Tuesday, March 04, 2008

Review: U.S. Report on China's Military Cyber Capabilities

The U.S. Department of Defense's annual report to Congress on China's military capabilities includes a section on potential threats in cyberspace:
"Cyberwarfare Capabilities. In the past year, numerous computer networks around the world, including those owned by the U.S. Government, were subject to intrusions that appear to have originated within the PRC. These intrusions require many of the skills and capabilities that would also be required for computer network attack. Although it is unclear if these intrusions were conducted by, or with the endorsement of, the PLA or other elements of the PRC government, developing capabilities for cyberwarfare is consistent with authoritative PLA writings on this subject.

• In 2007, the Department of Defense, other U.S. Government agencies and departments, and defense-related think tanks and contractors experienced multiple computer network intrusions, many of which appeared to originate in the PRC.

• Hans Elmar Remberg, Vice President of the German Office for the Protection of the Constitution (Germany’s domestic intelligence agency), publicly accused China of sponsoring computer network intrusions “almost daily.” Remberg stated, “across the world the PRC is intensively gathering political, military, corporate-strategic and scientific information in order to bridge their [sic] technological gaps as quickly as possible.” Referring to reports of PRC infiltration of computer networks of the German government, German Chancellor Angela Merkel said “we must together respect a set of game rules.” Similarly, in September 2007, French Secretary-General of National Defense Francis Delon confirmed that government information systems had been the target of attacks from the PRC.

• In addition to governments, apparent PRC origin network intrusions targeted businesses. In November 2007, Jonathan Evans, Director- General of the British intelligence service, MI 5, alerted 300 financial institution officials that they were the target of state-sponsored computer network exploitation from the PRC."
However, this is the totality of the discussion on information warfare. The report has a detailed analysis of other, physical capabilities and threats, China's military strategy, etc. yet the only other mention or analysis of cyber threats is a small sentence under asymmetric warfare capabilities stating Chinese interest in "cyber warfare against civilian and military networks – especially against communications and logistics nodes".

Complete analysis of the alleged cyber threat from China is impossible because most source information is classified. However, analysis of the wording of the report leaves some questions on the understanding of the threat. The report uses several "hedge words" or qualifiers such as:
"... intrusions that appear to have originated within the PRC."
"Although it is unclear if these intrusions were conducted by, or with the endorsement of, the PLA or other elements of the PRC government..."
These qualifiers, combined with the lack of any analysis of the threat and simply re-stating information from press articles, leaves more questions than answers concerning Chinese information warfare capabilities.

To further complicate any threat assessment, analysis of several attacks against commercial companies involving Chinese systems indicate the actual origin of the attacks more often leads to Russia or Eastern Europe systems that are simply using insecure Chinese systems as intermediaries.

ANNUAL REPORT TO CONGRESS: Military Power of the People’s Republic of China 2008

No comments: