China's capacity for cyber-war

China's capacity for cyber-war
By Benjamin A Shobert

 

2012, 3.14, Asia Times

 

Since September 11, 2001, America's policymakers and politicians have found themselves looking with increasing ferocity at threats - whether real or imagined and regardless of country of origin - that could further handicap the country's economy or disrupt its ability to project power around the world. one of the increasingly rare moments of bipartisan agreement has been concern over the vulnerability of America's information-technology backbone that covers the country's military, as well as industrial, capacities. Chief among these concerns is the role of China as a potential threat to US interests in cyberspace.

The scenarios cyber-security specialists have pointed toward as possibilities are upsetting: hackers able to shut down the Federal Aviation Administration's flight computers, turn off the nation's power grid, or crash the its financial markets. Each of these plays off of long-held misgivings about the foundational role of technology in Americans' day-to-day lives.

 

These questions and concerns are even more troubling for the government and armed forces, whose reliance on similar technologies enables much of the nation's military to act with precision and velocity. Like many issues that are becoming increasingly problematic for Sino-US relations, questions and frustrations over China's cyber-security draw together concerns over the lack of transparency in Beijing's state-owned enterprises, US industrial policy, and the nexus linking China's economic, strategic and military objectives.

Consequently, it is no surprise that the congressional US-China Economic Security Review Commission (USCC) recently commissioned a report from Northrop Grumman on the matter. Released last week, the report is titled "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage", and it focuses on the development of China's cyber-warfare capabilities. Jeffrey Carr, one of the world's leading experts in this field and chief executive officer of Taia Global, a cyber-security consulting firm, commented that while the report did not necessarily add anything new regarding specific potential threats posed by China, it "still is a good summary of China's overall military buildup in the area of cyber-warfare".

Since the Chinese military leadership watched the US handily dismantle the Iraqi army in the 1990-91 Gulf War, the prevailing wisdom within the People's Liberation Army (PLA) has been to emphasize the role of asymmetric war if China and the United States were to engage in conflict with each other. Chief among China's asymmetric tactics is the role of cyber-war in disrupting key channels of communication upon which America's command and control operations rely.

As the Grumman report for the USCC suggests, one possible scenario where this would be appropriate is during a conflict over Taiwan. As only one example, the report notes that if the Chinese could redirect US air-refueling tankers away from where they are needed to refuel fighters and bombers, China could successfully delay a US attack.

The report points out that the US military software that runs and coordinates refueling capability is a "Web-based application that integrates data from multiple related databases supporting different aspects of the air-refueling mission". It goes on to state: "Disrupting the ability to coordinate air refueling has the potential to temporarily ground or delay the movement of fighters, strike aircraft, and valuable heavy airlift into the theater." The potential method by which the PLA would be able to accomplish this starts with something quite simple: the same sort of key logging malware consumers are warned about that a virus on their personal computer can install, allowing hackers to capture personal passwords.

Thinking calmly about these potential threats can be a challenge, especially in the politically loaded environment of Washington and its increasingly hostile views toward China. After all, China is not alone in having the capacity to use cyber-space as a weapon. As Carr points out, "The report focuses on the military threat of cyber-warfare, which is a no-brainer ... 33 nations including most Western states are standing up cyber-warfare components to their military forces." The bigger threat Carr is concerned about, which the USCC report also touches on, is the supply-chain risk inherent in China's increasingly dominant role as designer and manufacturer of most of the sub-components that drive modern telecommunication and computer networks.

To its credit, the report admits that the biggest threat to America's technology-infrastructure supply chain is what it calls criminal "profit-driven attempts to substitute authentic components with cheaply produced, unlicensed copies of branded products". However, the Grumman analysis for the USCC goes on to note that "governments and private firms alike are increasingly concerned about the potential for state-sponsored attempts to corrupt supply chains to gain access to sensitive networks and communications, or to create the ability to control or debilitate critical systems during a time of crisis by way of vulnerabilities engineered into the integrated circuits of essential network components".

Carr adds to this: "Everything that we outsource is at risk for foreign monitoring and collection. The less we manufacture domestically, the greater the threat for the capture of intellectual property, the rewriting of code, or sabotage in chip design." Proving whether backdoors in foreign-produced software or hardware exist is not practically feasible. According to Carr, this sort of testing is "too expensive and the success rate of finding such threats is marginal". Inevitably, this concern boils down to the increasingly loud debate in Washington over deep versus shallow globalization.

Deep globalization, the form of free trade empowered by a combination of monitoring and setting rules, was designed to build trust. As China and the United States came to work more with, and thereby trust, each other more, the sorts of problems the Grumman report touches on should have become less of a concern. But as Western economies have struggled and China has come to be seen more and more as both an ideological and strategic threat to America's world view, much of this trust has evaporated, leaving in its wake questions over whether a shallower approach toward globalization might have been the right approach. Simply said, has the US been too trusting of China?

China's actions during this period have not helped its case either. The country's hackers - whether with the implicit or explicit approval of the central government - have been prolific in their attacks on US business and non-military government agencies. In addition, Beijing has recently been found with its hand in the cookie jar on at least one key military program - the F-35 fighter. Carr points out that China's spying on the F-35 program will likely cause many American legislators to pull back support for the aircraft, largely over fear that Beijing may have stolen enough intellectual property to reduce the F-35's anticipated lifespan dramatically against potential future Chinese equivalent platforms.
Now, as policymakers bring China into focus as a potential threat to US power, it has become obvious that much of America's insecurity over these matters has to do with both Washington's discomfort over Beijing's trustworthiness and similar concerns over whether the United States should be pursuing a coordinated national industrial policy. The first concern is certainly the more obvious, because it brings to light questions over whether China can be trusted not only as a trading partner, but also as the fashionable and flexible "responsible stakeholder" standard has been applied.

The latter concern is more problematic and likely more corrosive, because at its core it asks the question of whether a lack of industrial policy from Washington may now have unwittingly created a national-security threat. During the 1990s, the conventional logic that guided American policymakers was that the United States could afford to turn its attention away from manufacturing toward service, technology and health care as the future drivers of economic prosperity. one obvious beneficiary of this pivot was East Asia in general and China specifically. The initial industries most expected to be affected - heavy manufacturing - certainly were; yet hit equally hard were higher-technology spaces like those that today provide much of America's telecommunication infrastructure.

What last week's Grumman report to the USCC draws out is that America's embrace of deep globalization may have paid too little attention not only to longer-term problems created once key components to a country's software and hardware manufacturing capabilities are turned over to another nation, but also to whether the decision to look past the key role manufacturing these components would play in a country's economy. In the midst of a time when America's economy was sound and the United States could afford to view China as less of a threat, both of these factors could be played down.

Yet in the face of what is a very real attempt by China to develop meaningful cyber-war capabilities and Beijing's preliminary success penetrating top-secret programs like the F-35, Washington now appears to be awake to the need to respond. By focusing attention on the supply-chain questions and matters of America's overall industrial strategy rather than fixating on China as a competitive military power bent on incapacitating US force, policymakers may have the ability to address both national-security matters and the country's need to pay greater attention to its economic planning without further destabilizing US-China relations.

Benjamin A Shobert is the managing director of Rubicon Strategy Group, a consulting firm specializing in strategy analysis for companies looking to enter emerging economies. He is the author of the upcoming book Blame China and can be followed at www.CrossTheRubiconBlog.com.

(Copyright 2012 Asia Times online (Holdings) Ltd. All rights reserved. Please contact us about sales, syndication and republishing.)