The need to take the initiative, to go first, is dictated in part by the fact that actions taken in cyberspace move at a pace never before experienced in war (“cyberspace allows high rates of operational maneuver…at speeds that approach the speed of light…. [It] affords commanders opportunities to deliver effects at speeds that were previously incomprehensible”). Moreover, the strategy notes that if you do not act quickly, you may not be able to do so because “a previously vulnerable target may be replaced or provided with new defenses with no warning, rendering cyberspace operations less effective.” In short, if you wait for the other side to attack you in cyberspace, you may find that the opponent has, simultaneously with their attack, removed your logic bombs or disconnected the targets from the network paths you expected to use to access them. The strategy does not discuss the problems associated with going first or the pressure to do so.
The importance of cyberspace and cyber war to the U.S. military is revealed in the strategy’s declaration that “DOD will conduct kinetic missions to preserve freedom of action and strategic advantage in cyberspace.” Translated from Pentagonese, that statement means that rather than cyber attacks being just some support mechanism of a shooting war, the Defense Department envisions the need to bomb things in the physical world to defend against cyber attack, or to drive an enemy into networks that American cyber warriors control.
The strategic concept of deterrence is discussed in the strategy only insofar as it envisions a desired end state where “adversaries are deterred from establishing or employing offensive capabilities against US interests in cyberspace.” Since twenty or thirty nations have already established offensive cyber units, we apparantly did not deter them from “establishing.” The way to stop those nations from using that capability against us, however, is discussed as “inducing adversary restraint based on demonstrated capabilities.” However, the secrecy surrounding U.S. offensive cyber war weapons means that we have no demonstrated capabilities. By the logic of the U.S. military’s strategy, we therefore cannot induce adversary restraint. The strategy does not suggest a way around this conundrum, let alone recognize it. Thus, what is called a military strategy for cyber operations raises some of the key issues that would need to be addressed in a strategy, but it does not provide answers. It is not really a strategy, but more of an appreciation. To the extent that it provides guidance, it seems to argue for initiating combat in cyberspace before the other side does, and for doing all that may be needed to dominate in cyberspace, because to do otherwise would put other kinds of American dominance at risk.
Buried in the document is, however, a realistic assessment of the problems facing the U.S. in cyber war: “threat actors can take advantage of [our] dependence” on cyberspace; and, “absent significant effort, the US will not continue to possess an advantage in cyberspace” and the U.S. will “risk parity with adversaries.” Put another way, the strategy does note the fact that other nations may be able to inflict cyber war damage on us equal to our ability to inflict it on them. It may actually be worse, because we have a greater dependence on cyberspace, which can play to the advantage of an attacker.
If the U.S. is so vulnerable, to whom is it vulnerable? Who are the other cyber warriors?
WAKE-UP CALL FROM KUWAIT
It may have been the first Gulf War that convinced the generals of China’s People’s Liberation Army (PLA) that they needed a special advantage, an asymmetrical technical capability against the United States.
It was the first real war the U.S. had fought since Vietnam. In the decades before the 1990–91 Gulf War, the U.S. military had been relatively constrained abroad, by the continued presence of the Soviet Union and its nuclear arsenal. The invasions of Grenada by President Reagan and Panama by the first President Bush had been small engagements in our own backyard, and yet they had not gone terribly well. In those conflicts, U.S. military operations still showed the kind of dysfunction and poor coordination that marked the failed Desert One Mission in Iran in 1979 and helped to end the presidency of Jimmy Carter. Then came Desert Storm. President George H. W. Bush and his cabinet assembled the largest coalition since World War II. More than thirty nations coalesced against Saddam Hussein, bringing together more than 4,000 aircraft, 12,000 tanks, and nearly 2 million military personnel, all paid for by donations from Japan, Germany, Kuwait, and Saudi Arabia. The war was to mark a new era in international relations, what General Brent Scowcroft, President Bush’s National Security Advisor, went so far as to call a “new world order.” In it, the sovereignty of all nations would be respected and the mission of the United Nations would finally be fulfilled, now that the Soviet Union was no longer in a position to check such actions. Desert Storm was also the dawn of a new kind of warfare, dominated by the computer and other high technology to manage logistics and provide near-realtime intelligence. The Armed Forces Communications and Electronics Association, an American industry group, publicly documented just how dramatically the use of computer networks changed that war in its 1992 book, The First Information War.
While General Norman Schwarzkopf and the other military brass may not have been ready to use cyber weapons to take down the Iraqi air defense network, they were ready to embrace computer networks to target the enemy. The war fighters also loved the new breed of “smart weapons” that information systems technology made possible. Designed to replace traditional bombs that required many missions and many tons of munitions dropped to destroy a target, “smart bombs” were designed to put one bomb, and one bomb only, precisely on each target every time. They would greatly reduce the number of missions that needed to be flown and promised to nearly eliminate civilian collateral-damage casualties.
