The People’s Liberation Army is actively arming and developing its soldiers with advanced information warfare capabilities which would represent a “genuine risk” to US military operations in the event of a conflict, a new report has alleged.
Contractor Northrop Grumman’s detailed 136-page report (PDF) for the US government on the cyber threat posed by China was released on Thursday.
The contractor asserts that the People’s Republic has come to believe that information warfare (IW) and computer network operations (CNO) are a vital part of any military operation and are integrating them with traditional components under a framework known as “information confrontation”.
It argues that the Chinese military is constantly evaluating US command and control infrastructure and will therefore likely “target these system with both electronic countermeasures weapons and network attack and exploitation tools” in the event of a conflict.
As Chinese capabilities in joint operations and IW strengthen, the ability to employ them effectively as either deterrence tools or true offensive weapons capable of degrading the military capabilities of technologically advanced nations or hold these nations’ critical infrastructure at risk in ways heretofore not possible for China will present US leaders and the leaders of allied nations with a more complex risk calculus when evaluating decisions to intervene in Chinese initiated conflicts such as aggression against Taiwan or other nations in the Western Pacific region.
The report also reveals the extent to which China’s military relies on academia and the commercial IT sector to boost R&D efforts; according to the contractor, 50 state universities are receiving grants to help them carry out information security and warfare research.
Huawei, ZTE and Datang are also all named in the report as having close collaborative ties with the PLA, with the former named as an “advanced source of technology” for the military.
Rather than isolate certain state owned IT firms as exclusively “defense” in orientation, the PLA, often operating through its extensive base of R&D institutes, alternately collaborates with China's civilian IT companies and universities and benefits as a customer of nominally civilian products and R&D. The military benefits because it receives the access to cutting edge research. This work is often carried out by Chinese commercial firms with legitimate foreign partners supplying critical technology and often sharing the cost of the R&D.
A secondary benefit to the PLA of this strategy is the ready access to the latest commercial off-the-shelf (COTS) telecommunications technology brought in by China's access to the foreign joint ventures and international commercial markets.
The report goes on to warn that joint ventures of the Symantec Huawei type could lead to a risk of intellectual property theft and long-term erosion of competitiveness for Western firms.
The close relationship between China’s large multinational telecoms and hardware-makers and the PLA also creates a potential for state-sponsored or directed attacks against the supply chain for equipment used by military, government and private industry, the report warns.
This is, of course, all territory we’ve visited before, with the US House of Representatives already investigating (PDF) the national security risk posed by the likes of Huawei and ZTE, although the report should get more than a cursory read in Washington, given its author and the amount of detail it goes into.
Huawei in particular has come in for a huge amount of scrutiny, given president and CEO Ren Zhengfei served in the People’s Liberation Army while a US intelligence report last year tied chairwoman Yun Safang to the mysterious Ministry of State Security.
The firm was even forced to walk away from a proposed acquisition of server biz 3Leaf after pressure from the United States government.
It’s also interesting to compare the current Northrop Grumman report with its 2009 predecessor (PDF), which was much more circumspect about the role of academia and especially commercial technology enterprise in China’s military affairs.
These reports focus entirely on the threat posed by China, of course, so there is no mention of the fact that the US, UK and other nations obviously have their own offensive and defensive cyber warfare strategies.
The UK coalition takes this sort of thing particularly seriously, having upgraded cyber attacks to a tier-one threat, and in its Cyber Security Strategy released in November 2011 explained that GCHQ would be receiving more funds to help it detect attacks and counter-attack.
The document also revealed a new Cyber Defence Operations Group would be installed at the Ministry of Defence from next month. Overseen by Air Marshall Sir Stuart Peach, head of the new Joint Forces Command, the group will have a mission to develop "new tactics, techniques and plans to develop military cyber capabilities”.
For its part, China has always vehemently denied any allegations that it is involved in state-sponsored hacking, most notably last June when the Chinese ambassador told attendees at the Worldwide Cybersecurity Summit that the country was fully supportive of the fight against cyber crime.
It has been a little more reticent in explaining developments in the military, however. ®