Exclusive: China’s ‘Cyber Militia’ Threat
by WILLIAM R. HAWKINS
September 1, 2009
Melissa Hathaway has left her job as Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils.President Barack Obama announced his intention to create a top White House cyber security “czar” in a high-profile speech on May 29th, appointing Hathaway to serve in that role during the interim. In his May remarks, the president warned, “it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government or as a country.”
Though the presidential speech was widely heralded for focusing attention on the cyber war danger, several people have turned down offers to take the job of security “czar.” The tasks of coordinating multiple agencies, defending federal networks, and helping protect private industry would be a heavy responsibility in a politically defined White House position.
On June 23rd, the Pentagon announced a new Cyber Command to wage digital warfare. Defense Secretary Robert Gates established the unit under the U.S. Strategic Command, the same command that controls the American nuclear deterrent and retaliatory forces of ICBMs, bombers and missile submarines. It is interesting to note that China’s Second Artillery Corps, which .is similarly responsible for Beijing’s nuclear arsenal, is also the leading command for cyber warfare. Both powers see the connection, to use the USSC language, “to deter attacks on U.S. vital interests, to ensure freedom of action in space and cyberspace, to deliver integrated kinetic and non-kinetic effects to include nuclear and information operations in support of U.S. Joint Force commander operations.” Or to use a Chinese term, cyber operations, like nuclear strikes, are part of the concept of “unrestricted warfare.”
The U.S. Cyber Command will commence operations this October, but will not be fully operational until October 2010. It was thus not up and running when a massive cyber attack was launched against computer networks during and after the 4th of July weekend. The Pentagon, White House, National Security Agency, Homeland Security Department, State Department, the NASDAQ stock exchange, The Washington Post newspaper and other sites were all hit. The assault involved more than 100,000 “zombie” computers, linked together in a “botnet” cable of overwhelming targeted systems with a “denial of service” attack. Most of the computers were taken over and used without the owner’s consent by the botnet and were located in many countries including South Korea, Japan, China, and even America. Officials in the United States and South Korea, which also came under sustained attack, suggested that North Korea was behind the assault as another way to demonstrate its increasingly belligerent attitude.
In May, the South Korean Yonhap news agency had run a story about a North Korean cyber warfare unit established to hack into U.S. and South Korean military networks to gather information and disrupt service. The unit reportedly has about 100 personnel, mostly graduates of a Pyongyang university that teaches computer skills, according to unidentified intelligence sources. The story ran a day after the South Korean Defense Ministry had signed an accord with the Pentagon to strengthen cooperation in fighting cyber threats.
The U.S. military relies on 15,000 networks and about seven million computers, which are under some form of attack on a daily basis. Several thousand computers in the Defense Department have been infected by malicious software. The F-35 Joint Strike Fighter program has been hacked. Last spring, the Pentagon released a report citing China as the apparent source of repeated intrusions into U.S. military computer systems. Private firms are more vulnerable than the government because they have not implemented much in the way of security measures even though a vast amount of intellectual property has been stolen. In 2007, Alan Paller of the Internet security company SANS Institute testified to the U.S.-China Economic and Security Review Commission that the ten most prominent U.S. defense contractors, including Raytheon, Lockheed Martin, Boeing, and Northrop Grumman, were victims of cyber espionage through penetrations of their unclassified networks.
A cyber network dubbed "GhostNet" has broken into computer systems in more than 100 embassies, foreign ministries and government offices, mostly in Asia. Ghostnet was exposed by Canadian investigators at the Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies. Its origin was traced back to attempts by “patriotic” Chinese hackers to break into and take control of networks run by Tibetans protesting Beijing’s occupation of their homeland.
"We have been seeing this kind of overlap between government security forces and patriotic hackers since the mid- to late-‘90s, involving attacks against Falong Gong and Tibetans," said James Mulvenon, director of the Center for Intelligence Research and Analysis in Washington, in a July 6th Defense News story. "The difference is that back then, these attacks started with hackers, leaving a question over state control," he said, adding. "Now it appears China and Russia see it as a legitimate tool of national power. There can be little doubt that the Chinese attacks are government-sponsored.”
