We are detecting, with increasing frequency, the appearance of doctrine and dedicated offensive cyber warfare programs in other countries. We have identified several, based on all-source intelligence information, that are pursuing government-sponsored offensive cyber programs. Foreign nations have begun to include information warfare in their military doctrine, as well as their war college curricula, with respect to both defensive and offensive applications. They are developing strategies and tools to conduct information attacks.
This chapter examines the military doctrines for cyber warfare being developed by the Russian Federation (RF), the People’s Republic of China, and the United States. Over 120 nations are engaged in developing this capability, and so a complete survey of each is beyond the scope of this book. Source material contained in this chapter includes published papers and speeches, as well as entries from official military journals. Readers are highly encouraged to look at all sources rather than cherry-picking only the “official” ones.
Of China, Russia, and the United States, it is Russia that has been the most active in the implementation of cyber attacks against its adversaries, which include Chechnya, Kyrgyzstan, Estonia, Lithuania, Georgia, and Ingushetia. Whether or not you accept that some, all, or none of these events occurred with the sanction of the Kremlin, each event has been instrumental in furthering RF policy, and the Kremlin has never acted to stop them. Hence the RF benefits.
Like China, Russian military interest in developing an information warfare (IW) strategy goes back to at least the mid-1990s, when the Duma Subcommittee for Information Security expressed suspicion that the recent purchase of telecommunications boards made in the United States contained a secret switch that, when tripped, would shut down Russia’s telephone system. This fear isn’t unique to Russia. For example, the United States has refused to purchase electronic boards from Chinese defense manufacturer Huawei for essentially the same reason. In Russia’s case, fear progressed to action, and a few years later, new faculty with advanced degrees in computer networks and information security were hired to teach at the FSB academy.
A report by the Institute for Security Technology Studies at Dartmouth College provides a detailed history of the buildup of RF cyber warfare doctrine, starting with their Revolution in Military Affairs (RMA) in the 1980s. Ever since then, Russia has been researching a wide variety of computer network attack (CNA) options, including logic bombs, viruses, microchipping, and other forms of weaponized malware.
Also like China, Russia considers the United States to be the leader and the instigator in a cyber arms race, and it has reportedly engaged in cyber espionage activities in an operation that the FBI dubbed Moonlight Maze.
Bob Drogin of the Los Angeles Times reported that the FBI was investigating cyber break-ins at a wide range of sensitive government facilities, including several US national laboratories, NASA, some unnamed defense contractors, and various universities conducting sensitive research. The FBI was able to trace the penetrations back to Russian servers within 20 miles of Moscow. Senator Robert Bennett took it one step further and placed the blame squarely on the doorstep of the Russian Academy of Sciences.
A few years later it was China’s turn with the massive—and some say still ongoing—cyber espionage effort code-named Titan Rain.
Russia soon moved from what contemporary cyber warfare theory terms computer network exploitation (CNE) to computer network attack during the latter days of the second Chechen war of 1997–2001 in an effort to control information flow. Chechen targets included kavkaz.org and chechinpress.com (now defunct) and were of sufficient size to knock both sites off the air.
Following Chechnya were joint cyber-kinetic attacks in Estonia and Georgia, and cyber-only attacks in Kyrgyzstan and Lithuania. In July and August 2009, escalating violence in Ingushetia was accompanied by denial of service (Dos) attacks against the main voice of protest against the Kremlin-controlled ruling government: http://www.ingushetia.org. The owner of the original site, Ingushetia.ru, was killed by Ingush police while in custody in August 2008.
What follows is an examination of Russian military doctrine and influences in information warfare, of which cyber is a component.
The FEP was founded by Gleb Olegovich Pavlovsky, born in Odessa on March 5, 1951. Pavlovsky self-identifies as a “political technologist,” which makes perfect sense in today’s connected world. He’s what Western technologists consider an early adopter, creating programs for the Russian Internet (RUNET) in its earliest days of existence, starting with the Russkiy Zhurnal and later the Internet-based ezines Gazeta.ru, Lenta.ru, and Inosmi.ru.
Pavlovsky’s leadership of FEP has been peppered with frequent Russian press articles that accuse him of dirty deeds supporting government power. For example, on December 4, 1997, an Obschchaya Gazeta article accused Pavlovsky of planting information detrimental to Boris Berezovskiy. The article reviewed Pavlovsky’s career path, pointing out his shift from Yeltsin opponent to Yeltsin supporter and his subsequent economic prosperity. On December 10, 1997, Moskovskiy Komsolets stated that Pavlovsky provided political analysis to government figures at the direction of Anatoliy Chubays, then head of the presidential administration.
