February 23, 2013 | Issue Brief on National Security and Defense
After a multi-year investigation, the computer security firm Mandiant announced this week that it had tracked a cyber group back to its Chinese roots. Even more explosive, it had concluded that the group is, in fact, a Chinese military unit, the Second Bureau of the Third Department of the General Staff Department of the Chinese People’s Liberation Army (PLA), with the Military Unit Cover Designator 61398.
Mandiant’s report confirms what has long been suspected around the world: Not only are there Chinese engaging in various cyber espionage and hacking activities, but many are acting at the direction and with the approval of the Chinese government.
The PLA is organized along different lines than other militaries. Although the PLA has different services (including the PLA Navy, PLA Air Force, and the Second Artillery), it is mainly organized under four “General Departments,” which have responsibility across service lines:
Because of this different organizational approach, the PLA has likely concentrated its cyber assets into a handful of units and organizations, rather than the more dispersed, service-centric approach of the United States, which runs the risk of greater duplication of effort.
At the same time, certain functions that are managed by civilians in the U.S. are also part of the Chinese military. The GSD Third Department, for example, is the counterpart of the U.S. National Security Agency, monitoring communications, managing cryptography, and the like. But the American agency is a civilian one, whereas the Chinese entity is part of the military. Overall Chinese cyber efforts are therefore potentially more centrally directed; key targets and objectives may be attacked in a coordinated fashion from a variety of sources.
These targets, however, may not all be military or even oriented toward national security . Mandiant indicates that this organization has apparently engaged in corporate espionage. Unit 61398 reportedly collected information on such companies as Coca-Cola when the latter was attempting to purchase a Chinese beverage maker. In this regard, there is no parallel with the U.S., since American government agencies are not authorized to engage in industrial or financial espionage in order to support commercial entities.
Not surprisingly, the Chinese authorities have denied the charges, but the weight of evidence thus far provided by Mandiant appears to be overwhelming. As one American analyst observed, “Either they are coming from inside Unit 61398, or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
As important, such activities would seem to be consistent with PLA writings and statements regarding the nature of “information war” (xinxi zhan, 信息战) and “informationized warfare” (xinxihua zhanzheng, 信息化战争).
“Informationization” is the permeation of information technology into various aspects of a nation’s infrastructure and activities, including both the military and the broader society, to the point where it fundamentally alters that society’s nature. Informationized warfare is the military aspect of “information war,” marked by the broader struggle for “information dominance” (zhi xinxi quan, 制信息权, also translated as information superiority). This entails the ability to control information at times and places of one’s own choosing, both to enhance and support one’s own operations and to degrade an opponent’s. This, in turn, requires developing the capacity to affect the collection, management, direction, and assessment of information. It involves not only information systems but also influencing those who would use information—i.e., decision makers.
In the Chinese view, informationization means that information is no longer easily divisible into military and civilian. Similarly, information collection, and even potentially exploitation, is not necessarily restricted by “wartime” versus “peacetime.” As one Chinese volume observes, information war is ongoing, whether in wartime or peacetime, unceasingly. Because of the complex, intertwined nature of modern international politics and economics,
it is necessary in peacetime to undertake information warfare in the political, economic, technical, and military realms, as only then can one scientifically establish operational plans, appropriately calculate gains and losses in a conflict, appropriately control the level of attack, precisely strike predetermined targets, and seek the best strategic interest and long-term benefit.
This is echoed in other PLA writings, which emphasize that modern information technology blurs the lines between peacetime and wartime, between military and civilian, and among strategy, operations, and tactics. Rather than trying to delineate among these categories, the implication is that information is an integrated whole. In this light, it is not surprising that there should be a fairly unified Chinese organization tasked with information operations; that these would target a range of military, civilian, and commercial sites; or that such operations would be undertaken in peacetime.
The Chinese response to the controversy thus far has been one of “woxing, wosu” (我行我素): ignoring the American reaction. If American decision makers were expecting the Chinese to be ashamed of their actions, they are sadly mistaken (especially since the Chinese apparently view such actions as legitimate).
In order to make clear to Beijing that their actions are in fact illegitimate, there needs to be an extensive, integrated response. Just as Chinese cyber activities are not limited to the U.S. or solely targeted against military and national security systems, the response needs to be multilateral and comprehensive, involving not just all the elements of government but the private sector as well.
—Dean Cheng is Research Fellow in Chinese Political and Security Affairs in the Asian Studies Center at The Heritage Foundation.
Mandiant Corporation, “APT-1, Exposing One of China’s Cyber Espionage Units,” http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf (accessed February 22, 2013).
Charles Riley, “Report: Chinese Military Engaged in ‘Extensive Cyber Espionage Campaign,’” CNN, February 19, 2013, http://money.cnn.com/2013/02/19/technology/china-military-cybercrime/index.html (accessed February 22, 2013).
David Sanger, David Barboza, and Nicole Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking Against US,” The New York Times, February 18, 2013, http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all&_r=0 (accessed February 23, 2013).
Academy of Military Science Operations Theory and Regulations Research Bureau and Informationized Operations Theory Research Office, Informationized Operations Theory Study Guide (Beijing, China: Academy of Military Science Press, 2005), p. 27.
Ibid., p. 69.
Li Naiguo, New Theories of Information Warfare (Beijing, China: Academy of Military Sciences Press, 2004), p. 154.
Yuan Wenxian, The Science of Military Information (Beijing, China: National Defense University Press, 2008), pp. 77–79.
Nick Hopkins, “US and China Engage in Cyber Wargames,” The Guardian (U.K.), April 16, 2012, http://www.guardian.co.uk/technology/2012/apr/16/us-china-cyber-war-games (accessed February 22, 2013); and BBC, “China and US to Cooperate to Avoid Cyber Cold War,” May 8, 2012, http://www.bbc.co.uk/news/technology-17989560 (accessed February 22, 2013).