A recent Chinese military reorganization is increasing the danger posed by People’s Liberation Army cyber warfare and intelligence units that recently were consolidated into a new Strategic Support Force.
The announcement of the military reorganization made on Dec. 31 by the Chinese government provided few details of what has changed for three military intelligence units formerly under the now-defunct General Staff Department.
However, U.S. officials and China analysts say the major cyber warfare and intelligence-gathering groups were elevated into the new Strategic Support Force, a military service-level force equal in standing to China’s army, navy, air force and missile services.
They include the 3rd Department, or 3PLA, that is believed to have as many as 100,000 cyber warfare hackers and signals intelligence troops under its control. The group includes highly-trained personnel who specialize in network attacks, information technology, code-breaking, and foreign languages.
Five members of a 3PLA hacking group were indicted by the Justice Department for commercial cyber attacks against American companies in 2014.
The 4th Department, China’s separate military electronic intelligence and electronic warfare service, is also part of the new support force. Additionally, the traditional military spy service devoted to human spying known as 2PLA was combined into the new support force.
“From a strategic perspective, the PLA will now be able to move forward with the concept of integrated network electronic warfare and better manage the use of satellites for [intelligence, surveillance, and reconnaissance],” said former military intelligence officer Larry Wortzel.
James Lewis, a cyber specialist with the Center for Strategic and International Studies, said the new force will enhance the capacity of the PLA.
“They have a ways to go, but this is their effort to compete with the U.S. in the information domain,” Lewis said. “It fits with their improved [anti-satellite] and cyber attack capabilities.”
The 3PLA was identified by the National Security Agency as one of China’s most aggressive cyber spying agencies.
Classified documents made public last year revealed that the NSA estimates 3PLA hackers conducted more than 30,000 cyber attacks aimed at gathering defense industrial secrets. More than 500 of the cyber attacks were gauged to involve “significant intrusions” of defense networks.
Compromises included the theft of secrets regarding the F-35 and F-22 jets, the B-2 bomber, and space-based laser systems.
The NSA learned details of the operations by conducting its own cyber penetration in 2009 of a network connected to 3PLA computers.
Adm. Mike Rogers, commander of the U.S. Cyber Command, said large-scale hacking has numbed many Americans to a threat that is growing.
“If you look at the trends, if you look at the activity, for example, that we see within critical infrastructure in the United States, power and other things, you see nation states, individuals, and actors within those systems,” Rogers said last week.
“To date we have not seen on any significant scale a desire to take that access and employ it as a way to bring the system down,” he said.
“But what happens when that changes? Because as military, I've always thought about threat as a combination of capability and intent. I’m watching capability where I go, wow. If the intent were to change we have some real challenges here. And intent can change very quickly.”
Chinese military expert Yin Zhuo told the state-run People’s Daily newspaper that foreign forces continue to conduct cyber attacks on Chinese government, military and civilian facilities and the new Strategic Support Force will focus on the threat.
“It is imperative that we possess a corresponding defense force,” he said. “The Strategic Support Force will play an important role in safeguarding our nation's financial security and protecting our people's safety in daily lives.”
The overall functions of the Strategic Support Force are targeting detection and reconnaissance, satellite and space operations, electronic warfare and cyber warfare. “All these are new domains that will determine whether our military can win victories on future battlefields,” Yin said.
The force will be integrated within other military groups and will provide “potent battlefield support for joint operation actions of multiple services and arms so as to achieve the goal of winning local wars under informatized conditions,” Yin said.
U.S. intelligence officials disclosed to the Washington Free Beacon last year that China has sharply increased funding for cyber warfare capabilities.
The funding increase—an estimated 30 percent more devoted to cyber warfare and cyber spying—follows Beijing’s assessments that its capabilities lag behind those of the United States.
The buildup of cyber warfare capabilities was described by officials as a long term, strategic buildup of digital warfare capabilities.
By contrast with China, the U.S. Cyber Command currently has around 6,000 people engaged in both cyber defense and cyber attack preparations. The NSA, which conducts the bulk of cyber intelligence-gathering, employs a force of at least 40,000 people.
Wortzel, the former military intelligence officer, said the new force combines the electronic warfare and countermeasures capabilities of 4PLA with the signals intelligence capabilities of 3PLA, along with control of satellites and space-based intelligence, surveillance, and reconnaissance.
The cyber warfare, collection and defense responsibilities had been divided between 3PLA and 4PLA. “Now they apparently will be consolidated in the Strategic Support Force,” Wortzel said, noting that the civilian Ministry of State Security will probably keep its separate cyber and intelligence gathering capabilities.
Lewis, the CSIS cyber expert, said the PLA reorganization is “probably good news on the cyber espionage front.”
“It gives Xi the control to tamp down PLA spying—he seems to want to do this after calculating that the gain now isn’t worth the friction,” Lewis said. “But it’s bad news for warfighting as they are reorganizing with one opponent in mind.”
In September, Chinese leader Xi Jinping announced that China’s military needed “a new strategy for information warfare amid a global military revolution.”
The 3PLA headquarters is located in Beijing’s Haidian district and its branch offices are located in Shanghai, Qingdao, Sanya, Chengdu, and Guangzhou. The Shanghai office is said to be focused exclusively on targeting the United States.
The five PLA hackers indicted by the Justice Department, who remain wanted by the FBI, were part of a 3PLA agency called Unit 61398, which has been identified as a major cyber attack unit behind the theft of large amounts of U.S. government and private sector data, ranging from secrets related to the F-35 jet to corporate secrets about nuclear power generation.
Peter Mattis, a China analyst with the Jamestown Foundation, said the new military reorganization is the most significant change since the PLA was reorganized in the 1950s and likely will integrate the resources of the 2PLA, 3PLA and 4PLA into various regional and functional military headquarters.
“Although no specific announcements have thus far been made about the intelligence apparatus, it seems unreasonable to think the PLA’s intelligence system will go untouched,” Mattis stated in an article published in War on the Rocks.
China’s most senior intelligence officer in the past has been the deputy chief of the General Staff Department, who played a key role in the ruling Communist Party decision-making on domestic and foreign affairs. That position will likely now be taken by the chief of the Strategic Support Force.
The general in charge of the Strategic Support reportedly is Lt. Gen. Gao Jin.
China’s government relies heavily on the use of strategic intelligence, based on the precepts of the ancient strategist Sun Tzu who said the acme of skill was defeating your enemy without shooting.
“The biggest question about the reorganization of intelligence is how the PLA will do within the intelligence apparatus to increase jointness—one of the stated goals of the reforms,” Mattis stated.
“Plenty of evidence suggests the Chinese military wants intelligence more connected to operational decision-making.”