closed networks, the United States will have to undertake clandestine efforts, both in cyberspace and through traditional means. Policy makers should be careful, however, not to be lulled by the lure of technologically-based cyberspace operations as the preferable alternative to traditional human intelligence operations. While the U.S. is right to continue to pursue advances in unmanned vehicles, radio-frequency and electro-magnetic operations, and space-based computer and communication operations, obtaining and maintaining access  in many cases will require mixed-mode penetration: human and cyber action. Cultivating human sources to gain insight into leadership intentions, network configurations, and potential areas of exploitation remain a critical part of a broad information operations campaign. As China continues to pursue clandestine operations against the U.S., both to gather traditional intelligence and to enable their own cyberspace operations, our own counter-intelligence and cyberspace defense capabilities will become that much more important.

These lines of effort will have to be synchronized in a mutually supporting effort. Public diplomacy and strategic communication can be enabled in and through cyberspace. Clandestine action may be required to obtain and maintain access to critical networks. Economic incentives, technology export controls and sanctions will play critical roles at times to advance America’s interests to degrade or disrupt China’s information control systems.

It will be necessary to develop options which degrade China’s information control capabilities incrementally while preserving significant reserves. Historically, this has been especially tricky. Past experience, such as the Vietnam War, suggests that the incremental application of force with too fine of control tends to condition the adversary rather than compel the adversary. The U.S. will need to be able to send “warning shots” that indicate to the CCP that we possess capabilities that will cause them to lose control entirely and threaten their hold on power, allowing the U.S. to prevail. Of course, given that many cyberspace and IO capabilities are perishable once used, the U.S. will need to maintain a host of capabilities able to be delivered across multiple vectors and times and places of our choosing.

One must be mindful that while China’s information controls systems are a critical vulnerability, they are not a gateway to the overthrow of the CCP and the establishment of a democratic government, at least not right away. Data suggests that the vast majority of the Chinese public who utilize the Internet and social media are quite happy with the amount and variety of content available. Only about 10 percent use the Internet for political purposes with the remainder, like their American counterparts, using it for entertainment and socializing.[xii] Therefore, strategic messaging will have to be much less overt and subtler.

We should utilize the natural advantages the U.S. has in the entertainment and public relations world to encourage the public to put pressure on the government gradually, perhaps not directly in the political sphere but rather on natural fissures and tensions already resident, such as corruption, mismanagement, ethnic strife, uneven development, environmental degradation, and the growing wealth gap in China. Consider the recent effort by the U.S. Department of State to publicly highlight air quality in Beijing, resulting in embarrassment as well as change in China’s environmental policies.[xiii] Similar efforts, both public or through providing covert support to internal groups in China, would hopefully have similar impact. The goal will be to keep the CCP looking inward, concerned about social stability, rather than outward, projecting power.

To be successful, it will be necessary to understand at the highest level of detail possible not only the technical aspects of China’s information control apparatus but also its command, control and communication pathways, chain of command, and decision making calculus. Technical intelligence requirements would include network configuration pathways, router and server equipment models, operating and surveillance software versions, administrative controls, wireless hot points and air gaps and fiber network systems. The U.S. will need to know which agencies and bureaucracies are responsible for various kinds of surveillance and what their resident capabilities, gaps and scope of responsibility is. It would be helpful to identify key personalities and understand the resource competition between them in order to exploit them. We need to know how commands are passed down from leadership to operators, and if it is possible to deny, degrade, and in some way get in the middle of those communication pathways. We will also need to know the decision calculus of the Central Standing Committee. What will cause them to want to tighten control, or perhaps better yet, what might they simply ignore? This is certainly not an exhaustive list of intelligence requirements, but gives a sense of the kinds of information that a successful strategy will require.

China’s Response

In war, the enemy gets a vote, so policy makers and military commanders must carefully consider and “wargame” China’s response to a U.S. effort threatening its information control systems. By doing so, the U.S. can better prepare courses of action that counter potential Chinese responses. Traditionally, planners will break down adversary responses into two categories: most likely and most dangerous.

China’s responses are naturally shaped by their historic understanding of their place in the world, and especially the recent “Century of Humiliation” and the role that historical grievance plays in this understanding.[xiv] Attempting to shape the CCP’s ability to control information within China has a direct impact on the regime’s need to mobilize popular support in times of crisis or even war. The CCP has come to realize that “it cannot simply demand compliance and access to materials, people or facilities” as it probably once could during the days of Mao Zedong. The CCP and the PLA have undertaken “a systematic attempt to plan for mobilization, integrating it into economic development.”[xv] This planning includes “information mobilization” due to the “central role of information and information technology, especially in the context of informationized warfare.”[xvi] The various activities proposed here to attack critical vulnerabilities in China’s strategy should be viewed by policy-makers on a continuum of escalation. Public information campaigns highlighting air quality in Beijing will annoy the CCP in a much different way than denying China the ability to filter Internet content or threatening regime legitimacy.