A January 18, 1999, Ekspert article by Pavlovsky is quite prescient and suggests excellent connections. In the article, Pavlovsky states that Russian society demands a right-wing conservative government. As Pavlovsky says, “After a decade of unregulated, essentially uncontrolled changes in the country, a shift towards a strong authoritative state is preordained.” By August, Vladimir Putin was prime minister and by December he was acting president. Numerous Russian press articles from 1999 detail Pavlovsky’s rise as a trusted political operative who moved from supporting Yeltsin to Putin. Indeed, on December 24, 1999, Segodyna credited Pavlovsky with inspiring Putin’s new Center for Strategic Studies, which was tasked to work out plans for Russia’s future development.
Pavlovsky’s FEP was also an early force on the Russian Internet. FEP’s original website, FEP.ru, is no longer active, but archived information shows the website active from 1998 through 2007. The site touts FEP’s expertise in Internet operations, providing examples of sites FEP developed supporting Russian political figures and their campaigns. However, contemporaneous press articles accuse Pavlovsky of disseminating disinformation via the same routes.
A few years later, the Kremlin favored the publishing houses of Konstantin Rykov’s Newmedia Stars, as well as Dni.ru, Vzglyad.ru, and the video portal Rossiya.ru. Rykov was rewarded with a seat at the State Duma.
Today the new favorites include Pravda.ru, Yoki.ru, Elektorat.info, and Politonlayn.ru, all published by Vadim Gorshenin, who is friendly with former United Russia PR chief Konstantin Kostin, deputy chief of the presidential staff’s Domestic Policy Administration since 2008.
In 2008, the Kremlin’s focus was more honed to monitoring rather than propaganda, and these efforts were primarily run from Gleb Paylovsky’s FEP and Vadim Goreshenin’s Pravda.ru.
Konstantin Kostin described the effort:
We are called upon to provide monitoring in social milieus and social networks—real ones rather than Internet ones—of what is topical to these milieus and present the results in a public field.
Two years ago, Maksim Zharov, one of the authors of Chronicles of Information Warfare, used to work for Nikita Ivanov, then deputy chief of the Administration for Interregional and Cultural Ties With Foreign Countries of the President’s Staff and supervisor of the pro-Kremlin youth movements (i.e., the Nashi). Zharov earlier published (through Yevropa) an instruction manual for bloggers who want to “fight the enemies of Russia” in the blogosphere.
In spite of these shifts of interest on the part of the ruling party, Pavlovsky continues to be an influential voice in Russian politics as well as a human rights advocate. His organization created the Yevropa publishing house, the publisher of Chronicles of Information Warfare (English translation of the Russian name) by Maksim Sharov and Tomofey Shevyakov.
The book covers guidance provided by First Deputy Chief of Staff to the President of Russia and former GRU Intelligence Officer Vladislav Surkov. Surkov was also instrumental in creating official youth organizations such as Nashi that have played an important part in implementing Kremlin policy through a variety of methods, including hacking opponents’ computers.
Shortly after the Georgia conflict, Surkov held a closed-door conference with Russian spin doctors explaining how to use information as a weapon to fight Russia’s enemies (such as the government of Georgia). Those remarks have been captured by authors Sharov and Shevyakov as content for their book. The following is a quote from the introduction:
Net wars have always been an internal peculiarity of the Internet—and were of no interest to anyone in real life. The five-day war showed that the Net is a front just like the traditional media, and a front that is much faster to respond and much larger in scale. August 2008 was the starting point of the virtual reality of conflicts and the moment of recognition of the need to wage war in the information field too.
Although the FEP is not a part of the Armed Forces of the Russian Federation, it is part of the official voice of the Kremlin and a key player in orchestrating a response to anti-Kremlin speech or actions against both internal and external opponents. Since cyber warfare is frequently categorized as information warfare, the FEP is an important, albeit little-known, organization to watch.
The FEP’s hand in designing or shaping strategies is a subtle one, and its influence is often disguised or misinterpreted as “crowdsourcing,” i.e., a seemingly spontaneous outburst of nationalistic cyber attacks. While there is a pile-on mentality once an Information Operation has been launched, attribution is often disguised through a technique known by stage magicians as misdirection.
