China's capacity for
cyber-war By Benjamin A Shobert
Since September 11, 2001, America's
policymakers and politicians have found themselves
looking with increasing ferocity at threats -
whether real or imagined and regardless of country
of origin - that could further handicap the
country's economy or disrupt its ability to
project power around the world. One of the
increasingly rare moments of bipartisan agreement
has been concern over the vulnerability of
America's information-technology backbone that
covers the country's military, as well as
industrial, capacities. Chief among these concerns
is the role of China as a potential threat to US
interests in cyberspace.
The scenarios
cyber-security specialists have pointed toward as
possibilities are upsetting: hackers able to shut
down the Federal Aviation Administration's flight
computers, turn off the nation's power grid, or
crash the its financial markets. Each of these
plays off of long-held misgivings about the
foundational role of
technology in Americans'
day-to-day lives.
These questions and
concerns are even more troubling for the
government and armed forces, whose reliance on
similar technologies enables much of the nation's
military to act with precision and velocity. Like
many issues that are becoming increasingly
problematic for Sino-US relations, questions and
frustrations over China's cyber-security draw
together concerns over the lack of transparency in
Beijing's state-owned enterprises, US industrial
policy, and the nexus linking China's economic,
strategic and military objectives.
Consequently, it is no surprise that the
congressional US-China Economic Security Review
Commission (USCC) recently commissioned a report
from Northrop Grumman on the matter. Released last
week, the report is titled "Occupying the
Information High Ground: Chinese Capabilities for
Computer Network Operations and Cyber Espionage",
and it focuses on the development of China's
cyber-warfare capabilities. Jeffrey Carr, one of
the world's leading experts in this field and
chief executive officer of Taia Global, a
cyber-security consulting firm, commented that
while the report did not necessarily add anything
new regarding specific potential threats posed by
China, it "still is a good summary of China's
overall military buildup in the area of
cyber-warfare".
Since the Chinese military
leadership watched the US handily dismantle the
Iraqi army in the 1990-91 Gulf War, the prevailing
wisdom within the People's Liberation Army (PLA)
has been to emphasize the role of asymmetric war
if China and the United States were to engage in
conflict with each other. Chief among China's
asymmetric tactics is the role of cyber-war in
disrupting key channels of communication upon
which America's command and control operations
rely.
As the Grumman report for the USCC
suggests, one possible scenario where this would
be appropriate is during a conflict over Taiwan.
As only one example, the report notes that if the
Chinese could redirect US air-refueling tankers
away from where they are needed to refuel fighters
and bombers, China could successfully delay a US
attack.
The report points out that the US
military software that runs and coordinates
refueling capability is a "Web-based application
that integrates data from multiple related
databases supporting different aspects of the
air-refueling mission". It goes on to state:
"Disrupting the ability to coordinate air
refueling has the potential to temporarily ground
or delay the movement of fighters, strike
aircraft, and valuable heavy airlift into the
theater." The potential method by which the PLA
would be able to accomplish this starts with
something quite simple: the same sort of key
logging malware consumers are warned about that a
virus on their personal computer can install,
allowing hackers to capture personal passwords.
Thinking calmly about these potential
threats can be a challenge, especially in the
politically loaded environment of Washington and
its increasingly hostile views toward China. After
all, China is not alone in having the capacity to
use cyber-space as a weapon. As Carr points out,
"The report focuses on the military threat of
cyber-warfare, which is a no-brainer ... 33
nations including most Western states are standing
up cyber-warfare components to their military
forces." The bigger threat Carr is concerned
about, which the USCC report also touches on, is
the supply-chain risk inherent in China's
increasingly dominant role as designer and
manufacturer of most of the sub-components that
drive modern telecommunication and computer
networks.
To its credit, the report admits
that the biggest threat to America's
technology-infrastructure supply chain is what it
calls criminal "profit-driven attempts to
substitute authentic components with cheaply
produced, unlicensed copies of branded products".