March 22, 2013: Staff members of the newly-merged State General Administration of Press, Publication, Radio, Film and Television pose for group photos during a ceremony to hang the new nameplate in Beijing (Photo Credit: Xinhua/Wang Zhen).
March 22, 2013: Staff members of the newly-merged State General Administration of Press, Publication, Radio, Film and Television pose for group photos during a ceremony to hang a new nameplate in Beijing (Photo Credit: Xinhua/Wang Zhen).

China’s most likely course of action will be to continue to “plug the gaps” that any U.S. program creates in their information control system. This is a beneficial byproduct since the Chinese will continue to expend time and resources with an inward focus, possibly diverting some of its effort away from cyber espionage, or change its focus of cyber espionage from intellectual property theft to countering U.S. efforts. It will continue to partner with “like minded” regimes such as Russia, Iran, and Venezuela, perhaps targeting U.S. allies in Asia, Africa, and the Middle East, to advance an alternative international rule set and standard. China’s “Internet Agenda” will continue to focus on international recognition of state sovereignty over cyberspace, a global internet regulatory scheme that targets cybercrime and terrorism (with sufficiently vague definitions of “crime” and “terrorism” to allow for maximum latitude), and the legitimate role of the state to remain the “gatekeeper” to their country’s access to the internet.[xvii]

We can surmise what effect this strategy might have by examining world events and how the PRC responded when it felt threatened by internal pressures. For example, China has had a difficult relationship with some Muslim nations due to persecution of Uighurs in Xinjiang province. The recent decision by Thailand to repatriate nearly 100 Uighurs back to China was met with harsh criticism from the United Nations Refugee Agency and the international non-governmental organization Human Rights Watch. Reporting suggests that Beijing may have pressured Bangkok, and Chinese persecution has strained relations with Turkey, which has both ethnic and religious ties to the Uighurs in Xinjiang.[xviii] In September of 2014, Ilham Tohti, an economics professor and member of the CCP, was sentenced to life in prison  by a Xinjiang court for “inciting separatism” and inviting “international opprobrium,” according to Georgetown University professor James A. Millward.[xix]

China’s continued crackdown on Internet access appears to be having a direct impact on business and foreign investment, according to surveys conducted by the European Union Chamber of Commerce in China and the American Chamber of Commerce. Respondents noted that foreign firms feel “less welcome,” poor air quality makes it harder for firms to recruit executives, and that recent regulatory enforcement campaigns “target and hinder foreign companies.”[xx]

These two examples – internal repression, censorship and the impact on international relations and foreign investment – expose vulnerabilities in how China chooses to stem threats, which come at a cost to China. Therefore, we have insight into how proposed information activities which parallel previous events might look and the anticipated costs. A Cyberspace/IO Offset targeting China’s information control systems can be expected to result in more extreme or diverse efforts to clamp down on information and economic exchange, perhaps ratcheting up internal dissent or imposing economic costs as foreign investment slows.

Conclusion

By targeting China’s information control system, the United States can directly attack China’s most critical vulnerabilities and weaken its center of gravity, the Chinese Communist Party. By placing these controls at risk, PRC leadership will come to believe that their hold on power and ability to maintain domestic harmony is in jeopardy. This will permit the United States to effectively and efficiently counter Chinese power during a critical window of the next ten to twenty years, when demographic and economic headwinds will cause China to enter a period of decline.

A whole of government approach is often advocated but exceedingly difficult to execute in our federal system. The strategy will require careful coordination and long-term vision, two capabilities that Western democracies are notoriously deficient in. Due to the nature of the strategy, lines of effort and operations can become quickly compartmentalized in classified channels, which will make coordination that much more difficult. Importantly, much like the policy of containment against the Soviets, it will require buy in from across the political spectrum, also no easy task.

Ultimately, a Cyberspace-IO Offset permits the United States to leverage its unique advantages, both technological and historically ideological, to attack China’s critical vulnerabilities asymmetrically. Despite the challenge this strategy poses, the U.S. has shown historic resiliency and proven adaptability in the past, and the present is no different.

LT Robert “Jake” Bebber USN is a Cryptologic Warfare Officer assigned to United States Cyber Command. His previous assignments have included serving as an Information Operations officer in Afghanistan, Submarine Direct Support Officer and the Fleet Information Warfare Officer for the U.S. Seventh Fleet. He holds a Ph.D. in Public Policy from the University of Central Florida. His writing has appeared in Proceedings, Parameters, Orbis and elsewhere. He lives in Millersville, Maryland and is supported by his wife, Dana and their two sons, Vincent and Zachary. The views expressed here are his own and do not reflect those of the Department of Defense, Department of the Navy or U.S. Cyber Command. He welcomes your comments at jbebber@gmail.com.

