China Broadens Cyber Options

China is leveraging on its large base of cyber militias to perform low-level cyber attacks.

China is prepared to use its burgeoning cyber capabilities for industrial espionage, trans-national harassment, national defence and as a support to military operations.

In its annual assessment released on 1 May 2019, the US Department of Defense’s (DoD) report to Congress on China’s military capabilities painted a rapidly modernising People’s Liberation Army (PLA) and its growing ability to exploit cyberspace to offset the traditional advantages of its peer rivals.

According to the DoD, the PLA has consistently advocated cyber warfare to achieve a range of operational objectives, such as targeting an adversary’s command, control, and communications (C3) and logistics networks to hamper its ability to generate combat power during the early stages of an armed conflict. At the same time, its cyber warfare capabilities can also be used to collect intelligence or to serve as a force-multiplier when coupled with conventional kinetic attacks.

“PLA researchers believe that building strong cyber capabilities are necessary to protect Chinese networks and advocate seizing ‘cyberspace superiority’ by using offensive cyber operations to deter or degrade an adversary’s ability to conduct military operations against China,” the DoD noted in its report.

Chinese writings suggest cyber operations allow [the PLA] to manage the escalation of a conflict because cyber-attacks are a low-cost deterrent,” it added, noting that this enables China to scale these attacks to achieve desired conditions with minimal strategic cost. “The writings also suggest that cyber-attacks demonstrate capabilities and resolve to an adversary.”

The PLA’s growing cyber warfare capabilities gained worldwide attention in February 2013 when US cybersecurity company Mandiant – now a FireEye subsidiary – released a report that claimed Chinese military involvement in several high-profile cyberattacks. The report placed specific responsibility with certain individuals and locations associated with the 2nd Bureau of the PLA General Staff’s 3rd Department, also known as Unit 61398. The PLA 3rd Department is essentially its signals intelligence branch.

The Chinese military are prepared for defensive and offensive cyber operations.

A report compiled for the US-China Economic and Security Review Commission at the same time noted that China’s cyber warfare capabilities would pose a credible threat to US military operations in the event of a conflict in the Asia-Pacific region. The PLA, it said, was gearing up for “information confrontation” and is seeking to “integrate all elements of information warfare, electronic and non-electronic, offensive and defensive, under a single command authority”.

Other than offensive cyber capabilities, state-linked hackers have reportedly compromised the computer networks of US defence companies on multiple occasions, pilfering valuable data on classified military developments. In June 2018, the Washington Post reported that a US Navy Naval Undersea Warfare Centre (NUWC) contractor lost 614 gigabytes (GB) of sensitive material including signals and sensor data, cryptographic systems related to communications, and the navy submarine development unit’s electronic warfare library in two separate incidents in January and February. This data part of a classified programme known as “Sea Dragon”, which the Post claimed is an initiative being pursued under a special DoD office stood up in 2012 to “adapt existing US military technologies to new applications…and will introduce a disruptive offensive capability” by “integrating an existing weapon system with an existing Navy platform.” The paper also reported that the DoD had already requested or spent over $300 million for the project since late 2015.

Strategic Support Force

In December 2015, the PLA established the Strategic Support Force (PLASSF) as part of wider modernisation reforms. Although much of its remit and activities remain shrouded in secrecy, this new force is believed to be responsible for facilitating the integration of the PLA’s space, cyberspace, and electromagnetic (EM) spectrum warfare capabilities.

PLASSF insignia.

The PLASSF is believed to comprise several divisions. These include the Space Systems Department, which provides space-based information support and intelligence for the PLA’s newly established theatre commands and enable future joint operations and power projection. In contrast, the Network Systems Department is responsible for managing cyber, electronic, and psychological warfare capabilities.

The PLA’s ongoing structural reforms may further change how PLASSF organises and executes its missions, particularly as it evolves over time. In consolidating cyber and other information warfare-related elements, the PLASSF is likely generating synergies by combining national level cyber reconnaissance, attack, and defence capabilities in its organisation.

“Modern western military infrastructure is dependent on a communications backbone that supports the eyes, ears and operational command and control vital to support in-theatre assets…it will therefore be viewed as a legitimate military target by any adversary,” an industry source told AMR, noting that the PLA’s close relationship with key Chinese telecommunications companies provides an avenue for state-sponsored penetrations of supply chains for micro-electronics supporting western governments and commercial industries.

Civil-Military Integration

China’s military cyber warfare capabilities are increasingly being augmented by a growing civilian dimension. The strong civil-military association of Chinese military power can be traced back to the early days of the Chinese Civil War and manifested within Mao Zedong’s “People’s War” doctrine, which essentially stressed that military advantage can be gained by utilising and mobilising the immense population base within the mainland. In more recent papers, the PLA has stated that “the cooperation between regular warfare and irregular warfare stresses that we should give full play to the creativity of the masses…” and that in the field of civil-military cyber development, there is an imperative for “the military to serve the people, and the people to prepare the military.”

In January 2017 the Central Commission for Integrated Military and Civilian Development was established, with civil-military cyber integration being identified by President Xi Jinping as one of the core missions of the new centre. Under the instruction of the commission, China’s inaugural ‘cybersecurity innovation centre’ was established in December 2017 and has been charged with enhancing private sector cooperation to “help [the military] win future cyber wars.” The centre is being operated by 360 Enterprise Security Group, one of China’s leading cybersecurity companies.