However, the Grumman analysis for the USCC goes on
to note that "governments and private firms alike
are increasingly concerned about the potential for
state-sponsored attempts to corrupt supply chains
to gain access to sensitive networks and
communications, or to create the ability to
control or debilitate critical systems during a
time of crisis by way of vulnerabilities
engineered into the integrated circuits of
essential network components".
Carr adds
to this: "Everything that we outsource is at risk
for foreign monitoring and collection. The less we
manufacture domestically, the greater the threat
for the capture of intellectual property, the
rewriting of code, or sabotage in chip design."
Proving whether backdoors in foreign-produced
software or hardware exist is not practically
feasible. According to Carr, this sort of testing
is "too expensive and the success rate of finding
such threats is marginal". Inevitably, this
concern boils down to the increasingly loud debate
in Washington over deep versus shallow
globalization.
Deep globalization, the
form of free trade empowered by a combination of
monitoring and setting rules, was designed to
build trust. As China and the United States came
to work more with, and thereby trust, each other
more, the sorts of problems the Grumman report
touches on should have become less of a concern.
But as Western economies have struggled and China
has come to be seen more and more as both an
ideological and strategic threat to America's
world view, much of this trust has evaporated,
leaving in its wake questions over whether a
shallower approach toward globalization might have
been the right approach. Simply said, has the US
been too trusting of China?
China's
actions during this period have not helped its
case either. The country's hackers - whether with
the implicit or explicit approval of the central
government - have been prolific in their attacks
on US business and non-military government
agencies. In addition, Beijing has recently been
found with its hand in the cookie jar on at least
one key military program - the F-35 fighter. Carr
points out that China's spying on the F-35 program
will likely cause many American legislators to
pull back support for the aircraft, largely over
fear that Beijing may have stolen enough
intellectual property to reduce the F-35's
anticipated lifespan dramatically against
potential future Chinese equivalent platforms.
Now, as policymakers bring China into focus as
a potential threat to US power, it has become
obvious that much of America's insecurity over
these matters has to do with both Washington's
discomfort over Beijing's trustworthiness and
similar concerns over whether the United States
should be pursuing a coordinated national
industrial policy. The first concern is certainly
the more obvious, because it brings to light
questions over whether China can be trusted not
only as a trading partner, but also as the
fashionable and flexible "responsible stakeholder"
standard has been applied.
The latter
concern is more problematic and likely more
corrosive, because at its core it asks the
question of whether a lack of industrial policy
from Washington may now have unwittingly created a
national-security threat. During the 1990s, the
conventional logic that guided American
policymakers was that the United States could
afford to turn its attention away from
manufacturing toward service, technology and
health care as the future drivers of economic
prosperity. One obvious beneficiary of this pivot
was East Asia in general and China specifically.
The initial industries most expected to be
affected - heavy manufacturing - certainly were;
yet hit equally hard were higher-technology spaces
like those that today provide much of America's
telecommunication infrastructure.
What
last week's Grumman report to the USCC draws out
is that America's embrace of deep globalization
may have paid too little attention not only to
longer-term problems created once key components
to a country's software and hardware manufacturing
capabilities are turned over to another nation,
but also to whether the decision to look past the
key role manufacturing these components would play
in a country's economy. In the midst of a time
when America's economy was sound and the United
States could afford to view China as less of a
threat, both of these factors could be played
down.
Yet in the face of what is a very
real attempt by China to develop meaningful
cyber-war capabilities and Beijing's preliminary
success penetrating top-secret programs like the
F-35, Washington now appears to be awake to the
need to respond. By focusing attention on the
supply-chain questions and matters of America's
overall industrial strategy rather than fixating
on China as a competitive military power bent on
incapacitating US force, policymakers may have the
ability to address both national-security matters
and the country's need to pay greater attention to
its economic planning without further
destabilizing US-China relations.
Benjamin A Shobert is the
managing director of Rubicon Strategy Group, a
consulting firm specializing in strategy analysis
for companies looking to enter emerging economies.
He is the author of the upcoming book Blame
China and can be followed at
www.CrossTheRubiconBlog.com.
(Copyright 2012 Asia Times Online
(Holdings) Ltd. All rights reserved. Please
contact us about sales, syndication and
republishing.)
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