The National Forum of Information Security is an internationally sponsored annual event held in Moscow. “InfoForum-10,” as it was known in its February 2008 incarnation, featured a speech by Russian Deputy Chief of the General Staff Aleksandr Burutin entitled “Wars of the Future Will Be Information Wars.”[38]
According to Burutin’s biography at RussiaProfile.org, his appointment as a presidential advisor had nothing to do with Russia’s military industrial complex, which is the source for many advisors. Instead he descends from a military family, graduated from several military academies, and by 2003 had risen to deputy head of directorate of the Main Operational Directorate of the General Staff of the Armed Forces of the Russian Federation.
In April 2003, he was selected for his current position by then-President Vladmir Putin during one of Putin’s working holidays in the Sobolinaya Mountains. Days were spent skiing, while the President’s evenings were reserved for meetings with his advisors and various experts. General Burutin evidently made an impression because by the time he left the ski resort he had a new title: Presidential Adviser for Military and Defense Matters.
General Burutin opened his speech with a discussion of how science and technology are acting as agents of change in society as a whole and in the armed forces specifically. Kinetic force is having to make room for information superiority. He describes how in a future war the emphasis will shift to attacking “state and military control systems, navigation and communication systems, and other crucial information facilities.”
Burutin explains how the use of “information weapons” can be executed by a small specialized team, or even one expertly trained individual, without ever having to physically cross a state border.
The general refers to the same strategic benefit that his contemporaries in the People’s Liberation Army point to: the greater the technological achievements of a particular nation, the greater the vulnerability that nation has to a cyber attack against its networked infrastructure.
Predictably, Burutin obliquely refers to “certain nations” that are actively standing up a military cyber force. He then acknowledges Russia’s response:
For this purpose specialized subdivisions are being created in the armed forces and special services, conceptual documents regulating questions of preparation and conducting information operations are being developed, and appropriate training is being conducted.
Burutin goes on to discuss how Russia, as a world leader, has always been a target for lesser countries that aspire to Russia’s dominant position, through the use of relatively inexpensive communication strategies promulgating anti-Russian sentiment. He then proposes some additional measures that the RF should take to protect itself:
Systematic efforts to reveal threats in the information sphere and their sources, create a structural framework for the goals and tasks of ensuring information security in the field of defense and to realize these goals and tasks
Active counteraction to influence the consciousness of the population with the purpose of changing national ideology
Development of a domestic technological and production base in the field of information technologies
Increase of information and telecommunications systems security, as well as of the systems and means of introducing information technologies in weaponry and military equipment, and troop and weapons control systems
Improvement of the structure for ensuring information security in the area of defense
Preparation of experts in the field of ensuring information security
Burutin’s speech is pretty straightforward in terms of describing Russia’s approach to cyber warfare, or “information warfare,” which appears to be his preferred term.
Note that this speech was delivered in February 2008. He specifically called out the Northern Caucasus (i.e., Georgia) as a problem area. This adds another dimension to the cyber component of the Russia-Georgia conflict of August 2008.
There are five authors mentioned in this article from Moscow Military Thought (English), March 31, 2007 (an English translation appears in TheFreeLibrary.com): I.N. Dylevsky, S.A. Komov, S.V. Korotkov, S.N. Rodionov, and A.V. Fedorov. Unfortunately, little background information is available for some, and none appears available for others. Of the five, S. A. Komov is a Russian military theorist; Colonel Sergei Korotkov is attached to the Main Operations Department, General Staff of Armed Forces, RF; and A.V. Fedorov served in the FSB’s Directorate of Counterintelligence Support to Transportation.
This rather lengthy treatise explores the Russian perspective of what other nations are planning in the sphere of information warfare, and what the Russian Federation should be doing in light of those activities. The authors propose the following definition for information warfare:
[The] main objectives will be to disorganize (disrupt) the functioning of the key enemy military, industrial and administrative facilities and systems, as well as to bring information-psychological pressure to bear on the adversary’s military-political leadership, troops and population, something to be achieved primarily through the use of state-of-the-art information technologies and assets.
They also warn readers that the United States is already fully capable of embarking on “psychological and technical information operations,” and cite three documents to support their view:
DOD Directive No. 3600.1, Information Operations. October 2001
DOD Information Operations Roadmap. October 30, 2003
JP 3 - 13 Information Operations. February 13, 2006
Each of these documents is explored in “China Military Doctrine.”
To further boost the need for Russia to develop its own Information Operations (IO) capability, the authors go on to criticize the United States for not supporting UN efforts to ensure international information security:
In 1998, the Russian Federation suggested to the United Nations that it was necessary to consolidate the world community’s efforts in order to ensure international information security. Since then the General Assembly annually passes the resolution “Developments in the Field of Information and Telecommunications in the Context of International Security.” This fact reaffirms the importance of assuring international information security and the UN readiness to study and solve the problem. But progress in this matter is extremely slow on account of counterproductive attitudes displayed by the United States.