[i] George K. Kostopoulos,  Cyberspace and Cybersecurity. (Boca Raton, FL: CRC Press, 2013).

[ii] Joint Publication 3-12 Cyberspace Operations defines the Physical Network Layer as “comprised of the geographic component and the physical network components. It is the medium where the data travel;” the Logical Network Layer as consisting of “those elements of the network that are related to one another in a way that is abstracted from the physical network, i.e., the form or relationships are not tied to an individual, specific path, or node;” and the Cyber-Persona Layer as “the people actually on the network. Cyber-personas may relate fairly directly to an actual person or entity, incorporating some biographical or corporate data, e-mail and IP address(es), Web pages, phone numbers, etc. However, one individual may have multiple cyber-persona, which may vary in the degree to which they are factually accurate. A single cyber-persona can have multiple users.”

[iii] Joint Chiefs of Staff. Joint Publication 3-12 (R): Cyberspace Operations. (Washington, D.C.: Department of Defense, 2013).

[iv] Joint Chiefs of Staff. Joint Publication 3-12(R): Cyberspace Operations.

[v] Thomas Lum, Patricia Moloney Figliona, and Matthew C. Weed. China, Internet Freedom, and U.S. Policy.

[vi] Ibid.

[vii] Ibid.

[viii] Chen Weihua. “2.1 Million Chinese to Visit US This Year.” China Daily USA, May 23, 2014, accessed December 24, 2014. http://usa.chinadaily.com.cn/us/2014-05/23/content_17538066.htm

[ix] Institute of International Education. “Top 25 Places of Origin of International Students, 2011/12-2012/13.” Open Doors Report on International Educational Exchange. 2013.

[x] P.W. Singer and Allen Friedman. “Cult of the Cyber Offensive.” Foreign Policy. January 15, 2014, accessed Demcember 24, 2014. http://foreignpolicy.com/2014/01/15/cult-of-the-cyber-offensive/

[xi] David Fieth. “Timothy Thomas: Why China Is Reading Your Email.” The Wall Street Journal. March 29, 2013, accessed September 24, 2015 . http://www.wsj.com/articles/SB10001424127887323419104578376042379430724

[xii] Thomas Lum, Patricia Moloney Figliona, and Matthew C. Weed. China, Internet Freedom, and U.S. Policy.

[xiii] David Roberts. “How the U.S. Embassy Tweeted to Clear Beijing’s Air.” Wired, March 6, 2015, accessed April 2, 2016. http://www.wired.com/2015/03/opinion-us-embassy-beijing-tweeted-clear-air/

[xiv] Zheng Wang. In China, History is a Religion. The Diplomat, June 16, 2014, accessed April 2, 2016. http://thediplomat.com/2014/06/in-china-history-is-a-religion/

[xv] Dean Cheng, Converting the Potential to the Actual: Chinese Mobilization Policies and Planning, in The People’s Liberation Army and Contingency Planning in China, Ed by Andrew Scobell, Arthur S. Ding, Phillip C. Saunders and Scott W. Arnold (National Defense University Press: Washington DC, 2015). P. 130-131.

[xvi] Dean Cheng, Converting the Potential to the Actual. p 111.

[xvii] John Jamison. “China’s Internet Agency.” The Diplomat, December 23, 2014, accessed December 28, 2014. http://thediplomat.com/2014/12/chinas-internet-agenda/

[xviii] Oliver Holmes. “Thailand forcibly sends nearly 100 Uighur Muslims back to China.” The Guardian, July 9, 2015, accessed September 24, 2015.. http://www.theguardian.com/world/2015/jul/09/thailand-forcibly-sends-nearly-100-uighur-muslims-back-to-china

[xix] James A. Millward.“China’s Fruitless Repression of the Uighurs.” The New York Times. September 28, 2014, accessed September 24, 2015.. http://www.nytimes.com/2014/09/29/opinion/chinas-fruitless-repression-of-the-uighurs.html

[xx] Calum MacLeod. “Foreign firms in China gripe about Internet, pollution.” USA Today, February 12, 2015, accessed Septmeber 24, 2015.http://www.usatoday.com/story/money/2015/02/12/china-internet-curbs-hurt-us-business/23283491/

A Cyber-Information Operations Offset Strategy for Countering the Surge of Chinese Power

The following is a two-part series on how the U.S. might better utilize cyberspace and information operations as a Third Offset. Part I will evaluate current offset proposals and explores the strategic context. Part II will provide specific cyber/IO operations and lines of effort.

By Jake Bebber 

“It is better by noble boldness to run the risk of being subject to half of the evils we anticipate than to remain in cowardly listlessness for fear of what might happen.”

