Tuesday, May 07, 2013

Cyber Aspects of the Pentagon's new China report (A2/AD, CNE)

This week the Pentagon released their Annual Report to Congress, Military and Security Developments Involving the People's Republic of China 2013. While the 83-page report details all aspects of military and security, our readership will of course be most interested in the Cyber aspects. For their convenience I've just copied the portions most relevant to that target audience.

Starting at the beginning, "China's leaders in 2012 sustained investment in [missiles and counter-space weapons] and military cyberspace capabilities that appear designed to enable anti-access/area-denial (A2/AD) misisons (what PLA strategists refer to as "counter-intervention operations").

(For more on A2/AD, please see this excellent Q&A on the topic from the Center for Strategic and International Studies (CSIS), The Emerging Anti-Access Area-Denial Challenge.) Chapter 3 of the report, "Force Modernization Goals and Trends," mentions that "Beijing is investing in military programs and weapons designed to improve extended-range power projection and operations in emerging domains such as cyber, space, and electronic warfare.

Anti-Access/Area Denial (A2/AD)

(Begin Quote) As part of its planning for military contingencies, China continues to develop measures to deter or counter third-party intervention, particularly by the United States. China's approach to dealing with this challenge is manifested in a sustained effort to develop the capability to attack, at long ranges, military forces that might deploy or operate within the western Pacific, which the DoD characterizes as "anti-access" and "area denial" (A2/AD) capabilities. China is pursuing a variety of air, sea, undersea, space and counter-space, information warfare systems and operational concepts to achieve this capability, moving toward an array of overlapping, multilayered offensive capabilities extending from China's coast into the western Pacific. China's 2008 Defense White Paper asserts, for example, that one of the priorities for the development of China's armed forces is to "increase the country's capabilities to maintain maritime, space, and electromagnetic space security."

An essential element, if not a fundamental prerequisite, of China's emerging A2/AD regime is the ability to control and dominate the information spectrum in all dimensions of the modern battlespace. PLA authors often cite the need in modern warfare to control information, sometimes termed "information blockade" or "informaiton dominance," and to seize the initiative and gain an information advantage in the early phases of a campaign to achieve air and sea superiority. China is improving information and operational security to protect its own information structures, and is also developing electronic and information warfare capabilities, including denial and deception, to defeat those of its adversaries. China's "information blockade" likely envisions employment of military and non-military instruments of state power across the battlespace, including in cyberspace and outer space. China's investments in advanced electronic warfare systems, counter-space weapons, and computer network operations (CNO) -- combined with more traditional forms of control historically associated with the PLA and CCP systems, such as propaganda and denial through opacity, reflect the emphasis and priority China's leaders place on building capacity for information advantage.


Information Operations

New technologies allow the PLA to share intelligence, battlefield information, logistics information, weather reports, etc., instantaneously (over robust and redundant communications networks), resulting in improved situational awareness for commanders. In particular, by enabling the sharing of near-real-time ISR data with commanders in the field, decision-making processes are facilitated, shortening command timelines and making operations more efficient.


Cyber Activities Directed Against the Department of Defense

In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military. These intrusions were focused on exfiltrating information. China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs. The information targeted could potentially be used to benefit China’s defense industry, high technology industries, policymaker interest in US leadership thinking on key China issues, and military planners building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis. Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. China’s 2010 Defense White Paper notes China’s own concern over foreign cyberwarfare efforts and highlighted the importance of cyber-security in China’s national defense.

Cyberwarfare in China’s Military

. Cyberwarfare capabilities could serve Chinese military operations in three key areas. First and foremost, they allow data collection for intelligence and computer network attack purposes. Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities. Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

Developing cyber capabilities for warfare is consistent with authoritative PLA military writings. Two military doctrinal writings, Science of Strategy, and Science of Campaigns identify information warfare (IW) as integral to achieving information superiority and an effective means for countering a stronger foe. Although neither document identifies the specific criteria for employing computer network attack against an adversary, both advocate developing capabilities to compete in this medium.

The Science of Strategy and Science of Campaigns detail the effectiveness of IW and CNO in conflicts and advocate targeting adversary C2 and logistics networks to affect their ability to operate during the early stages of conflict. As Science of Strategy explains, “In the information war, the command and control system is the heart of information collection, control, and application on the battlefield. It is also the nerve center of the entire battlefield.”

In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with Russia’s efforts to promote more international control over cyber activities. China and Russia continue to promote an Information Security Code of Conduct that would have governments exercise sovereign authority over the flow of information and control of content in cyberspace. Both governments also continue to play a disruptive role in multilateral efforts to establish transparency and confidence-building measures in international fora such as the Organization for Security and Cooperation in Europe (OSCE), ASEAN Regional Forum, and the UN Group of Governmental Experts. Although China has not yet agreed with the U.S. position that existing mechanisms, such as international humanitarian law, apply in cyberspace, Beijing’s thinking continues to evolve. (End Quote)