For example, this was the reason why a group of government experts on international information security that operated under the auspices of the First Committee of the UN General Assembly from 2004 to 2005 failed to realize the results of its work. The stumbling block was the Russian Federation’s motion (supported by Brazil, Belarus, China and South Africa) on the necessity of studying the military-political component of a threat to international information security.
As is to be regretted, the U. S. is consistent in its reluctance to address the information security problem at the international level. At the 60th and 61st General Assembly sessions it was the only state to vote against the said resolution. It cannot be ruled out that Washington will behave similarly towards a new group of government experts the UN is setting up in 2009.
Predictably, much of this document paints US policies in a negative light, even to the point of accusing it of fostering the “flower revolutions” that have taken place in the countries that used to make up the Soviet Union and are now known as the Commonwealth of Independent States (CIS):
A case in point is the moral-psychological and political-economic aftermath of a string of “flower” and “color” revolutions masterminded in a number of countries contrary to the will of their peoples (the “rose revolution” in Georgia, the “orange revolution” in Ukraine, the “purple revolution” in Iraq, the “tulip revolution” in Kyrgyzstan, and the “cedar revolution” in Lebanon). For the masterminds of the “flower revolutions” there was an instant spin-off from bringing to power the desirable leaders and governments. But with the passage of time it became clear that political crises in the countries in question and, as a consequence, their economic decline could not be surmounted.
Ironically, Russia waged its own style of information warfare on those very nations, including Chechnya (in 2002), Kyrgyzstan (in 2005 and 2009), Estonia (in 2007), Lithuania (in 2008), and Georgia (in 2008) in the form of network and government website attacks by nonstate hackers.
There are a few key sections that directly apply to the Kremlin keeping its distance from the activities of its nationalistic hackers during each of the aforementioned examples:
In our view, isolating cyber terrorism and cyber crime from the general context of international information security is, in a sense, artificial and unsupported by any real objective necessity. This is because the effect of a “cybernetic” weapon does not depend on the motivation of a source of destructive impact, whereas it is primarily motivation that distinguishes acts of cyber terrorism, cyber crime, and military cyber attacks. The rest of their attributes may be absolutely similar. The practical part of the problem is that the target of a cyber attack, while in the process of repelling it, will not be informed about the motives guiding its source, and, accordingly, will be unable to qualify what is going on as a criminal, terrorist or military-political act. The more so that sources of cyber attacks can be easily given a legend as criminal or terrorist actions.
After establishing the tactical importance of maintaining a “legend” or cover for an act of cyber warfare to be indistinguishable from an act of cyber crime or cyber terror, the authors go on to decry efforts of the United States to secure international legislation that might infringe on a state’s internal affairs in these matters:
International legal acts regulating relations arising in the process of combating cyber crime and cyber terrorism must not contain norms violating such immutable principles of international law as noninterference in the internal affairs of other states, and the sovereignty of the latter.
Moreover, politically motivated cyber attacks executed on orders from governmental structures can be qualified as military crimes with all the ensuing procedures of investigation and criminal persecution of the culprits. Besides, military cyber attacks can be considered as a subject of international public law. In this case, we should speak about imposing restrictions on development and use of computers intended to bring hostile influences to bear on objects in other states’ cyberspace.
In any event, the military policy in the area of international information security where it involves opposition to cyber terrorism and cyber crime should be directed at introducing international legal mechanisms that would make it possible to contain potential aggressors from uncontrolled and surreptitious use of cyber weapons against the Russian Federation and its geopolitical allies.
They attempt to make a case for international regulations that would limit the ability of Western nations to support opposition parties in the breakaway republics now known as the CIS:
A case in point illustrating a foreign interference in the affairs of a sovereign state was the use of numerous English and Russian websites in support of the opposition forces in Kyrgyzstan during protests in November 2006. Published in the Internet, the opposition leaders’ appeals for mass-scale anti-presidential rallies led to a surge of popular unrest in the republic.