Of course, the “smart weapons” of 1991 were not so smart, and there were not too many of them. In the 1996 movie Wag the Dog, a fictional political operative named Conrad “Connie” Brean, played by Robert De Niro, claims that the famous missile down a chimney was done in a studio in Hollywood. “What’s the thing people remember about the Gulf War?” Brean asks. “A bomb falling down a chimney. Let me tell you something: I was in the building where we filmed that with a ten-inch model made out of Legos.” What De Niro’s character claimed wasn’t true, but the smart bombs of 1991 were overhyped. While the video was real, the tightly controlled media did not seem to realize that most of the bombs dropped were not precision munitions guided by lasers and satellites but “dumb” bombs, dropped in the thousands by B-52s. The smart bombs then were unreliable and in short supply, but they showed the direction that warfare was moving in, and they showed the Chinese that they were decades behind.
As Desert Storm unfolded, Americans sat glued to their TVs, watching those grainy videos of bombs being dropped down smokestacks. They cheered the renewed prowess of the once-again formidable American military. Saddam Hussein’s army was the fourth-largest in the world. His weapons, largely of Soviet make and design, the same as China’s arsenal, were mostly destroyed from the air before they could ever be used. The U.S. ground war lasted one hundred hours, following thirty-eight days of air strikes. Among those watching on television were the leaders of the Chinese military. The former Director of National Intelligence, Admiral Mike McConnell, believes that “the Chinese received a big shock when watching the action of Desert Storm.” Later they probably read The First Information War and other accounts and realized how far behind they really were. They soon began referring to the Gulf War as zhongda biange, “the great transformation.”
For a period of several years in the mid-1990s the Chinese talked very openly, for a Communist police state, about what they had learned from the Gulf War. They noted that their strategy had been to defeat the U.S. by overwhelming numbers if a war ever happened. Now they concluded that that strategy would not work. They began to downsize their military and invest in new technologies. One of those technologies was wangluohua, “networkization,” to deal with the “new battlefield of computers.” What they talked about publicly then sounds strikingl
y similar to what the U.S. Air Force generals were saying. Writing in his military’s daily paper, one Chinese expert explained that “the enemy country can receive a paralyzing blow through the Internet.” A senior colonel, perhaps thinking of the U.S. and China, wrote that “a superior force that loses information dominance will be beaten, while an inferior one that seizes information dominance will be able to win.” Major General Wang Pufeng, head of strategy at the military academy, wrote openly of the goal of zhixinxiquan, “information dominance.” Major General Dai Qingmin of the General Staff stated that such dominance could only be achieved by preemptive cyber attack. These strategists created “Integrated Network Electronic Warfare,” something similar to the Netcentric Warfare fad that was sweeping the Pentagon.
By the end of the 1990s, China’s strategists had converged on the idea that cyber warfare could be used by China to make up for its qualitative military deficiencies when compared to the United States. Admiral McConnell believes that “the Chinese concluded from the Desert Storm experience that their counter approach had to be to challenge America’s control of the battlespace by building capabilities to knock out our satellites and invade our cyber networks. In the name of the defense of China in this new world, the Chinese feel they have to remove that advantage of the U.S. in the event of a war.”
A recurring word in these Chinese statements was “asymmetry” likewise, the phrase “asymmetric warfare.” Much of what we know about China’s asymmetric warfare doctrine is contained in a slim volume translated as Unrestricted Warfare. The book, written by two high-ranking Chinese army colonels, was first published in 1999. It provides a blueprint for how weaker countries can outmaneuver status quo powers using weapons and tactics that fall outside the traditional military spectrum. The publishers of the most widely available English translation view the book as “China’s master plan to destroy America,” a subtitle the Americans added to the front cover of the U.S. edition. And in case the reader misses the point, the cover shows the World Trade Center engulfed in flames. A quote on the back, from a right-wing lunatic, claims that the book “is evidence linking China to 9-11.” Despite the right-wing rhetoric surrounding the U.S. edition, the book is one of the best windows through which we can understand Chinese military thinking on cyber war.
The book advocates tactics that have become known as shashoujian, the “assassin’s mace,” meant to take advantage of weaknesses created by an adversary’s seemingly superior conventional capabilities. The goal of the strategy is “fighting the fight that fits one’s weapons” and “making the weapons to fit the fight.” It proposes a strategy of ignoring the traditional rules of conflict, including, at its extreme, the prohibition on targeting civilians. It also advocates manipulating foreign media, flooding enemy countries with drugs, controlling the markets for natural resources, and joining international legal bodies in order to bend them to one’s will. For a book written a decade ago, it also places a heavy emphasis on cyber war.
