Chinese Military Creates High-Level Cyber Intelligence Center

Strategic cyber intelligence group within Communist Party’s all-powerful military organ revealed

Chinese students learn computer skills in a computer room at Lanxiang Vocational School
Chinese students learn computer skills in a computer room at Lanxiang Vocational School / AP
July 3, 2014

The Chinese military revealed this week that it has set up a high-level cyberspace intelligence center amid growing concerns around the world over Beijing’s aggressive cyber espionage.

Disclosure of the new military cyber spying center followed unprecedented U.S. charges in May against five Chinese military hackers who prosecutors say engaged in widespread theft of American corporate and trade secrets through cyber espionage.

The creation of the People’s Liberation Army Cyberspace Strategic Intelligence Research Center was disclosed Monday in the official military newspaper PLA Daily.

The center is part of the General Armaments Department, whose cyber spies "will provide strong support in obtaining high-quality intelligence research findings and help China gain advantage in national information security," the PLA Daily reported.

The Armaments Department is the chief military organ of the Communist Party’s all-powerful Central Military Commission (CMC). As part of the CMC, the cyber intelligence center will wield enormous power over both personnel and budgets within the Chinese military, intelligence, and government bureaucracy.

"The center is designed to become an authoritative research resource for Internet intelligence, build a highly-efficient cyberspace dynamically-tracking research system, provide high-end services for hot and major issues, and explore approaches of intelligence analysis as well as identification and appraisal with cyberspace characteristics," the newspaper said.

Cyber intelligence work will include academic exchanges, conferences, published reports and translation services with the goal of expanding the center’s influence in cyberspace research.

Few details were provided on the structure and function of the cyber-spying center. However, the center will rely on cyber specialists involved in both "situation awareness" and research. Situation awareness is a term used by militaries to describe intelligence-gathering on the Internet and against information systems.

Experts who will operate the center include strategic theorists, intelligence analysts, and technology specialists.

An inaugural ceremony for the center was held June 26 where cyber warfare experts presented remarks on "cyberspace strategic situation evaluation and countermeasures."

Military cyber programs are among the most secret elements of China’s large-scale military buildup, which has focused on developing asymmetric warfare capabilities and weapons designed to be used against a militarily stronger United States. In addition to cyber warfare tools, China’s military is building anti-satellite missiles and lasers, advanced submarines, and hypersonic strike weapons.

The announcement of the new center is unusual. Chinese government spokesmen routinely deny the military conducts any cyber intelligence operations. Senior Chinese officials, in response to claims of cyber spying, have leveled counter charges against the United States based on pilfered classified documents made public through renegade National Security Agency contractor Edward Snowden.

Michelle Van Cleave, former DNI national counterintelligence executive, a senior counterspy policymaker, said the PLA announcement is interesting for its timing.

"In May, we indict five PLA officers for cyber espionage against the U.S. and the Chinese deny the charges," she said in an email. "Next they announce a whole new center dedicated to the same thing, only now they’re calling it research."

Van Cleave added that "none of this changes the fact that China has a long-term, sophisticated, computer network exploitation campaign directed against the U.S. government and industry, and they are stealing us blind."

China’s government recently issued a report that identified the U.S. government as a major source of cyber attacks against China.

After the high-profile indictment of the PLA military hackers May 1, China announced it had cut off talks with the United States on cyber security issues.

The State Department’s senior China policy maker, Assistant Secretary of State Daniel Russel, said last week that the administration has asked the Chinese to resume the dialogue, which was part of the U.S.-China strategic and economic talks.

The next round of the Treasury and State Department-sponsored talks with Chinese counterparts is scheduled to begin next week in Beijing.

The suspended cyber security working group at the talks was set up last year and China has not yet said whether it will resume the working group.

Chinese cyber attacks against U.S. government and private networks remains a major security issue. The new U.S. ambassador to China, former Sen. Max Baucus, said in a speech last week that Chinese government-origin cyber espionage poses a major threat to U.S. security.

"Cyber-enabled theft of trade secrets by state actors in China has emerged as a major threat to our economic and thus national security," Baucus said during a speech in Beijing June 25. "Besides being criminal in nature, this behavior runs counter to China’s WTO commitments. We don’t sit idly by when a crime is committed in the real world. So why would we when it happens in cyber space?"

The Chinese plan to use cyber warfare means in future attacks, including planting viruses and sabotaging information systems, as well as jamming and military strikes using combined traditional weapons with digital and electronic attacks, according to the Pentagon’s latest annual report on the PLA.

China’s military was given valuable insights into U.S. cyber warfare capabilities during the visit to China earlier this year by Defense Secretary Chuck Hagel. In Beijing, Hagel authorized the release of details about U.S. cyber warfare doctrine to the Chinese military in a bid to gain the trust of the Chinese. The PLA did not respond in kind and is believed to have gained valuable cyber warfighting details that critics say could be used against the U.S. military in a future conflict.

Until this week’s announcement, Chinese military hacking centers remained secret and obscured by the use of code-numbered units.

Last year, the private security firm Mandiant first disclosed that a Shanghai-based military group, Unit 61398, was engaged in cyber espionage.

The five PLA military hackers indicted May 1 were part of this unit.

Then last month the firm CrowdStrike revealed a second cyber espionage group, called Unit 61486, also based in Shanghai. It attacked and penetrated U.S. defense, satellite, and aerospace companies, as well as similar targets in Europe, since 2007.

Those two units are part of the PLA General Staff Department in charge of intelligence.

The Pentagon’s latest annual report on the Chinese military, made public June 5, stated that China’s warfighting plans include cyber intelligence gathering for electronic attacks.

"First, it will enable data collection for intelligence and computer network attack," the report says. "Second, it constrains an adversary’s actions or slows their response. Third, it is as a force multiplier when coupled with kinetic attacks."

The Pentagon report said China’s plans for cyber warfare identify the use of network attacks as the key to achieving superiority in cyberspace.

"China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs," the Pentagon report said. "The information targeted could potentially be used to benefit China’s defense industry, high-technology industries."

Chinese military writings have indicated that the PLA plans to use cyber attacks against command and control and logistics networks in the early stages of a conflict. The military writings have referred to cyber warfare in Maoist terms as "people’s cyber warfare."

"Cyber warfare is not limited to military personnel," one July 2013 report said. "All personnel with special knowledge and skills on information system may participate in the execution of cyber warfare. Cyber warfare may truly be called a people’s warfare."

Published under: China , Cyber Security