It’s interesting that they mention Kyrgyzstan and the opposition’s use of the Web to express dissent. Yet these authors attempt to make the debate about free speech rather than addressing the act of cyber warfare that was used by nonstate Russian hackers to silence the opposition’s Internet presence one year earlier during the Tulip Revolution (from a special report by the Open Net Initiative, February 28, 2005):
On February 26th an apparent Distributed Denial Of Service Attack (DDOS) temporarily disabled all websites hosted by major Kyrgyz ISPs (Elcat and AsiaInfo). These ISPs host the websites of many Kyrgyz political parties, media outlets and NGOs. The spike in traffic associated with the failure of Elcat’s and AsiaInfo’s hosting services led upstream ISPs in Russia and Europe to block access to Elcat’s and AsiaInfo’s IP addresses, so that web sites hosted by these ISPs are no longer accessible outside of Kyrgyzstan.
Misdirection is a tactic that the Russian Federation has successfully applied to its military strategy for many years, particularly during negotiations for nuclear disarmament with the United States. However, it has never been used so clearly or frequently as it has been in this century during times of cyber conflict.
In order to understand exactly how the art of misdirection is applied so adeptly to cyber events in Chechnya, Ingushetia, Kyrgyzstan, Estonia, and Georgia, it’s important to know about a very successful practitioner of misdirection, a famous stage magician named Ralph Hull.
Ralph rose to celebrity in the world of stage magic as a magician’s magician. In other words, his preferred audience consisted of other professionals like himself. He had long passed the stage where fooling an audience of “civilians” provided any satisfaction. Coming up with a trick that baffled other pros, however, was his ultimate goal. He succeeded in that goal with a card trick that he named “The Tuned Deck.”
Here is one possible delivery that Ralph’s audience would have heard as he performed his master trick:
Boys, I have a new trick to show you. It’s called The Tuned Deck.
This deck of cards is magically tuned. [Hull holds the deck to his ear and riffles the cards, listening carefully to the buzz of the cards.] By their finely tuned vibrations, I can hear and feel the location of any card. Pick a card, any card...
A member of the audience would pick a card, look at it, and return it to the deck. Hull would then riffle the deck by his ear, and draw the very card the audience member selected.
No one ever figured out how he did that trick until after his death, when the details of “The Tuned Deck” were published. Hull’s secret was shockingly simple. He, like his colleagues, knew multiple ways to perform this trick. Let’s label them A, B, C, D, and E. When another magician guessed that Hull was using trick A, Hull would repeat the trick using B. If someone else recognized the trick as B, he would repeat it using trick C, and so on. Every time someone thought that they recognized his trick, he would immediately repeat the trick in a slightly different way, and no one expected him to revert back to a method that they had already named. Therefore, in the minds of his audience, it must be something new.
What does this have to do with Russian military strategy? Nothing. The misdirection wasn’t contained in anything that Hull did on stage. The genius of Ralph Hull wasn’t in what he did; it was in what he said. It was in how he named his trick—“The” Tuned Deck.
By using the word “the,” he created an image of a single trick in the minds of his audience, when in reality he was performing multiple variations of one trick.
In discussing information warfare, both in speeches and in papers, Russian military officials point to a future capability that they are in the process of developing as a defense against US capabilities, which they claim are more advanced and already in place.
They define the debate by pointing to what their adversary is developing and therefore what they must develop to defend their homeland. Having defined what Information Warfare is, they will then argue for a treaty regime that limits development of those capabilities. And here is the artfully applied misdirection of the Russian government.
The Kremlin will negotiate on military capabilities that they haven’t used, but will not negotiate on their civilian hacker assets that they have used. In fact, the latter is considered an internal criminal matter not open to international negotiation at all.
This was clearly seen in a story reported in the New York Times on June 27, 2009, entitled “US and Russia Differ on a Treaty for Cyberspace.”
Washington was pushing for more international cooperation among law enforcement agencies, similar to the Council of Europe Convention on Cybercrime, which has been signed by 22 nations, excluding Russia and China.
Moscow prefers a nonproliferation treaty similar to what’s in place for weapons of mass destruction (chemical, biological, nuclear), but it vigorously resists any attempt to allow international law enforcement to pursue cyber criminals within its borders.
As the Chinese have said, losers in IW will not just be those with backward technology. They will also be those who lack command thinking and the ability to apply strategies. It is worth the time of the US analytical community to analyze IW strategies and tactics from all points of view, not just the empirical US approach.
—Lt. Col. Timothy Thomas, “Like Adding Wings to the Tiger”
Information technology is an area where, unlike industrial capacity or military hardware, no one nation can claim dominance. As a result, information technology and its military counterpart, information warfare, holds great appeal for the PRC, which has tremendous resources in its population size and the number of their high-quality math and science graduates.