-Herodotus, The Histories

Introduction

In 2014, then Secretary of Defense Hagel established the Defense Innovation Initiative, better known as the Third Offset, which is charged with recommending ways to sustain American military superiority in the face of growing capabilities fielded by powers such as Russia and China.[i] The purpose of the Third Offset is to “pursue innovative ways to sustain and advance our military superiority” and to “find new and creative ways to sustain, and in some cases expand, our advantages even as we deal with more limited resources.” He pointed to recent historical challenges posed by the Soviets in the 1970’s which led to the development of “networked precision strike, stealth and surveillance for conventional forces.” Centrally-controlled, inefficient Soviet industries could not match the U.S. technological advantage, and their efforts to do so weakened the Soviet economy, contributing to its collapse.

Today, China represents the most significant long-term threat to America and will be the focus here. A number of leading organizations, both within and outside government, have put forward recommendations for a Third Offset. However, these strategies have sought to maintain or widen perceived U.S. advantages in military capabilities rather than target China’s critical vulnerabilities. More importantly, these strategies are predicated on merely affecting China’s decision calculus on whether to use force to achieve its strategic aims – i.e., centered around avoiding war between the U.S. and China. This misunderstands China’s approach and strategy. China seeks to win without fighting, so the real danger is not that America will find itself in a war with China, but that America will find itself the loser without a shot being fired. This paper proposes a Cyberspace-IO Offset strategy directly attacking China’s critical vulnerability: its domestic information control system. By challenging and ultimately holding at risk China’s information control infrastructure, the U.S. can effectively offset China’s advantages and preserve America’s status as the regional security guarantor in Asia.

All effective strategies target the adversary’s center of gravity (COG), or basis of power. “Offset strategies” are those options that are especially efficient because they target an adversary’s critical vulnerabilities, while building on U.S. strengths, to “offset” the opponent’s advantages. Ideally, such strategies are difficult for an adversary to counter because they are constrained by their political system and economy. Today, China’s COG is the Chinese Communist Party (CCP). The stability of this system depends greatly on the ability of the Chinese regime to control information both within China, and between China and the outside. Without this control, opposition groups, minority groups, and factions within the CCP itself could organize more effectively and would have greater situational awareness for taking action. Thus, information control is potentially a critical Chinese vulnerability. If the United States can target the ability of the Chinese regime to control information, it could gain an efficient means to offset Chinese power. This offset strategy, using cyberspace and other information operations (IO) capabilities, should aim to counter China during the critical window in the next ten to twenty years when Chinese economic and military power will surge, and then subside as demographic, economic and social factors limit its growth.

Targeting the CCP’s ability to control information can be considered a long-term IO campaign with options to operate across the spectrum of conflict: peacetime diplomacy and battlespace preparation; limited conflict; and, if deterrence fails, full-scale military operations. The goal is to ensure that PRC leaders believe that, as conflict escalates, they will increasingly lose their ability to control information within China and from outside, in part because the U.S. would be prepared to use more drastic measures to impede it.

This strategy is most efficient because it serves as an organizing concept for cyber options targeted against China that would otherwise be developed piecemeal. It could serve as a means to prioritize research and development, and better link military planning for cyberspace operations to public diplomacy, strategic communication, and economic policy initiatives. The nature of cyberspace operations makes it difficult to attribute actions back to the United States with certainty, unless we wish it to be known that the U.S. is conducting this activity. Finally, it provides an alternative array of responses that policy makers can use to offset growing Chinese power without immediate direct military confrontation.

Demographic, economic and social factors will combine to create a ceiling on Chinese power, ultimately causing it to enter a period of decline much sooner than it expects.[ii] These factors will stress the Communist Party’s ability to exclude economic, social and political participation of dissenters, and create further reliance by the Party on information control systems.

The Strategic Environment

The United States is a status quo power. It seeks to retain its position of dominance while realizing that relative to other powers, its position may rise or fall given the circumstances. It supports the post-World War II international order – a mix of international legal and liberal economic arrangements that promote free trade and the resolution of disputes through international organizations or diplomatic engagement when possible. The United States recognizes the growth of China, and that it will soon achieve “great power” status, if not already. It is most advantageous to the United States if the “rise” (or more correctly, return to great power status) of China occurs peacefully, and within the already established framework of international rules, norms, and standards.