President Xi Jinping has exhorted Chinese industry to support his government’s cyber ambitions.

Moreover, the Cyberspace Administration of China (CAC) released key policy document that highlighted Xi’s and party thinking on cyberspace in the lead-up to the Communist Party of China’s (CPC) 19th National Congress in October 2017. The document outlined a directive to ‘promote the deepened development of military-civilian integration for cybersecurity and informatisation’, and provided instructions to implement civil-military integration systems, cybersecurity projects, and innovation policies. The PLA has responded to such demands and has reportedly advanced its partnerships with the civilian sector – with notable examples being telecommunications giants Huawei and ZTE – and deepened engagements with universities.

Cyber Militias

State-affiliated cyber militias have been one of the clearest products of civil-military development efforts, with a membership base believed to number in excess of 10 million people today, since these organisations emerged around 20 years ago. Cognisant that such militias could undermine the work of regular PLA cyber units if given the remit to operate as they wished, it is likely that these organisations have been tasked to perform cyber surveillance and espionage as opposed to offensive cyber operations.

China’s infamous ‘patriotic hackers’ are perhaps the most well-known face of the cyber militias. While these hackers can be a useful tool in hampering state adversaries they can also often be unruly, erratic and heavy-handed. These hackers are typically driven by popular nationalism which is often defined by effusive, unsubtle, and rash pursuits and rhetoric, which is incongruent with the calculated version of state nationalism that the CCP espouses and pursues.

Evidently, there has been a tension between the need for the state to enable and encourage the development of national identity while still preserving the national interest. The integration of these civilian entities into formalised state structures like the PLASSF will thus represent a desire by the state to mitigate as much as possible the inherent volatility of these actors.

However, continued formal integration of these hackers into military organisations such as the SSF will mean the PLA and the Chinese state will soon lose its ability to have plausible deniability when these hackers’ operations are uncovered by other states. The improved US ability to attribute cyber operations to Chinese actors combined with Washington’s budding approach of sanctioning major Chinese state-owned enterprises involved has caused Beijing to realise the need to implement closer control.

While the civil-military dimension of China’s cyber power projection has been sporadically apparent since the beginning of the millennium, it is only recently that we are seeing concerted efforts to wholeheartedly leverage the civilian sphere and, more importantly, to centralise and organise it so that it can consistently serve China’s military aims.

Further Evolution

Finally, China plans to leverage its growing mastery of artificial intelligence (AI) technologies to boost its cyber defence and offence capabilities. The CPC has outlined three phases for indigenous AI development, with the first aiming to boost capability to support the growth of a globally competitive AI industry by 2020. The second phase outlines development to 2025 with ‘major breakthroughs’ in AI technologies and applications. By 2030, China aims to establish itself as the global leader of AI technologies, which will be fully integrated in all if its industrial sectors including national defence construction, where AI will underpin key military developments, systems, and capabilities

The vast amounts of data and the speed of cyber attacks demands a degree of cognitive power and agility that is beyond what human actors working in isolation can provide. Chinese military leaders are fully aware of the potential of AI to boost the effectiveness of its personnel and even systems by processing and filtering information, enabling them to adapt to rapidly evolving operational environments. For example, AI is being viewed as a tool to automate processes that govern cyber attacks, potentially alleviating the existing compromise between the scale and efficacy of attacks.

For cyber defence, AI support could significantly increase reaction speed by using predictive capabilities that enable mining and leveraging historical and real-time data at exceptional swiftness. To that end, China is investing heavily in cutting-edge information technologies, such as quantum computing. It is also successfully operationalising cyber technologies for public security, such as facial recognition and citizen surveillance, as well as vehicle and smartphone tracking.

Other defensive capabilities are also beginning to mature, providing greater resilience against external attack from its western rivals. One such example is the China National Cyber Threat Intelligence Collaboration (CNTIC) established in 2017 by government agencies and eight leading domestic cybersecurity companies such as 360 Enterprise Security Group and NSFocus Information Technology (NSFOCUS). Other national agencies including the National Computer Network Emergency Response Technical Team (CNCERT) are also supporting CNTIC.

“The platform can solve problems like data isolation and fragmentation,” Liu Baoxu, director of CNTIC, told People’s Daily in January 2019, noting that the team can access over 200 threat intelligence (TI) sources, with nearly 100 billion pieces of information available. “Through data collection and analysis, high-value intelligence can be formed and shared among the nation for better cyber defence.”

It is also worth noting that cyberattacks on Chinese infrastructure is also among the most frequent in the world. According to a February 2019 report by local consultancy Beijing Zhidao Chuangyu Information Technology, China suffered the highest rate of distributed denial of service attacks (DDoS) – averaging over 800 million recorded events – in the world in 2018. According to the company, scanning and backdoor intrusion attacks accounted for the majority of these attacks, with domestic hackers accounting for 97 percent of these. However, it also noted that overseas attacks targeting government and financial websites from the US, South Korea, and Japan have been increasing in frequency.

by JR Ng