Countering the art of information warfare


Countering the art of information warfare

Oct 15, 2007 3 min read
Peter Brookes

Senior Research Fellow, Center for National Defense

Peter researches and develops Heritage’s policy on weapons of mass destruction and counter proliferation.

Now is the time to take heed of Chinese intrusions into government computer systems, urges Peter Brookes

While France, Germany, the UK and the US do not see eye to eye on everything, there is one thing they probably can agree on: the growing problem of Beijing's intrusions into their government computer systems.

Indeed, in the last few weeks, all four capitals have pointed an accusatory finger at Beijing for attempting to infiltrate - or having succeeded in penetrating - their diplomatic or defence establishment computer networks.

While snooping by the People's Liberation Army's (PLA) cyber-soldiers on unclassified government websites and e-mail might be expected, the recent rash of incidents shines a spotlight on a burgeoning game of Internet cat and mouse.

In the case of China, Beijing's increasing aggressiveness (indeed, ham-handedness) and capability to infiltrate the computer networks of key countries is setting off alarms across the security establishment - and rightfully so. Take the US: while modern warfare is increasingly dependent on advanced computers, no country's armed forces are more reliant in the Digital Age than those of the US. This is both a great strength and a damning weakness.

Today, the US Department of Defense uses more than 5 million computers on 100,000 networks at 1,500 sites in 65 countries worldwide. Not surprisingly, potential adversaries have taken note of the US's slavish dependence on bits and bytes.

In an average year, the Pentagon suffers upwards of 80,000 attempted computer network attacks, including some that have reduced the US military's operational capabilities.

Also, in the last few years, the US Army's elite 101st and 82nd Airborne Divisions and 4th Infantry Division have been "hacked".

While it is difficult to determine the source, according to the Pentagon, most attacks on the US digital Achilles' heel originate in China, making Beijing's information warfare (IW) operations an issue we had better pay close attention to.

IW, including network attacks, exploitation and defence, is not a new national security challenge. Cyberwarfare was the rage in the late 1990s, but has faded since 9/11 in comparison to the mammoth matters of Islamic terrorism, Iraq and Afghanistan.

IW appeals to both state and non-state actors, including terrorists, because it is low-cost, can be highly effective and can provide plausible deniability of responsibility due to the ability to route strikes through any number of surrogate servers along the way.

An IW attack can launch degrading viruses, crash networks, corrupt data, collect intelligence and spread misinformation, effectively interfering with command, control, communications, intelligence, navigation, logistics and operations.

Not surprisingly, rising power China is serious about cyberwarfare, making the development of a robust IW capability a top national-security priority. China's military planners recognise US - and others' - dependence on computers as a significant vulnerability.

The PLA has invested heavily in developing its cyberwarfare capabilities, including openly expressing a desire to develop information warfare expertise - and boasting of its growing sophistication in the field.

The PLA has incorporated cyberwarfare tactics into military exercises and created schools that specialise in IW. It is also hiring top computer-science graduates to develop its cyberwarfare capabilities and, literally, creating an 'army of hackers'.

Despite its unprecedented military buildup, the Chinese realise, for the moment, they still cannot win a conventional war against the US and are, naturally, seeking unorthodox - or asymmetric - ways to defeat the US in a conflict over Taiwan or elsewhere.

China is developing weapons, including the so-called 'assassin's mace' that will allow China to balance the US's military superiority by attacking 'soft spots' such as its high-value computer networks.

The idea that a less-capable foe can take on a militarily superior opponent also aligns with the thoughts of the ancient Chinese general, Sun Tzu. In his Art of War, he advocates stealth, deception and indirect attack to overcome a stronger opponent. Overlaying the still-influential Sun Tzu onto modern Chinese military thought could lead one to conclude the PLA believes a Chinese 'David' could, in fact, slay a US 'Goliath' using an asymmetrical military option such as cyberwarfare.

The PLA's US target list is expansive, including command, control, communications, computers and intelligence nodes, airbases and even aircraft carrier strike groups - China's bête noir in a Taiwan contingency.

Industrial espionage against government and private defence research, development and production concerns is also a priority for Chinese cyber-spies, cutting costs and time in support of Beijing's massive effort to develop a world-class defence industry.

Even more troubling, however, is the assertion among analysts that potential Chinese cyber-strikes are not limiting themselves to just diplomatic and security-related targets. Private-sector financial and economic institutions may also be on the PLA's hit list.

Nor is China limiting itself to the US, France, Germany and the UK. Beijing is looking for cyber-dominance over other key potential regional rivals such as Delhi, Moscow, Seoul, Tokyo and Taipei. Wellington also recently reported an incident.

China's IW efforts and activities provide a cautionary tale to US and other policymakers. Fortunately, many governments have devoted significant resources to cyber-security, including measures against terrorists and amateur hackers.

The recent Chinese intrusions, however, clearly demonstrate remaining vulnerabilities and IW is here and now, making it increasingly important - and complementary - to the broad spectrum of modern warfare.

A 'digital Pearl Harbor' for any country is by no means a certainty, but then again, no one believed that terrorists would fly aircraft into buildings. The time to take heed of the cyber threat - Chinese or otherwise - is now.

Peter Brookes is a Heritage Foundation senior fellow and former US deputy assistant secretary of defense.

First appeared in the Jane's Defense Weekly