There are two important considerations. First is the “singularity” of China with respect to its self-understanding and its role in the world. China views the last two centuries – a time when China was weak internally and under influence from foreign powers – as an aberration in the natural world order. Most Chinese consider their several thousand year history as the story of China occupying the center of the world with “a host of lesser states that imbibed Chinese culture and paid tribute to China’s greatness …” This is the natural order of things. In the West, it was common to refer to China as a “rising power,” but again, this misreads China’s history. China was almost always the dominant power in the Asia-Pacific, punctuated by short periods of turmoil. It just so happened that the birth and growth of the United States took place during one of those periods of Chinese weakness.[iii]

The strategic approach of China is markedly different, based on its concept of shi, or the “strategic configuration of power.” The Chinese “way of war” sees little difference in diplomacy, economics and trade, psychological warfare (or in today’s understanding, “information warfare”) and violent military confrontation. To paraphrase the well-known saying, the acme of strategy is to preserve and protect the vital interests of the state without having to resort to direct conflict while still achieving your strategic purpose. The goal is to build up such a dominant political and psychological position that the outcome becomes a foregone conclusion. This is in contrast to Western thought which emphasizes superior power at a decisive point.[iv]

To the American leadership, the “most dangerous” outcome of a competition with China would seem to be one that leads to war; hence the near-desperate desire to not undertake any action which might lead China down that path. Yet a better understanding of China suggests that it believes it can (and is) achieving its strategic purpose without having to resort to force. Its military buildup, use of economic trade agreements, diplomacy, and domestic social stability are creating the very political and psychological conditions where the use of force becomes unnecessary. China is quite content to remain in “Phase 0” with the United States, because it  believes it is winning there. Thus, the question for America is not “How do we maintain the status quo in Phase 0?” but “How do we win in Phase 0?” The most dangerous course of action is not war with China, but losing to China without a shot being fired.

cyber 2
Figure 1. In 2015, China reorganized the PLA and created a new Cyber Warfare branch under its Strategic Support Force.

Current Offset Proposals

In response to the call for proposals, a number of initiatives and programs have been put forward by both the Department of Defense and leading national security think tanks. The underlying assumption of most of these proposals is that the United States has lost or is quickly losing its “first mover” advantage – such as that offered by the shift from unguided to guided munitions delivered from a position of stealth or sanctuary. In this regard, China represents a “pacing threat,” leading the way in developing its own guided weapons regime and the ability to deliver them asymmetrically against the United States.[v] In order to regain America’s military advantage, most recommendations follow along these lines:

  • Development and procurement of new platforms and technologies that leverage current perceived technological advantages over China in such areas as:
    • Unmanned autonomous systems;
    • Undersea warfare;
    • Extended-range and low-observable air operations;
    • Directed energy; and
    • Improved power systems and storage.
  • New approaches to forward basing, including hardening of infrastructure (both physical and communication networks), the use of denial and deception techniques and active defense;
  • Countering China’s threats to U.S. space-based surveillance and command and control systems;
  • Assisting allies and friends in the development of or exporting of new technologies that impose smaller-scale anti-access and area denial (A2/AD) costs on China; and
  • Reconstitute and reinvigorate Department of Defense “iterative, carefully adjudicated tabletop exercises and model-based campaign assessments.”[vi]

These approaches[vii] may have much to offer and are commendable, however they suffer from a glaring weakness: none target China’s center of gravity or critical vulnerabilities. They seek to leverage capabilities where the United States appears to enjoy an advantage, such as undersea warfare. For example, while it may be true that the People’s Liberation Army-Navy (PLAN) is not as proficient as the U.S. Navy (or some allies) in the undersea domain, it is also true that the Chinese regime is investing heavily to “close the gap” in these and other capabilities or is developing asymmetric alternatives. The United States will face a diminishing marginal utility as it attempts to maintain or widen the gap, especially in an era when China’s cyberspace-enabled information exploitation capabilities are extremely robust, and capable of transferring intellectual property back to China on a scale unimaginable in the Cold War.

More fundamentally, the offsets proposed are not guided by an overarching grand strategy that utilizes all elements of national power attacking key weaknesses and critical vulnerabilities in the Chinese regime, much in the same way that the Reagan Administration was able to do against the Soviets. Reagan’s policy and strategy represented a “sharp break from his predecessors,” eschewing containment in favor of attacking “the domestic sources of Soviet foreign behavior.”[viii] By recognizing the inherent weakness of the Soviet economic system, the new policy sought to leverage national military, political and economic tools to press the American advantage home, causing the Soviet system to collapse. This is not to suggest that the Chinese economic system suffers from the same malaise as their Soviet brethren did. Despite growing demographic, social and economic headwinds, it is unlikely that the United States can “bankrupt” the Chinese. However, China does have acute vulnerabilities – vulnerabilities which align with unique American advantages.

