The Coming China Cyberwar

China’s Military Is Prepared to Wage Large-Scale Cyberwarfare Attacks Against U.S. Military, Civilian Networks

March 8, 2012

China’s military has developed highly sophisticated cyber warfare capabilities that would be used to cripple computer networks at the U.S. Pacific Command and U.S. Transportation Command that would direct American forces to defend Taiwan in a future conflict, according to a congressional report.

The cyber attacks would begin weeks before actual hostilities, as cyber warriors associated with two units of the People’s Liberation Army secretly penetrate networks and plant sleeper software that can destroy both hardware and software needed for moving and commanding troops and forces across the Pacific, according to a new report by the congressional U.S.-China Economic and Security Review Commission.

"Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict," the report states.

The 136-page report, "Occupying the Information High Ground," was produced by Northrop Grumman for the commission. It will be released Thursday and is based on Chinese military writings, Chinese government statements, and public analysis of recent Chinese intrusions into public and private computer systems.

China Commission Chairman Dennis Shea said in releasing the report that the United States has been a victim of continuous cyber operations "sanctioned or tolerated by the Chinese government."

"Our nation's national and economic security are threatened, and as the Chinese government funds research to improve its advanced cyber capabilities these threats will continue to grow," Shea said.

Said commission member Michael Wessel: "It's getting harder and harder for China's leaders to claim ignorance and innocence as to the massive electronic reconnaissance and cyber intrusions activities directed by Chinese interests at the U.S. government and our private sector."

Wessel said the report shows China’s specific doctrinal intent and financial support for what he called government-sponsored cyber espionage capabilities. "There's clear and present danger that is increasing every day," Wessel said.

According to the report, China’s cyber warfare program is being integrated with other forms of attack, including kinetic military strikes from missiles, warships, and aircraft, along with the use of deception operations, electronic warfare, and psychological warfare in a unified warfighting program Beijing calls "information confrontation."

"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively," the report said. "This goal has effectively created a new strategic and tactical high ground, occupying which has become just as important for controlling the battlespace as its geographic equivalent in the physical domain."

Better Chinese military efforts at joint warfighting and information warfare "strengthen the ability to employ them effectively as either deterrence tools or true offensive weapons capable of degrading the military capabilities of technologically advanced nations, or hold these nations’ critical infrastructure at risk in ways heretofore not possible for China," the report said.

The Chinese cyber threat "will present U.S. leaders and the leaders of allied nations with a more complex risk calculus when evaluating decisions to intervene in Chinese initiated conflicts such as aggression against Taiwan or other nations in the Western Pacific region," the report said.

One detailed scenario outlined in the report shows how Chinese military hackers, operating under two PLA units called the 3rd and 4th Departments of the PLA General Staff, would attack logistics and command and communication networks used by the Pacific Command to move forces to areas near Taiwan during a Chinese military operation to try and reunite the democratic island state with the mainland.

"PLA analysts consistently identify logistics and [command, control, communications, computers, intelligence, surveillance, and reconnaissance] C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict," the report said.

The preemptive penetrations probably would not be detected until after combat has begun or after Chinese computer network attacks teams carried out attacks on targeted networks.

The U.S. government remains largely without a policy for responding to a large-scale Chinese cyber attacks, the report said.

"Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision making," the report said.

The Third Department, known as 3PLA and identified as China’s primary signals intelligence collector, is in charge of network defense and possibly exploitation missions. The Fourth Department, or 4PLA, is the traditional electronic warfare arm of the PLA, and is believed to be China’s main network attack unit.

The report said PLA works closely with major Chinese telecommunications companies, including Huawei Technologies, which has been barred at least twice from entering U.S. markets because of national security concerns.

Additionally, the report discloses that U.S. government and private sector networks are at risk because of reliance on Chinese-made microchips that could be used as mechanisms for getting inside computer networks during a crisis or conflict.

Telecommunications and integrated circuit (IC) suppliers are vulnerable to compromise that present "distinctive opportunities, and also distinctive operational costs, to potential attackers," the report said.

"Regardless of the sophistication of the attackers, a successful penetration of a telecommunications supply chain has the potential to cause a catastrophic failure of select systems and networks supporting critical infrastructure for national security or public safety," the report said.

"Chinese decision makers see [U.S. military technology] prowess in information technology as both a force multiplier for the United States and a vulnerable center of gravity, calculating that if an adversary is able to disrupt these networks and access information, the effect would leave U.S. combat forces and commanders in a state of paralysis," the report said.

According to the report, computer network attack research and development in China has focused on stealthy means of deploying attack tools through sophisticated rootkits that would be delivered to computers Basic Input/Output System, or BIOS, used during startup that could cripple targeted systems.

"BIOS destruct tools pre-placed via network reconnaissance and exploitation efforts performed earlier in this two-week CNO campaign might be activated to destroy the circuit boards of key the motherboard containing the microprocessors necessary for the systems’ operation," the report said.

"Chinese commanders may elect to use deep access to critical U.S. networks carrying logistics and command and control data to collect highly valuable real time intelligence or to corrupt, the data without destroying the networks or hardware," the report said.

The report also reveals that Chinese researchers have studied vulnerabilities in the U.S. electrical power grids. "The study found that attacks on nodes with the lowest loads are more effective at creating cascading failures in the Western United States power grid than targeting higher capacity nodes," the report said.

The report concluded that China’s military modernization has made a remarkable transformation into a modern army in the past two decades.

"Computer network operations (attack, defense, and exploitation) have become fundamental to the PLA’s strategic campaign goals for seizing information dominance early and using it to enable and support other PLA operations throughout a conflict," the report said.