March 10, 2012
Northrop Report Examines Chinese Information Warfare Strategies
The report, titled Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, outlines trends in the increased coordination between the nation's various sectors to create a technological and organizational advantage where advanced cyber capabilities are concerned.
"PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively. This goal has effectively created a new strategic and tactical high ground, occupying which has become just as important for controlling the battlespace as its geographic equivalent in the physical domain," the report asserts.
Critical to the strategy is the creation of a centralized command structure designed to unify the efforts of the public, private, and education sectors to produce a tactical advantage that can be applied to both economic and military interests.
"The PLA, seeks to integrate all elements of information warfare—electronic and non-electronic—offensive and defensive under a single command authority," the report states.
According to the assessment, the Chinese' focus on information warfare as a means to level the playing field with Western powers creates a threat vector that will be more difficult for governments like the United States to accurately assess as compared to equivalent evaluations of conventional military strength.
"As Chinese capabilities in joint operations and IW strengthen, the ability to employ them effectively as either deterrence tools or true offensive weapons capable of degrading the military capabilities of technologically advanced nations or hold these nations’ critical infrastructure at risk in ways heretofore not possible for China will present U.S. leaders and the leaders of allied nations with a more complex risk calculus when evaluating decisions to intervene in Chinese initiated conflicts..." Northrop researchers conclude.
The report also supports previously publicized warnings regarding the collaboration between the Chinese military and private corporations in the development of cyber offensive technologies, a model long adhered to by Western governments.
The concern, though, rests in the fact that many of the technological advancements being utilized by the Chinese military are in part being funded by Western companies who are engaged in research and development partnerships with Chinese corporations, particularly in the telecommunications field.
"This close relationship between some of China’s—and the world’s—largest telecommunications hardware manufacturers creates a potential vector for state sponsored or state directed penetrations of the supply chains for microelectronics supporting U.S. military, civilian government, and high value civilian industry such as defense and telecommunications," the report notes.
In the fall of 2011, the US House Intelligence Committee had launched an investigation into possible threats posed by Chinese telecom companies operating within the United States.
Chairman Mike Rogers had previously initiated a preliminary inquiry into Chinese espionage operations which subsequently determined the need for further investigation into threats aimed at the U.S. technology supply chain, critical infrastructure, proprietary information, and intellectual property. The committee's focus thus far surrounds concerns over Chinese telecom giant Huawei and their relationship to the Chinese military.
In addition to the private sector collaborations, the Chinese government has also enlisted at least fifty of the nation's top education centers through extensive grant programs aimed at cyber offensive research and development initiative, a strategy also similar to Western models.
"A review of PRC university technical programs, curricula, research foci, and funding for research and development in areas contributing to information warfare capabilities illustrates the breadth and complexity of the relationships between the universities, government and military organizations, and commercial high-tech industries countrywide," the report states.
The Northrop Grumman analysis in but one among many recent reports which have examined Chinese cyber offensive efforts, and the notion that China is engaged in similar activities as those of their Western counterparts should not come as a surprise to anyone.
In addressing concerns over digital espionage and culpability where cyber attacks on Western networks is concerned, many security experts point out the difficulty involved in accurate attribution. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.
In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors. It also raises serious questions as to what the appropriate response would then be.
"Even if circumstantial evidence points to China as the culprit, no policy currently exists to easily determine appropriate response options to a large scale attack on U.S. military or civilian networks in which definitive attribution is lacking. Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision making," the Northrop report notes.
One clue to attribution lies in understanding the the specific networks and data being targeted in an attack. though not conclusive, such analysis can point investigations in the right direction, the report maintains.
"Activities attributed to state sponsored operators often appear to target data that is not easily monetized in underground criminal online auctions or markets but highly valuable to foreign governments. Highly technical defense engineering information, operational military data, or government policy analysis documents rarely if ever appear to be a priority for cybercriminal groups."
The full Northrop Grumman report can be found here:
Source: Northrop Grumman Report Thursday, March 08, 2012