The 2009 report on China’s Military Power published by the Office of the Secretary of Defense (OSD) notes that Beijing’s “armed forces continue to develop and field disruptive military technologies, including those for anti-access/area-denial, as well as for nuclear, space, and cyber warfare, that are changing regional military balances and that have implications beyond the Asia-Pacific region.” Cyber warfare is included as part of China’s “Assassin’s Mace” programs meant to deliver fatal blows by striking at an enemy’s vulnerable points.
The OSD report states, “In 2008, numerous computer systems around the world, including those owned by the U.S. Government, continued to be the target of intrusions that appear to have originated within the PRC [People’s Republic of China]…. It remains unclear if these intrusions were conducted by, or with the endorsement of, the PLA [People’s Liberation Army] or other elements of the PRC Government. However, developing capabilities for cyber warfare is consistent with authoritative PLA military writings on the subject.”
The development of cyber militias is consistent with the Chinese concept of People’s War where civilian resources are mobilized for the national effort. Timothy L. Thomas, who works for the Foreign Military Studies Office of the U.S. Army Training and Doctrine Command, is the author of Dragon Bytes; Chinese Information-War Theory and Practice. He argues, “High-technology allows the masses to participate in and support war more easily. The military and civilian compatibility of high technology allows for greater diversity in how masses take part. People’s War is more dependent on the buildup of war energy, is intense and fast paced. The new characteristic is exploiting the country’s overall national strength to the maximum extent.” The Chinese talk of “take home battles” where hackers wage global war with their home computers and laptops. There is evidence that some military reservists and civilian experts are being formed into cyber militia regiments. Thomas’ examination of Chinese writings on the subject leads him to conclude that Beijing’s strategists envision a “war of annihilation” in cyber space.
According to an August 3rd report on StrategyPage.com, three years ago Beijing organized the "Red Hackers Alliance" (RHA), a civilian organization composed of “patriotic” Chinese computer experts. “The RHA has a paid staff, including university trained network security experts. Officially, the RHA provides training and advice about network security. But the RHA has also apparently absorbed the thousands of Chinese hackers who used to belong to informal hacker organizations,” reports the site run by renowned military commentators James Dunnigan, Austin Bay, and Al Nofi.
Starting with the 1991 Gulf War, and extending through the Balkan interventions to the 21st century wars in Iraq and Afghanistan, the Chinese have carefully watched as the U.S. military has become dependent on “netcentric” systems for command and control; a process the Pentagon continues to pursue. Computer networks and space-based communications and observation systems give the United States the high ground in modern combat, but only if those systems remain functional. Beijing aims to destroy these links to level the playing field, either for their own forces or in support of proxies.
According to the 2008 report of the U.S.-China Economic and Security Review Commission, a bi-partisan panel of experts chartered by Congress, Chinese military strategists view the U.S. dependence on space assets and information technology as its “soft ribs and strategic weaknesses.” The Commission urged Congress to “provide additional funding for military, intelligence, and homeland security programs that monitor and protect critical American computer networks and sensitive information.” It called on “the administration to engage in consultations with its allies on an alliance based approach to dealing with cyber attacks originating in China.”
The Commission also “recommends that Congress assess the security and integrity of the supply chain for computer equipment employed in those government and contractor networks – particularly those used by the Department of Defense – and, if necessary, provide additional funding to ensure the acquisition of equipment from trustworthy sources.” The heavy use of outsourcing of computer and consumer electronic production to China, not only by American but also Japanese, Taiwanese and South Korean firms, has helped create the Chinese cyber threat to the homelands of these very corporations. They have given Beijing technology and a manufacturing base, making their own networks more vulnerable. The larger strategic diseconomies from trading with potential adversaries swamp the benefits gained from private business transactions.
In an interconnected, global environment where technology has created a so-called “flat” world, national security must be a constant concern. As in older eras, when a country lacks natural frontier obstacles to block raiders and invaders, artificial barriers must be constructed to defend the realm. Improved cyber warfare capabilities are necessary to stop attacks which can fly across the oceans even easier than ballistic missiles or satellites.
FamilySecurityMatters.org Contributing Editor William R. Hawkins is a consultant specializing in international economic and national security issues. He is a former economics professor and Republican Congressional staff member.