Pages

6 June 2015

China's Military Strategy: A Cyber Perspective

June 3, 2015

The Chinese Ministry of National Defense recently released its first-ever white paper on military strategy. “China’s Military Strategy” (abbreviated “CMS” for readability) outlines a strategy of “active defense” and emphasizes China’s commitment to “winning informationized local wars” and becoming a maritime power. Although this defense white paper has no surprises for longtime China watchers and analysts, CMS also contains the first official acknowledgement of China’s commitment to building a cyber force with the capability to engage in offensive cyber operations. When evaluated in the context of concurrent domestic developments and recent incidents, this new strategy offers an indication of what to expect as China seeks to advance and defend its “cyber sovereignty” from perceived threats at home and abroad. 

Reaching for the “Commanding Heights” of Cyberspace

Although the explicit discussion of China’s cyber strategy in CMS is limited, what is stated is nonetheless significant. CMS characterizes outer space and cyberspace as the “new commanding heights in strategic competition among all parties,” and notes that, as war evolves towards “informatization” (xinxihua), China faces serious new security challenges. Therefore, a key strategic task of China’s armed forces is safeguarding China’s security interests in these new domains.

Notably, CMS emphasizes that China must “expedite the development of a cyber force,” and also enhance its capabilities in “cyberspace situation awareness” and cyber defense. This perceived imperative of building a cyber force and advancing Chinese cyber capabilities is justified in defensive terms, with the familiar refrains that China itself is a consistent victim of intrusions. The aims articulated do not directly reference offensive measures, but rather take a subtler note: the stated objective is to “to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.” Presumably, offensive cyber operations are an acceptable tool to achieve these objectives.

Fundamentally, the Chinese leadership’s perspective on cyber security should be understood in the context of “information security” (xinxi anquan) a concept broader than cyber security or “network security” (wangluo anquan), which is the standard terminology used in China. Information security implicitly encompasses the control of information and content considered to be a threat to the Communist Party of China (CPC)’s authority. Beijing perceives the risks associated with the cyber domain as potentially existential threats to CPC rule and domestic stability. 

Active Defense: Justifying Offense

Our understanding of China’s cyber strategy should be contextualized by the white paper’s overall focus on “active defense.” Although Beijing does not explicitly discuss offensive cyber operations in this white paper, that possibility is inherent in the concept of “active defense,” described as:

“adherence to the unity of strategic defense and operational and tactical offense; adherence to the principles of defense, self-defense and post-emptive strike; and adherence to the stance that “We will not attack unless we are attacked, but we will surely counterattack if attacked.””

If applied to the cyber domain, the implications of this concept could be that offense at the tactical and operational levels is consistent with an overall defensive orientation at the strategic level. By this logic, cyber attacks could be considered integral elements of the Chinese military’s efforts to “resolutely safeguard China’s sovereignty, security and development interests” in cyberspace. The question then becomes what China perceives to be an attack, a question complicated by the ambiguities of intent and challenges of attribution inherent in the cyber domain.

Indeed, it seems that, in the cyber and maritime domains alike, Beijing consistently rationalizes assertive activities as justified responses to prior provocations. For instance, China has developed and recently deployed a unique, sophisticated cyber tool that is collocated with, but distinct from, the Great Firewall, as Citizen Lab’s analysis has shown. The use of the “Great Cannon” in Distributed Denial of Service (DDoS) attacks against GreatFire.org and two GitHub pages run by GreatFire.org could be seen as an attempt to deter efforts to circumvent the Great Firewall and provide censored content to Chinese users. Notably, this attack utilized the servers of Baidu, known as China’s Google. Future aggressive cyber activity could also seek to weaponize and some may even deliberately target civilian cyber infrastructure to defend China’s “cyber sovereignty.”

Overtures Towards Transparency?

To some extent, this new defense white paper is hardly surprising or unexpected, and it provides confirmation of trends long observed by analysts. However, as an official document intended for an international readership, CMS could be characterized as a small but significant step towards transparency on Chinese strategic thinking and intentions. Previously, Beijing had consistently denied that China engages in any hacking or offensive cyber operations, frequently claiming to be the world’s biggest victim of hacking and cyber attacks. CMS seems to be the continuation of a trend towards acknowledging that the Chinese military is actively expanding its capabilities in the cyber domain and contemplating the offensive applications of cyber power.

The relatively anodyne language in this white paper reflects what the Chinese government is willing to acknowledge publically, before the international audience to which CMS was released. This is in contrast to the more detailed, open discussions of China’s cyber strategy and cyber force that can be found within certain credible, quasi-official sources. Although these views and publications cannot be characterized as entirely authoritative, some likely reflect the direction of Chinese strategic thinking on cyber security and cyber warfare more candidly and accurately.

Reading the Tea Leaves on China’s Cyber Strategy

Interpreting and predicting a country’s intentions and activities in cyberspace requires synthesizing a range of sources. For instance, the PLA’s influential Academy of Military Sciences publishes a new edition of The Science of Military Strategy (SMS for convenient abbreviation) once every fifteen years. This comprehensive, authoritative study reflects the PLA’s evolving strategic thought and exerts some influence on the formation of official strategy.

The latest edition, released in December 2013, first became available in Chinese to Western analysts in the summer of 2014. Unlike previous editions, it includes an extensive discussion of the network domain and network warfare, including an explicit categorization of the three types of Chinese network attack forces: the PLA’s “specialized military network warfare forces”; “PLA-authorized forces” in civilian organizations, such as the Ministry of State Security and the Ministry of Public Security; and “non-governmental forces.”

The Potential for Signaling and Deterrence

Since Beijing would likely know that SMS is carefully reviewed in Western analytical circles, its release could be interpreted as a deliberate signaling of underlying elements of China’s cyber strategy that are advocated by certain, more hawkish voices. Such selective release of Chinese cyber capabilities could be intended as a means of deterrence. The authors of this report argue that foreign countries’ civilian infrastructure could be targeted in network attacks without causing the degree of escalation that a conventional attack would provoke. One analyst has observed that SMS discusses the integral role of peacetime “network reconnaissance” as a preparation for wartime network operations. This noteworthy document hints that, although Beijing is not yet willing to admit or officially discuss certain elements of China’s cyber strategy, there does seem to be this increasingly offensive orientation and an underlying willingness to target civilian infrastructure in a conflict scenario. 

Looking Forward

For some time, Beijing has aggressively sought to advance the concept of cyber sovereignty, including at the United Nations and in international conferences, through new rules and restrictions on foreign technology companies doing business in China, and through draftnational security and counterterrorism laws. China’s Internet czar, Lu Wei, has called for cyber sovereignty to rule the global Internet.

These trends are likely to persist; China will react strongly, and perhaps offensively, to attempts to circumvent the Great Firewall and to all perceived threats to its cyber sovereignty, including from activists, dissidents, and foreign tech companies. Domestically, the Chinese government will continue to step up Internet censorship and crack down on the use of VPNs and even access to Gmail, despite the potential economic consequences. As China extensively engages in and perhaps escalates offensive activities in cyberspace, the CPC will probably continue to characterize such behavior as inherently defensive, in response to such perceived attacks on China’s cyber sovereignty and security. Perhaps, the five-year cyber security planthat China is currently preparing will ultimately take a further step towards transparency on these issues. 

Elsa Kania is a rising senior at Harvard College and was a 2014-2015 Boren Scholar in Beijing. She is currently an intern on the threat intel team at FireEye. The views expressed in this article are the author’s own and do not necessarily represent those of FireEye, Inc.

No comments:

Post a Comment