This possible use of cyber war against a superior force does not mean that China is in fact intent on fighting the U.S., just that its military planners recognize that war with the U.S. is a contingency for which they must plan. The Chinese government has adopted the phrase “peacefully rising” to describe the country’s projected emergence as a (if not the) global superpower in the twenty-first century. Yet Admiral Mike McConnell believes that “the Chinese are exploiting our systems for information advantage, looking for the characteristics of a weapons system or academic research on plasma physics.” China’s rapid economic growth and dependence upon global resources, as well as its disputes with its neighbors (Taiwan, Vietnam), probably suggest to its military, however, that they have to be ready for possible conflict someday. And they are getting ready.
To the head of the U.S. military, Admiral Mike Mullen (Chairman of the Joint Chiefs of Staff), it all looks like it is aimed squarely at the United States. “[China is] developing capabilities that are very maritime focused, maritime and air focused, and in many ways, very much focused on us,” he said in a speech at the Navy League in May of 2009. “They seem very focused on the United States Navy and our bases that are in that part of the world,” he continued. The 2009 update of the annual report from the Office of the Secretary of Defense on the “Military Power of the People’s Republic of China” supports these claims. The Chinese have developed long-range radar that can see past our air base on Guam. They have developed antiship missiles that close so fast that none of our defense systems could intercept them. China has purchased one Russian Kuznetsov-class aircraft carrier and is currently in the process of refurbishing it at Dalian shipyard. They will soon have the capability to start constructing new carriers and have put in place a training program so that pilots will be qualified for carrier operations. They have strung over 2,000 missiles along the coast facing Taiwan and are adding more at the rate of 100 per year. They are close to deploying a missile with a 5,000-mile range that could give them a sea-based nuclear strike capability.
It all sounds a bit scary, but look closer and you will see evidence that the modernization alone is insufficient to counter U.S. conventional force superiority. China’s military budget is just a fraction of America’s. Allegedly only $70 billion, it is less than one-eighth of the Pentagon’s budget before adding in the costs of the wars in Afghanistan and Iraq. A U.S. carrier strike group is one of the most powerful conventional forces ever assembled. Consisting of up to a dozen ships, including guided-missile cruisers, destroyers, frigates, submarines, and supply ships, a carrier strike group can cover over 700 nautical miles in a single day, which allows it to go anywhere there is ocean within two weeks. The U.S. Navy boasts eleven carrier battle groups. To keep that force modern, the Navy is in the process of constructing three next-generation Ford-class carriers, with the first carrier set to be launched in 2015.
The Pentagon’s annual assessment, Military Power of the People’s Republic of China, for 2009 estimates that the former Russian aircraft carrier will not be operational before 2015. The consensus view in the U.S. intelligence community is that China is at least a decade away from being able to marshal a modern fighting force that is capable of convincingly defeating even a moderate-sized enemy like Vietnam. Not until 2015 will China be able to project significant power off of its shores, and only then in limited cases against an opponent less capable than the U.S. is now. Unless.
Unless…they can even things up by using cyber war against such things as U.S. carriers. The Chinese were always impressed by U.S. carriers, but their attention was heightened in 1996, when President Bill Clinton sent two U.S. carrier battle groups to protect Taiwan during one particularly nasty exchange of tough rhetoric between Beijing and Taipei. So the Chinese military followed its new strategy and developed a “virtual roadmap” for how to take down an aircraft carrier battle group in a paper titled “Tactical Data Links in Information Warfare.” This unclassified paper, written by two Chinese Air Force officers, relies on open source material, most of which can be pulled off the web, to illustrate how the information systems that the U.S. military relies on can be jammed or disrupted using relatively low-tech means.
These are the kinds of tactics that Unrestricted Warfare’s strategy articulates. The book recommends a program to steal a potential enemy’s technology, find flaws in it to exploit, and develop one’s own version as part of a program to create a modernized and smaller force. Not lost on Chinese military strategists, however, is the abililty of cyber weapons to skip the battlefield altogether. China has prepared in the event of war to inflict damage on the enemy’s home front, not with conventional weapons, but asymmetrically, through cyber attack. The two paths of improvement only make sense together. Even with the significant modernization of equipment, China will not be the equal of the U.S. military for many decades. However, if China can use asymmetrical tactics like cyber war, it believes the new, modern Chinese forces would be sufficiently advanced to take on U.S. forces that will have been crip
pled by Chinese cyber attack. Recently, Pentagon planners have had a scare put into them by an article in Orbis titled “How the United States Lost the Naval War of 2015.” In it, James Kraska paints a vivid picture of how in the near future China could take on the United States Navy and win.
THE EAST IS GEEK
From what we know of China’s cyber warfare capabilities and the espionage campaigns the Chinese have carried out, that two-pronged approach is exactly what the Chinese have undertaken. Since the late 1990s, China has systematically done all the things a nation would do if it contemplated having an offensive cyber war capability and also thought that it might itself be targeted by cyber war; it has
created citizen hacker groups,
engaged in extensive cyber espionage, including of U.S. computer software and hardware,
Cyber War: The Next Threat to National Security and What to Do About It Page 6