Thursday, November 20, 2008

REVIEW: 2008 Report on US-China Economic and Security Review

The U.S.-China Economic and Security Review Commission has published its 2008 report to the U.S. Congress. As in previous years, the report discusses Chinese Cyber capabilities and initiatives. This year's report concludes:
"The Nature and Extent of China’s Space and Cyber Activities and their Implications for U.S. Security
  • Cyber space is a critical vulnerability of the U.S. government and economy, since both depend heavily on the use of computers and their connection to the Internet. The dependence on the Internet makes computers and information stored on those computers vulnerable.
  • China is likely to take advantage of the U.S. dependence on cyber space for four significant reasons. First, the costs of cyber operations are low in comparison with traditional espionage or military activities. Second, determining the origin of cyber operations and attributing them to the Chinese government or any other operator is difficult. Therefore, the United States would be hindered in responding conventionally to such an attack. Third, cyber attacks can confuse the enemy. Fourth, there is an underdeveloped legal framework to guide responses.
  • China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States. In a conflict situation, this advantage would reduce current U.S. conventional military dominance."
The report provides further details into U.S. perceptions of Chinese cyber capabilities and intentions including:
"China has an active cyber espionage program. Since China’s current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts."

"By some estimates, there are 250 hacker groups in China that are tolerated and may even be encouraged by the government to enter and disrupt computer networks. The Chinese government closely monitors Internet activities and is likely aware of the hackers’ activities. While the exact number may never be known, these estimates suggest that the Chinese government devotes a tremendous amount of human resources to cyber activity for government purposes. Many individuals are being trained in cyber operations at Chinese military academies..."

"In the past two decades, China has observed how the U.S. military has operated successfully overseas and also has noted that the United States in many cases utilizes a deployment or buildup phase. Examples include the first Gulf War, Kosovo, and Operation Iraqi Freedom. Due to the great distances in the Pacific area of operations, were the United States to think a conflict near China was probable, the U.S. military would begin its preparations with a deployment or buildup phase. China is depending on this and believes that, by cyber attacking U.S. logistics functions in the early buildup stages of a conflict, it can delay or disrupt U.S. forces moving to the theater. This conceivably could alter the course of a conflict over Taiwan."

The report discusses China's motivation to develop cyber warfare capabilities:
"...authors of China’s military doctrine have articulated five key elements. These elements are the following:
  • Defense. Many Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive.
  • Early use. PLA analysts believe that in many cases a vulnerable U.S. system could be unplugged in anticipation of a cyber attack. Therefore, for an attack to be truly effective, it must be launched early in a conflict before the adversary has time fully to protect itself.
  • Information operations. Cyber operations can be used to manipulate an adversary’s perception of the crisis, such as by planting misinformation. This could obviate the need for a conventional confrontation or advantageously shape an adversary’s response.
  • Attacking an enemy’s weaknesses. China’s strategists believe the United States is dependent on information technology and that this dependency constitutes an exploitable weakness.
  • Preemption. Many PLA strategists believe there is a first mover advantage in both conventional and cyber operations against the United States. Therefore, in order to succeed, they should strike first."
Finally, the report notes the vulnerabilities to telecommunication systems:
"The global supply chain for telecommunications items introduces another vulnerability to U.S. computers and networks. Components in these computers and networks are manufactured overseas— many of them in China. At least in theory, this equipment is vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation. In a recent incident, hundreds of counterfeit routers made in China were discovered being used throughout the Department of Defense. This suggests that at least in part, Defense Department computer systems and networks may be vulnerable to malicious action that could destroy or manipulate information they contain."

The full report is available at:


No comments: