News stories on the cyber threat that China poses appear on a regular basis. Most underscore a view that China is using cyber power to rise and ultimately win global dominance, and that the Chinese government is behind the scenes in many malicious cyber activities. Many, including the US government, have accused the Chinese government and military of cyberattacks in which intellectual property has been stolen.
China’s academic discussion of cyber warfare started in the 1990s when it was called “information warfare.” Impressed by how the US military benefited from the application of high technologies in the Gulf War—and subsequent operations in Kosovo, Afghanistan, and Iraq—China began to realize that there is no way to adequately defend itself without following the changes in the forms of war in which high technologies, mainly information technologies, play more critical roles.
In 2003, the Central Committee of the Chinese Communist Party and China’s Central Military Commission officially approved the concept of “Three Warfares”, comprising psychological, media, and legal warfare. In 2004, one year after the Iraq War, the military’s PMS was changed from “winning local wars in conditions of modern technology, particularly high technology” to “winning local wars under conditions of informationization.” The basic understanding, as elaborated in China’s National Defense in 2004, is that “informationization has become the key factor in enhancing the warfighting capability of the armed forces.”
The first time that the Chinese military publicly addressed cyber warfare from a holistic point of view was in the 2013 version of “The Science of Military Strategy”—a study by the Academy of Military Science. It emphasized that cyberspace has become a new and essential domain of military struggle in today’s world. A similar tone appeared in the 2015 Ministry of National Defense paper entitled “China’s Military Strategy.”
Again, China’s Military Strategy describes the primary objectives of cyber capabilities to include: “cyberspace situation awareness, cyber defense, support for the country’s endeavors in cyberspace, and participation in international cyber cooperation.” The strategy frames these objectives within the aims of “stemming major cyber crises, ensuring national network and information security, and maintaining national security and social stability.”
The Belfer Center for Science and International Affairs at the Harvard Kennedy School recently published a detailed report on a National Cyber Power Index 2020 (NCPI), which creates a ranking system for the “cyber power” of 30 countries. The NCPI defines cyber power as a function of the country’s intent and capability using a set of 32 intent indicators and 27 capability indicators developed by the researchers. The indicators are grouped under seven broad objectives that countries pursue using cyber means, including surveillance, defense, offensive capability, manipulation of the information environment, intelligence, commercial and industrial growth, and norms.
The US, UK and China seem to fill the top 3 slots, based on analysis of 27 unique indicators and 1000 different data sources. China has been ranked as a top contender to displace the United States’ technological superiority. India ranks 21st in the overall NCPI ranking. It did not make it to the top 10 in any of these categories and is classified as a “low-intent, low capability” cyber power — certainly not good news for strategists in the most cyber-attacked nation in the world. Additionally, faced with an ongoing uncertain environment at India’s borders, with aggressive Chinese posturing turned into an occupation of territory Beijing has not disputed before is worrying for india’s planners.
One country’s cyber capability is evaluated by its technological research and development (R&D) and innovation capabilities; information technology industry companies; internet infrastructure scale; influences of internet websites; internet diplomacy and foreign policy capabilities; cyber military strength; and comprehensiveness of cyberspace strategy.
Cyber Offense capability
In February 2013, the Alexandria, Virginia-headquartered American cyber security firm Mandiant published a report that blew the lid off China’s cyber espionage operations. The Mandiant report documented evidence of cyber attacks by PLA Unit 61398, whose exact location and address in Pudong, Shanghai, the report revealed. Unit 61398 is the ‘Military unit Cover Designator’ (MuCD) of the PLA’s Advanced Persistent Threat (APT) unit that has been accused of several computer hacking attacks.
“We refer to this group as “APT1”, and it is one of more than 20 APT groups with origins in China,” the Mandiant report said. “APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.” According to the Mandiant report, APT1 had stolen billions of terabytes of data from 141 companies across 20 major industries.
“APT1”, the report said, “is believed to be the 2nd Bureau of the People’s Liberation army (PLA) General staff Department’s (GsD) 3rd Department, which is most commonly known by its Military unit Cover Designator (MuCD) as unit 61398. The nature of “Unit 61398’s” work is considered by China to be a state secret; however, we believe it engages in harmful “Computer Network Operations”. Unit 61398 is partially situated on Datong Road in Gaoqiaozhen, which is located in the Pudong New Area of Shanghai. The central building in this compound is a 130,663 square foot facility that is 12 stories high, and was built in early 2007. We estimate that Unit 61398 is staffed by hundreds, and perhaps thousands of people.” The report also said Unit 61398 requires its personnel to be trained in computer security and network operations, and to be proficient in English.
Cyber Defense capabilites
China has created a national data repository for information on cyber-attacks and required telecom firms, internet companies and domain name providers to report threats to it. The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.
“The building of national defense cyberspace capabilities is an important part of China’s military modernization,” the Foreign Ministry and the Cyberspace Administration of China, the country’s internet regulator, said in a strategy for global online cooperation on the ministry’s website. China will help in the military’s important role in “safeguarding national cyberspace sovereignty, security and development interests” and “hasten the building of cyberspace capabilities”, the strategy said, but also called on countries to “guard against cyberspace becoming a new battlefield.”
In a strategy paper released by Cyberspace Administration of China (CAC), China vowed to develop a cyber defense compatible with its international status as a major cyber power – a national goal with a development timeline by 2035.
China is also collaborating with Russia on Cyber Defence. They plan to create the telecommunication equipment capable of countering potential external cyber attacks, Russian Deputy Prime Minister Dmitry Rogozin said following 21st meeting of the Russian-Chinese Commission on Preparing Regular Meetings Between the Heads of State. China will continue to strengthen military to military relations with Russia to address new security challenges in the world, said Air Force General Xu Qiliang, vice chairman of the Central Military Commission.
China and Russia also will jointly protect the security interests of both countries and maintain regional strategic balance, Xu added. We discussed the critical dependence of the economy, and, in general, the political, economic, military and defense administration of the country, on the external impact on the information environment,” he noted.
China unveils its first civil-military cybersecurity innovation center
China has unveiled the nation’s first cybersecurity innovation center developed under the national strategy of civil-military integration, amid Beijing’s call to step up its national cyber defenses. The freshly-established center has set the ambitious goal of setting up a cutting-edge cybersecurity defense system for the military to help win future cyber wars. According to Wu Yunkun, president of the security group, the center will focus on building cyber defense systems for military-related internet services and a threat intelligence sharing mechanism for military users in the first stage.
It will work to encourage more small- and medium-sized companies to cooperate on technology R&D projects in order to guarantee the supply of cyber defense services that can meet practical combat requirements, Wu introduced. Specifically, the center wants to set up a special fund for cybersecurity innovation investment and teams of researchers that are supported by local governments, the military, and enterprises. It is also mulling to conduct a pilot study on cyber militia construction and to set up a mechanism to offer cyber emergency response services and advanced persistent threat (APT) analysis and monitoring services to the military and local government bodies.
Chinese cybersecurity firm to monitor online behavior in real time for cyber defense
Qi Xiangdong, chairman of China’s leading cybersecurity company, 360 Enterprise Security Group, said he thinks AI and big data-support is ready for a role in the development of China’s third-generation cybersecurity defense system. “A cybersecurity system that monitors online behavior will be more efficient. Based on big data and AI behavioral analysis, the third-generation system will be able to identify an attack through intelligence on threats. Behaviors that go against the baseline set up by the system will be reported and warnings will be given,” Qi said, addressing a Thursday seminar on the sideline of the Beijing Cybersecurity Day exhibition.
He noted that the baseline can be adjusted to mark out abnormal behaviors that differ from usual ones. For example, if a user usually visits a certain company website only once a day, then its baseline will be identified as breached if the website is viewed over 1,000 times a day.
China’s first- and second-generation defense systems relied on blacklists and whitelists to screen out potential threats, but hackers can always find a way to get around such lists, and attackers can also hide their presence, Qi explained. The new defense system, like the previous ones, will mainly serve businesses and institutes rather than individuals. Hence, it will only look for abnormal activity targeting those institutes. “It will not put personal privacy at risk or damage personal information,” Qi stressed in an interview after the seminar.
A city or a nation’s basic infrastructure is the largest Internet of Things (IoT) nowadays—more accessible to the public than ever before, since many websites no longer grant access to certain groups for the sake of better protection. However, more freedom of access increases the risk of threats and attacks, making a heightened defense system for key basic infrastructures more urgent and necessary, according to Qi.
China’s top cyber defense system braves first international hacking test
China has for the first time invited international white hat hackers to test its latest cyber defense system, which successfully withstood over 500,000 attacks with no failure. Hosted by the Chinese Academy of Engineering (CAE) and Nanjing government, the unique hacker challenge, which ran from May 10 to 12 in Nanjing, eastern China’s Jiangsu province, tested the nation’s first set of equipment designed and manufactured under Cyber Mimic Defense (CMD) – an original theory proposed by CAE academician Wu Jiangxing in 2008.
This marked the first international hacking competition on China’s actual cyber defense system, making it stand out among capture the flag (CTF) competitions in which each team attacks other teams while defending their own. By setting up multiple sets of servers – like an octopus with tentacles, the special CMD system is able to continue defending even with glitches such as vulnerabilities and backdoors, which are currently a dangerous menace to almost all cyber facilities.
According to Wu, the system could only break if all hackers launched an attack on the same part of the system at the exact same time. However, the probability of such an attack is low. “Just like the consensus protocol used in blockchain technology: the larger the population, the harder it is to reach consensus,” he explained in an interview on Saturday on the sideline of the challenge.
As Wu predicted, the 22 elite hacking teams from China, Japan, Russia, Poland, and Ukraine failed to hack the CMD system, which consisted of web servers, routers, firewalls, and domains, all of which are commercially available products. During the three-day challenge, white hat hackers were first put under black box testing when they tried to break into the system, with no hints or tips offered. They then conducted white box testing when Trojans and backdoors were authorized to be put inside the CMD system.
“No team was able to completely break the full system, because all hacking teams launched their attacks under traditional cyber defense theories. That is also why we say CMD is a game-changing theory. The cybersecurity condition is no longer an easy, weak target. It can now hold its ground and is rather hard to break,” the academician said.