China’s Center of Gravity and Critical Vulnerabilities

None of the proposed previously mentioned offset lines of effort attempt to identify or target China’s COG. The center of gravity is defined by Milan Vego is “a source of massed strength – physical or moral – or a source of leverage whose serious degradation, dislocation, neutralization, or destruction would have the most decisive impact on the enemy’s or one’s own ability to accomplish a given political/military objective.”[ix] Joint military doctrine defines it as “The source of power that provides moral or physical strength, freedom of action, or will to act.”[x] The center of gravity concept is important to offset strategies because it enhances “the chance that one’s sources of power are used in the quickest and most effective way for accomplishing a given political/military objective.” It is the essence of “the proper application of the principles of objective, mass and economy of effort.”[xi]

Using an analytic construct designed by Vego, we note that any military situation encompasses a large number of both “physical and so-called abstract military and nonmilitary elements.” These are the “critical factors” that require attention and are deemed essential to the accomplishment of the objective, both of the adversary and ourselves. Not surprisingly, these factors encompass both critical strengths and critical weaknesses – both of which are essential. Critical vulnerabilities are “those elements of one’s military or nonmilitary sources of power open to enemy attack, control, leverage, or exploitation.” By attacking critical vulnerabilities, we ultimately attack the enemy center of gravity.[xii] The figure below shows notionally how China’s information control systems are a critical vulnerability (note that it is not all-encompassing).

Figure 2. Notional Center of Gravity Analysis[xiii].
Figure 2. Notional Center of Gravity Analysis[xiii].
According to Vego, it is generally agreed that for most authoritarian/totalitarian regimes, the dictator, central governing party or leadership committee is the strategic center of gravity. In the case of China, the CCP is the sole governing political party. The top leadership of the CCP is the Politburo Standing Committee (or Central Standing Committee), currently made up of seven members and led by General Secretary Xi Jinping. A number of factors permit the continued rule of the CCP, including a massive domestic security apparatus and the world’s largest military, a growing standard of living and state control over media and information available to its people. In many ways, the Chinese leadership have already conducted their own vulnerability analysis and concluded that the free flow of information represents the biggest threat to their power – we can see this in both their words and deeds. China spends more on domestic security than on its own military. The last officially reported figures from the PRC in 2013 show the military budget was approximately 740.6 billion yuan ($119 billion) while domestic security received 769.1 billion yuan ($121 billion).[xiv] Beginning in 2014, the PRC stopped reporting on domestic security spending.[xv] In 2015, the PRC announced an 11 percent increase in “public security” spending to 154.2 billion yuan, or $24.6 billion. However, the total amount spent on domestic security remains unreported, and is certainly much higher, since regional and provincial figures are not provided. The reported military spending was 886.9 billion yuan, approximately $139 billion.[xvi] Fourteen separate state ministries are charged with domestic censorship responsibilities, everything from traditional press and broadcast media to text messages on cell phones.[xvii] A form of self-censorship has been institutionalized with Chinese internet companies being required to sign a “Public Pledge on Self-Regulation and Professional Ethics for China Internet Industry.”[xviii] In short, China has already shown what it fears most and where it is most vulnerable – it has performed its own “COG analysis” and has identified information control as a critical requirement to maintain CCP dominance.

cyber 3
Figure 3. In 2015, the U.S. and China met to discuss recent cyberspace issues.

A Cyberspace – IO Strategy

China’s regime identifies the free flow of information as an existential threat, and has erected a massive bureaucratic complex to censor and restrict free access to the nearly 618 million (and growing) Chinese internet uses (and 270 million social network users).[xix] However, the very nature of the Internet as a networked system makes censorship and restricted access difficult to maintain. As has been shown, China’s information control systems represent a critical vulnerability to their center of gravity. China’s network security is managed by a fragmented, disjointed system of “frequently overlapping and conflicting administrative bodies and managing organizations.”[xx]

China’s cyberspace operations and strategy are driven primarily by domestic concerns, with its central imperative being the preservation of Communist Party rule. Domestic security, economic growth and modernization, territorial integrity and the potential use of cyberspace for military operations define China’s understanding. Even its diplomatic and international policies are built around giving China maneuvering room to interpret international norms, rules and standards to serve domestic needs, principally through the primacy of state sovereignty. This creates a natural tension, as China must seek to balance economic growth and globalization with maintaining the Party’s firm grip on power. Not only is Internet usage controlled and censored, but it is also a tool for state propaganda.[xxi]

Chinese authorities use a number of techniques to control the flow of information. All internet traffic from the outside world must pass through one of three large computer centers in Beijing, Shanghai and Guangzhou – the so-called “Great Firewall of China.” Inbound traffic can be intercepted and compared to a regularly updated list of forbidden keywords and websites and the data blocked.[xxii] Common censorship tactics[xxiii] include:

  • Blocking access to specific Internet Protocol (IP) addresses;
  • Domain Name System (DNS) filtering and redirection, preventing the DNS from resolving or returning an incorrect IP address;
  • Uniform Resource Locator (URL) filtering, scanning the targeted website for keywords and blocking the site, regardless of the domain name;
  • Packet filtering, which terminates Transmission Control Protocol (TCP) transmission when a certain number of censored keywords are detected. This is especially useful against search engine requests.
  • “Man-in-the-Middle” attack, allowing a censor to monitor, alter or inject data into a communication channel;
  • TCP connection reset, disrupting the communication data link between two points;
  • Blocking of Virtual Private Network (VPN) connections; and
  • Network Enumeration, which initiates an unsolicited connection to computers (usually in the United States) for the purpose of blocking IP addresses. This is usually targeted against secure network systems or anonymity networks like “Tor.”

