Advertisement
Advertisement
Illustration: Craig Stephens
Opinion
Daniel Wagner
Daniel Wagner

China’s head start in cyberwarfare leaves the US and others playing catch-up

  • Xi Jinping’s foresight that the future is digital helped China push ahead in the race to harness the power of the internet, much of it in covert operations, to sharpen its military edge and economic competitiveness

From the time he assumed power in 2012, President Xi Jinping made it clear how important a role he believed the internet would play in China’s future.

To his credit, he recognised that the future is digital, and that those countries that can get ahead and stay ahead in the race for digital supremacy would hold a natural advantage in global economic competition. He set China on a path that would help ensure its future economic competitiveness by harnessing the power of the internet.

Based on the manner in which he has unleashed China’s participation in that race, the Xi era will be remembered for putting an end to the West’s naive optimism about the potential of the internet to liberalise global polities.

Chinese military doctrine has long articulated the use of a wide spectrum of warfare against its adversaries. Much of what is known outside of China about its approach to asymmetric warfare is contained in a book first published in Chinese in 1999 and translated 10 years later with the title Unrestricted Warfare .

The first rule of unrestricted warfare is that there are no rules and nothing is forbidden. The book advocates tactics known as sha shou jian (assassin’s mace), the concept of taking advantage of an adversary’s seemingly superior conventional capabilities by “fighting the fight that fits one’s own weapons” and “making the weapons to fit the fight”.

It proposes ignoring traditional rules of conflict and advocates such tactics as manipulating foreign media, flooding enemy countries with drugs, controlling the markets for natural resources, joining international bodies so as to be in a position to bend them to one’s will, and engaging in cyberwarfare.

Having had nearly two decades to develop this philosophy, Chinese military strategists are, of course, prepared to use conventional weapons to fight their enemies, but, especially where they lack a competitive advantage, one tactic is to use cyberwarfare to make up the difference.

China may soon reign supreme in this area, and there is little the US or any other country can do about it

Since the turn of the century, China has set in place an impressive cyberwarfare infrastructure that includes citizen hacker groups, military units, and an extensive cyberespionage network around the world.

Noteworthy in that regard was China’s threat to ban government procurement of Microsoft software, hardware and technology unless the company agreed to provide a copy of its proprietary operating code, which it had refused to reveal to its largest US commercial clients.

After it was provided, the Cisco router found on almost all US networks and most internet service providers was copied and counterfeit routers were sold at discount prices around the world, according to Cyber War, a book by Richard Clarke, a former presidential adviser on intelligence and counterterrorism, and Robert Knake.

Buyers apparently included the Pentagon and a host of other US federal agencies. A subsequent report by the FBI concluded that the routers could be used by foreign intelligence agencies to take down networks and weaken cryptographic systems.

Armed with knowledge of the flaws in Microsoft’s and Cisco’s software and hardware, China’s hackers had the ability to stop most of the world’s networks from operating.

Chinese networks would also have been vulnerable but, as part of its deal with Microsoft, the Chinese modified the version of Microsoft software sold in China to include a secure component using their own encryption, according to the book.

They also developed their own operating system (Kylin) and secure microprocessors for use on servers and Huawei routers.

By 2003, the Chinese government had created cyberwarfare units with defensive and offensive capabilities with weapons that had never been seen before, according to Cyber War.

These capabilities include the ability to plant information mines, conduct information reconnaissance, change network data, release information bombs, dump information garbage, disseminate propaganda, apply information deception, release clone information, and establish network spy stations.

By 2007, China was said to be penetrating US and European networks, successfully copying and exporting huge volumes of data. China has since developed its cyberwarfare capabilities into a finely tuned and largely unrivalled machine.

Also by 2007, Chinese hackers were able to carry out the “Byzantine Hades” cyberattacks with little more than a peep of condemnation from US officials.

The attacks, which were traced to the Chinese military, ended up getting broad media attention years later, in part because part of the theft of designs of the F-35 fighter jet (which enabled China to produce its own stealth fighter, the Chengdu J-20).
During the Obama administration, the US devoted more resources to the problem and began to respond more robustly. In 2014, the US Justice Department indicted five Chinese military hackers from Unit 61398 for their alleged role in economic theft but Chinese cyber-espionage has grown to become a Goliath.

The whole system runs through a nexus among government officials, military officers, business executives, and academics throughout China. It makes money back by developing products based on the stolen information. The system even extends to transfer centres that process stolen information and transforms them into usable designs.

When, in 2015, the US signed a cyber agreement with China, it sent a list of Chinese hackers identified as having stolen commercial secrets from US businesses to President Xi, requesting their arrests.

Chinese authorities made some arrests but by passing evidence against Chinese hackers to the authorities, the US unintentionally helped the Chinese government close gaps in its system of economic theft.

The Chinese authorities presumably took this information as a road map for how US investigators detect attacks and used the information to adjust their methods and make cyberattacks progressively more difficult to identify.

The agreement stated that neither country would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, for commercial advantage”. The cyber agreement also established a system for high-level dialogue between the US and the Chinese Communist Party.

However, it only prohibited “cyber-enabled theft of intellectual property”, which did nothing to address intellectual theft through other means, rendering it relatively toothless. And it failed to forbid economic theft more generally – only one method of economic theft – while leaving unmentioned that the Communist Party itself is behind so many of the attacks against the US.

Recognising how inadequate the agreement with China was and remains, and how Beijing has trampled all over it, President Donald Trump has taken America’s “objections” to China’s cyber capabilities to a whole new level.

However, China may soon reign supreme in this area, and there is little the US or any other country can do about it. The most it can hope for is to at least match the Chinese modus operandi, on its own terms.

That implies ramping up the silent, behind-the-scenes cyberwarfare that is already in the process of reshaping how the wars of the future will be fought.

 Daniel Wagner is CEO of Country Risk Solutions and author of the new book China Vision

Post