People’s Liberation Army (PLA) officers began writing about information warfare at about the same time that the Internet browser became wildly popular: 1993. The instigating factor was the US display of technology in the first Gulf War, noticed and written about by General Liu Huaqing, the former vice chairman of the Central Military Commission. The U.S victory held special significance for the Chinese because Iraq was using weapons acquired from China and Russia. The resounding defeat of the Iraqi military was also a comment on the lack of effectiveness of Chinese hardware against an obviously superior force.
A second wake-up call for the Chinese arrived with the NATO action in Kosovo in 1999, which resulted in the bombing of the Chinese embassy. Although apologies were forthcoming, the action resulted in Chinese hackers attacking official US government networks, including the US Department of Energy and Interior websites.
In April 2001, when a US EP-3 Signals surveillance aircraft collided with a Chinese military aircraft, resulting in the death of the Chinese pilot, angry civilian hackers launched cyber attacks against US networks. These events did not go unnoticed by PLA officers, who observed how computer warriors could leverage technological dependencies by a superior force in an effort to gain an asymmetric advantage.
A recent study uses US joint doctrine as a construct to highlight the differences between Chinese and American IW. Kate Farris argues that “the US tends to focus on the CNA aspect of IW, while the Chinese take a more broad perspective, emphasizing pillars such as PSYOP, Denial, and Deception.” While my selection of Chinese literature persuasively supports this assessment, the current state of Chinese IW is simply too immature and not understood well enough to reach any definitive conclusion.
The inherent problem with a technologically advanced military force is its dependence on technology. The more complex a network, the more vulnerable it is. Major General Wang Pufeng wrote in 1995: “There is a question of how to use weakness to defeat strength and how to conduct war against weak enemies in order to use information superiority to achieve greater victories at a smaller cost.”
In 1995, Pufeng, often referred to as the “father of information warfare,” wrote his influential book The Challenge of Information Warfare, wherein he saw information warfare as a critical factor for China’s future modernization plans:
In the final analysis, information warfare is conducted by people. One aspect is to cultivate talent in information science and technology. The development and resolution of information warfare can be predicted to a great degree in the laboratory. Information science and technology talent are the forerunners of science and technology research.
Today, Chinese students regularly place at the top of international science and math challenges, far above their peers in the United States. In a 2003 math, science, and reading assessment involving 250,000 students from 41 countries, China (Hong Kong) ranked #1 in science and #3 in math. Many of those students will go on to receive advanced degrees from US universities such as Stanford and MIT, and some may serve as officers in the People’s Liberation Army. In 2006, two Chinese universities contributed more Ph.D.s to American university graduate programs than any other nation, including the United States (http://www.nsf.gov/statistics/infbrief/nsf08301/).
The Chinese government sees information warfare as a true People’s War, meaning that they can recruit technical expertise from their civilian population. Timothy Thomas wrote about this in his essay “Adding Wings to Tigers”:
Wang Xiaodong, while analyzing a RAND IW document, observed that this study unknowingly outlined a People’s War in the information age.
Even as to government mobilized troops, the numbers and roles of traditional warriors will be sharply less than those of technical experts in all lines...since thousands of personal computers can be linked up to perform a common operation, to perform many tasks in place of a large-scale military computer, an IW victory will very likely be determined by which side can mobilize the most computer experts and part-time fans. That will be a real People’s War.
In line with this concept of organizing a civilian cyber militia, there are reports of actual IW drills being conducted within Chinese provinces, such as Hubei in 2000. According to Xu Jiwu and Xiao Xinmin, in their article “Civil Networks Used in War” (Beijing Jiefangjun Bao), an IW exercise was held in the city of Ezhou that demonstrated the rapid mobilization of civilian networks, such as cable television stations, banking networks, telecommunications, and other linked systems, to serve as offensive IW units in times of war.
This is a further example that China’s political leaders are well aware of their shortcomings in traditional warfare and are trying to maximize their assets, civilian and military, to gain additional strategic leverage. From their perspective, the key filters for decision making are US military superiority, China’s aging military technology, and how best to prepare for the next military conflict.
China views future conflicts in the same way that the United States does—as limited engagements rather than total war. To that end, according to Peng and Yao, “what is emphasized most is the combined use of many types of military, political, economic, and diplomatic measures” (Peng Guangqian and Yao Youzhi, eds., The Science of Strategy, Beijing: Military Science Press, 2001).
The goal is not to crush an opponent but to make the cost of warfare unacceptable. RAND expert James Mulvenon quotes from Lu Daohai’s “Information Operations”(Lu Daohai, Information Operations: Exploring the Seizure of Information Control, Beijing: Junshi Yiwen Press, 1999) to make this point:
Computer warfare targets computers—the core of weapons systems and command, control, communications, computers, and intelligence (C4I) systems—in order to paralyze the enemy...[and to]...shake war resoluteness, destroy war potential and win the upper hand in war.