cyber 4
Figure 4. Simplified Chinese Firewall Topology[xxiv].
China also heavily regulates and monitors Internet service providers, Internet cafes, and university bulletin board systems. It requires registration of websites and blogs, and has conducted a number of high profile arrests and crackdowns on both dissidents and Internet service providers. This “selective targeting” has created an “undercurrent of fear and promoted self-censorship.” The government employs thousands who monitor and censor Internet activity as well as promote CCP propaganda.[xxv]

China’s information control regime is vulnerable on a number of levels to a coordinated strategy that seeks to hold it at risk. From a technical standpoint, the distributed nature of the internet makes it inherently vulnerable, the “Great Firewall” notwithstanding. The techniques used to filter and block content have a number of workarounds available to the average person. For example, IP addresses that have been blocked may be accessed utilizing a proxy server – an intermediary server that allows the user to bypass computer filters. DNS filtering and redirection can be overcome by modifying the Host file or directly typing in the IP address (64.233.160.99) instead of the domain name (www.google.com). These are simple examples that a novice government censor can easily outwit, but the point remains.

China has long been rightfully accused of being a state-sponsor of cybercrime and theft of intellectual property. One negative consequence of this from China’s perspective is the high level of cybercrime within China “due in large part to rampant use and distribution of pirated technology” which creates vulnerabilities. It is estimated that 54.9 percent of computers in China are infected with viruses, and that 1,367 out of 2,714 government portals examined in 2013 “reported security loopholes.”[xxvi] China’s networks themselves, by virtue of their size and scope, represent a gaping vulnerability.

At the same time, China’s information control bureaucracy is especially unwieldy. This is an ideal target to exploit the seams and gaps both horizontally and vertically in their notoriously byzantine structure. The fourteen agencies that conduct internet monitoring and censorship operations must all compete for resources and the attention of policy makers, leading to organizational conflict and competition. Any strategy should exploit these fissures, complicating China’s ability to control information.

Part 2 will outline several lines of effort the U.S. might pursue to attack China’s critical vulnerabilities in its information control system. It will advance the notion that the full range of American power – overt, covert, diplomatic, economic, information and military – must be coordinated and managed at the national level to wage a successful information operations campaign. Based on America’s past success, the future may be brighter than it first appears. Read Part 2 here.

LT Robert “Jake” Bebber USN is a Cryptologic Warfare Officer assigned to United States Cyber Command. His previous assignments have included serving as an Information Operations officer in Afghanistan, Submarine Direct Support Officer and the Fleet Information Warfare Officer for the U.S. Seventh Fleet. He holds a Ph.D. in Public Policy from the University of Central Florida. His writing has appeared in Proceedings, Parameters, Orbis and elsewhere. He lives in Millersville, Maryland and is supported by his wife, Dana and their two sons, Vincent and Zachary. The views expressed here are his own and do not reflect those of the Department of Defense, Department of the Navy or U.S. Cyber Command. He welcomes your comments at jbebber@gmail.com.

[i] Charles Hagel. “The Defense Innovation Initiative .” Memorandum for Deputy Secretary of Defense. Washington, D.C.: Department of Defense, November 15, 2014.

[ii] Robert Bebber. “Countersurge: A Better Understanding of the Rise of China and the Goals of U.S. Policy in East Asia.” Orbis 59 no. 1 (2015): 49-61.

[iii] Kissinger, Henry. On China. (New York, NY: Penguin Books, 2012).

[iv] David Lai. “Learning from the Stones: A Go Approach to Mastering China’s Strategic Concept, Shi.” U.S. Army War College Strategic Studies Institute. May 1, 2004, accessed Decmeber 26, 2014. http://www.strategicstudiesinstitute.army.mil/pubs/display.cfm?pubID=378

[v] Shawn W. Brimley. “The Third Offset Strategy: Security America’s Military-Technical Advantage.” Testimony Before the House Armed Services Committee Subcommittee on Seapower and Projection Forces. Washington, D.C., December 2, 2014.

[vi] David.Ochmanek. “The Role of Maritime and Air Power in the DoD’s Third Offset Strategy.” Testimoney Before the House Armed Services Committee Subcommittee on Seapower and Projection Forces. Washington, D.C., December 2, 2014.

[vii] This list is certainly not exhaustive. For a more thorough review of the ones mentioned, see:. Brimley, Shawn W. “The Third Offset Strategy: Security America’s Military-Technical Advantage.” Testimony Before the House Armed Services Committee Subcommittee on Seapower and Projection Forces. Washington, D.C., December 2, 2014. Martinage, Robert. “Statement Before the House Armed Services Subcommittee on Seapower and Projection Forces on the Role of Maritime and Air Power in DoD’s Third Offset Strategy.” Testimony Before the House Armed Services Committee Subcommittee on Seapower and Projection Forces. Washington, D.C., December 2, 2014. Ochmanek, David. “The Role of Maritime and Air Power in the DoD’s Third Offset Strategy.” Testimoney Before the House Armed Services Committee Subcommittee on Seapower and Projection Forces. Washington, D.C., December 2, 2014.

[viii] Thomas G. Mahnken.”The Reagan Administration’s Strategy Toward the Soviet Union.” In Successful Strategies: Triumphing in War and Peace from Antiquity to the Present, by Williamson Murray and Richard Hart Sinnreich. Cambridge: Cambridge University Press, 2014.

[ix] Milan N. Vego. Joint Operational Warfare – Theory and Practice. (Newport, RI: Government Printing Office, 2007) VII-13-29.

[x] Joint Chiefs of Staff. Joint Publication 5-0: Joint Operational Planning. (Washington, D.C.: Department of Defense, 2011).

[xi] Vego, Joint Operational Warfare – Theory and Practice, VII-15

[xii] Ibid, VII-15.

[xiii] Joint Publication 5.0 defines Critical Capability as “A means that is considered a crucial enabler for a center of gravity to function as such and is essential to the accomplishment of the specified or assumed objective(s);” Critical Requirement as “An essential condition, resource, and means for a critical capability to be fully operational;” and Critical Vulnerability as “An aspect of a critical requirement which is deficient or vulnerable to direct or indirect  attack that will create decisive or significant effects.”

[xiv] Ben Blanchard and John Ruwich. “China Hikes Defense Budget, To Spend More on Internal Security.” Reuters, March 5, 2013, accessed December 23, 2014.http://www.reuters.com/article/2013/03/05/us-china-parliament-defence-idUSBRE92403620130305  

[xv] Michael Martina. “China Withholds Full Domestic Security-Spending Figure.” Reuters, March 4, 2014, accessed September 25, 2015.  http://www.reuters.com/article/2014/03/05/us-china-parliament-security-idUSBREA240B720140305

[xvi] Ting Shi and Keith Zhai. “China To Boost Security Spending as Xi Fights Dissent, Terrorism.” Bloomberg News, March 5, 2015 accessed September 25, 2015. http://www.bloomberg.com/news/articles/2015-03-05/china-to-boost-security-spending-as-xi-fights-dissent-terrorism

[xvii] Michael Wines, Sharon LaFraniere, and Jonathan Ansfield. “China’s Censors Tackle and Trip Over the Internet.” The New York Times, April 7, 2010, accessed December 23, 2014.http://www.nytimes.com/2010/04/08/world/asia/08censor.html

[xviii] Biena Xu. Media Censorship in China. February 2014, accessed December 23, 2014. http://www.cfr.org/china/media-censorship-china/p11515

[xix] Ibid..

[xx] Amy Chang. Warring State: China’s Cybersecurity Strategy. (Washginton, D.C.: Center for a New American Security, 2014) 12.

[xxi] Rebecca MacKinnon. “Flatter World and Thicker Walls? Blogs, Censorship and Civic Discourse in China.” Public Choice 134 (2008): 31-46.

[xxii] Michael Wines, Sharon LaFraniere, and Jonathan Ansfield. “China’s Censors Tackle and Trip Over the Internet.”

[xxiii] Jonathan Zittrain, and Benjamin Edelman. “Empirical Analysis of Internet Filtering in China.” Harvard Law School Berkman Center for Internet and Society. March 20, 2003, accessed December 23, 2014. http://cyber.law.harvard.edu/filtering/china/

[xxiv] Available at: https://news.ycombinator.com/item?id=4931595

[xxv] Thomas Lum, Patricia Moloney Figliona, and Matthew C. Weed. China, Internet Freedom, and U.S. Policy. Report for Congress, (Washington, D.C.: Congressional Research Service, 2013).

[xxvi] Amy Chang. Warring State: China’s Cybersecurity Strategy. 15. 

Sea Control 81 – Third Offset and Human Offset

seacontrol2ADM John Harvey, USN (ret), joins us to discuss the Third Offset and the “Human Offset.” Third Offset is Defense Undersecretary Robert Work’s strategy to embraces the US technological advantage, pushing the throttle to the max through a suite of development efforts. However, ADM Harvey worries that this technological emphasis will pull attention from other foundational areas – like talent management and development – as well as what he sees as a dedication of our resources into dominance less-achievable in our globalized civilian-led tech economy.

DOWNLOAD: Third Offset and Human Offset