The specific tools of offensive and defensive IW include:
Physical destruction
Dominance of the electromagnetic spectrum
Computer network warfare
Psychological manipulation
Interestingly, these capabilities almost mirror US doctrine on IW, such as the US Air Force’s “Six Pillars of IW” and “Joint Vision 2010.” The People’s Liberation Army has also obtained and translated copies of JP3-13.1, “Joint Doctrine for Command and Control Warfare,” according to RAND’s James Mulvenon.
Consequently, PLA strategists use the same terminology as that of the US Armed Forces: CNO (computer network operations), CNA (computer network attack), CND (computer network defense), and CNE (computer network exploitation).
Priority of these components begins with CNE, since the People’s Republic of China believes that it is presently the target of computer network attacks by the United States.
CNA is believed to be most effective at the very beginning of a conflict and may be used for maximum effect as a preemptive strike. Ideally, if the CNA is disruptive enough, it may end the conflict before it progresses to a full-scale war.
Targets of interest for a network attack include “hubs and other crucial links in the system that moves enemy troops as well as the war-making machine, such as harbors, airports, means of transportation, battlefield installations, and the communications, command and control and information systems” according to Lu Linzhi in his article “Preemptive Strikes Crucial in Limited High-Tech Wars” (Jiefangjun bao, February 14, 1996).
US vulnerability to this strategy was recently underscored with the release of the FAA Inspector General’s report on the state of Air Traffic Control (ATC) network security. One of the findings revealed that only 11 of the hundreds of ATC systems were protected by mandatory intrusion detection systems. The report goes on to state that some of the cyber attacks may have been successful in gaining control of ATC systems:
During Fiscal Year (FY) 2008, more than 800 cyber incident alerts were issued to the Air Traffic Organization (ATO), which is responsible for ATC operations. As of the end of FY 2008, over 150 incidents (17 percent) had not been remediated, including critical incidents in which hackers may have taken over control of ATO computers.
Anti-access is a strategy that the PLA has adopted to slow the advance or hamper the operational tempo of an opposing force into a theater of operations during time of war. The RAND Corporation released an excellent study on this strategy, authored by James Mulvenon and David Finkelstein, and it sheds additional light on how the PRC is planning to fight future wars.
They acknowledge up-front that “anti-access” per se is not a formal Chinese military strategy; rather, it is a way of summing up Chinese doctrine that addresses the problem of defeating a superior foe. In the case of the United States, that means recognizing US reliance on information networks as a significant vulnerability that, if exploited, could throw US plans into chaos and delay or suspend any impending attack.
Anti-access techniques have a broad range, up to and including triggering an electromagnetic pulse (EMP) device. Targets could include computer systems based in the United States or abroad, command and control nodes, space-based intelligence, surveillance, and reconnaissance and communications assets.
No one can say for certain who wrote these 36 martial proverbs; however, some Chinese historians date them as far back as the Southern Qi dynasty (479–502), which was about 1,000 years after Sun Tzu wrote The Art of War.
The 36 stratagems have a darker connotation than The Art of War, focusing solely on acts of trickery, mischief, and mayhem—more the province of spies than soldiers. This makes the ancient document an inspiring resource for today’s Chinese nonstate hackers, who rely on creating ruses to trick unsuspecting Internet users into leaving the safety of their firewalls for dangerous terrain. It’s also interesting to note that, unlike Russia, China has never engaged in military action where cyber warfare was a component, allegedly opting instead for acts of cyber espionage:
- Stratagem #3: “Kill with a borrowed knife”
This stratagem advises “Attack using the strength of another (in a situation where using one’s own strength is not favourable).”
This could just as easily apply to the use of botnets as a means to launch DDOS attacks.
- Stratagem #8: “Openly repair the gallery roads, but sneak through the passage of Chencang”
This stratagem advises “Deceive the enemy with an obvious approach that will take a very long time, while surprising him by taking a shortcut and sneak up to him. As the enemy concentrates on the decoy, he will miss you sneaking up to him.”
Use backdoors or Trojan worms when attacking a network.
- Stratagem #10: “Hide a knife behind a smile”
This stratagem advises “Charm and ingratiate yourself with your enemy until you have gained his trust. Then move against him.”
This could describe phishing schemes or other social engineering attacks.
- Stratagem #15: “Lure the tiger out of the mountain”
This stratagem advises “Hold out baits to entice the enemy.”
This refers to luring an opponent from a position of strength, such as being protected by a firewall and updated anti-virus program, to a position of weakness or vulnerability. One way to accomplish this is with the adoption of social engineering techniques to get the target to accept a fake email as genuine and open a compromised attachment or click on an infected link.
- Stratagem #17: “Tossing out a brick to get a Jade gem”
This stratagem advises “Bait someone by making him believe that he gains something and obtain something valuable from him in return.”
This could equate to a social engineering technique used to get the target to click on a link or visit a website where information will be covertly collected without his knowledge.
- Stratagem #30: “The honey trap”
This stratagem advises “Send your enemy beautiful women to cause discord within his camp.”
In contemporary computer parlance, this could refer to a honey pot, which lures visitors to a rigged site that collects information about them.
The 36 stratagems, like The Art of War, still plays a large role in shaping Beijing’s military strategy. Western policymakers should be familiar with both historical documents if they wish to understand the strategy underpinning the Chinese threat landscape.
The US armed forces have produced more of a paper trail on how cyber warfare is to be conducted than any other nation. In fact, as has been mentioned earlier in this chapter, the PRC and to some extent the Russian Federation have based their own doctrine on what has been published in the following manuals:
DOD Directive No. 3600.1, Information Operations. October 2001
DOD Information Operations Roadmap. October 30, 2003
JP 3-13 Information Operations. February 13, 2006
The question of who controls the US cyber warfare mission has been a hotly contested issue over the past several years. The US Air Force, Army, and Navy all have their own cyber operations, but overall command for conducting CNO has been assigned to the US Strategic Command (USSTRATCOM), and the National Security Agency (NSA) has the mission of defending all US military networks.
The connection between the NSA and USSTRATCOM occurs at the Joint Functional Component Command (JFCC) level, known as the Joint Functional Component Command—Network Warfare, whose commander is also the director of the NSA. What follows is the official definition of Network Warfare, as written in Joint Publication 3.13:
[T]he employment of Computer Network Operations (CNO) with the intent of denying adversaries the effective use of their computers, information systems, and networks, while ensuring the effective use of our own computers, information systems, and networks. These operations include Computer Network Attack (CNA), Computer Network Exploitation (CNE), and Computer Network Defense (CND).
Its important to note that USSTRATCOM is not the sole command authority in this complex arena. JP3.13 goes on to state that:
CDRUSSTRATCOM’s specific authority and responsibility to coordinate IO (Information Operations) across AOR and functional boundaries does not diminish the imperative for the other combatant commanders to coordinate, integrate, plan, execute, and deploy IO. These efforts may be directed at achieving national or military objectives incorporated in TSCPs (Theater Security Cooperation Programs), shaping the operational environment for potential employment during periods of heightened tensions, or in support of specific military operations.
Although terms have been created and defined, a cohesive strategy on cyber warfare that addresses where, when, and how it is to be implemented remains elusive. One reason for that is the fact that it is highly classified. Another is that it is still being developed.
There are numerous problems that confront the military planners who are attempting to create this doctrine, not the least of which is attribution and deterrence. How should the United States respond to a cyber attack against its networks if it cannot unequivocally prove attribution? How can a deterrence policy be effective if opposing states know that their cyber activities can be conducted anonymously?
Another problematic area is the longstanding US policy of domain dominance, which basically says that the United States will control air, land, sea, and space to such an extent that it will have freedom of access to each, as well as the ability to deny access to each to its opponents. Cyberspace, as a global electronic medium, cannot be dominated or controlled by any one nation.
Then there is the expectation that rules of engagement (ROEs) will apply to cyber warfare. Some of the issues surrounding ROEs were made clear in a recent National Academy of Sciences report titled “Technology, Policy, Law and Ethics Regarding US Acquisition and Use of Cyber Attack Capabilities”:
- When to execute a cyber attack
What are the circumstances under which a cyber attack might be authorized?
- Scope of a cyber attack
What are the entities that may be targeted?
- Duration of a cyber attack
How long should a cyber attack last?
- Notifications
Who must be informed if a cyber attack is conducted?
- Authority for exceptions
What level of authority is needed to grant an exception for standing ROEs?
The Obama Administration will be making significant headway in these areas through 2012, but it is too early to expect any answers to these hard challenges to be forthcoming before the publication of this book.
[38] Source: Moscow Nezavisimoye Voyennoye Obozreniye (in Russian), a weekly independent military newspaper published by Nezavisimaya Gazeta.