Cyber Warfare: China’s Invisible Army
China relies on cyber warfare as a key part of its military and economic strategy. China’s offensive cyber warfare activities include hacking attempts into government defence departments, stealing business’s information, and paralyzing networks (Ball, 2011). China uses cyber warfare activities to maintain their economic position and deter foreign military actions (Carr, 2011) (Billo & Chang, 2004) (Fritz, 2008) (Hjortdal, 2011).
The term cyber warfare has taken on different definitions by different authors including “an art of fighting without spilling an opponent's blood” (Carr, pg. 2) and “using computers to attack other computers or networks” (Billo & Chang, 2004). Literature on the topic follows closer to Billo & Chang’s latter definition.
This blog summarizes the relevant open-source research on Chinese offensive cyber warfare to outline it’s offensive cyber activities and how their offensive cyber strategy impacts the U.S.
Summary of Facts
China’s offensive cyber organizational structure:
The People’s Liberation Army (PLA) is primarily responsible for China’s offensive cyber warfare activity. A U.S. Army official identified the PLA’s cyber warfare “attack” mandate as “operations to disrupt, sabotage and destroy information in enemy computer network systems using specialized equipment, software or firepower.” (Billo & Chang, 2004, Pg. 30). Along with the PLA, non-state actors, sometimes referred to as netizens, make-up another part of China's offensive cyber capabilities. China’s non-state hacking activities reportedly interact with the Chinese government (Klimberg, 2011; Ball, 2011) but carry a different role than the PLA. For example, the Chinese government will use private citizens for cyber espionage and to silence political dissenters (Carr, 2011, pg. 257). Specifically, the main motivations for netizens are nationalist causes (Klimburg, 2011, pg. 94). Together, the PLA focuses on attacking enemy networks, information, and technology while the netizens focus on political dissenters and cyber espionage; however, the two groups are not exclusively bound to those mandates.
Capabilities of China’s offensive cyber:
There is a capabilities gap between the PLA and the netizens. There’s no evidence that China’s non-state actors, the netizens, can exfiltrate, falsify, or steal critical data from highly secure servers (Ball, 2011, pg. 101). On the other hand, a PLA official identified that the Chinese government was capable of “shutting down military command centres and dominating banking systems” (Billo & Chang, 2004, pg. 30). Additionally, multiple countries have accused China’s intelligence services of attempting and successfully stealing sensitive information through hacking (Ball, 2011).
Although netizens are less technically capability than the Chinese government, they have still launched multiple disruptive cyber-attacks. In 2001, the netizens launched the “Code Red” attack originating from a Chinese university (Ball, 2011, pg. 103). The Code Red attack denies users access and defaces targeted websites (Ball, 2011, pg. 103). The attack’s most high profile target included the White House website but also affected millions of other servers leading to $2.6 billion in damage (Ball, 2011, pg. 103). Additionally, in 2008, CNN met with a group of netizens claiming to have hacked into and downloaded information from the Pentagon along with being paid by the Chinese Government (Ball, 2011, pg. 97). The association between the Chinese government and netizens highlights the difficulty between identifying the capabilities of the Chinese government versus the capabilities of private Chinese citizens (Klimburg, 2011). For example, Chines cyber-attacks can originate from university IT departments, the government, patriot-hacker teams, and cyber-crime syndicates (Klimburg, 2011, pg. 47-48).
Concerning the PLA, the organization is reportedly capable of conducting cyber warfare operations with national security effects, sometimes described as “electronic pearl harbour”. There’s no consensus on the potential impact of these operations (Billo & Chang, 2004, pg. 12). Worst-case scenario predictions by experts vary from the “benign to the apocalyptic” (Billo & Chang, 2004, pg. 12). On the benign side, a high profile cyber-attack knocks out power for a couple of hours or defaces high profile websites (Bello & Chang, 2004, pg. 12). On the apocalyptic side, opinions from experts with access to classified info estimate an “electronic pearl harbour” could slow down an entire economy because many enterprises’ activities depend on the internet (Bello & Chang, 2004, pg. 12).Ultimatly, the full extent of China's capabilities is difficult to determine as secrecy prevents a complete assessment (Bello & Chang, 2004).
Hjortdal identifies the following three main parts of China’s cyber warfare activities:
. deterring actions against the Chinese regime through hacking critical infrastructure,
. gaining technological knowledge on other country’s militaries and,
. industrial espionage to gain an economic advantage (2011, pg. 3).
The first part of China’s strategy looks to exploit critical infrastructure, such as electrical grids and hydro dams, to deter or slow potential military attacks. In 2009, MI5 and MI6 identified China could potentially shut down critical services including, water, power, and food (Hjortdal, 2011, pg. 8). The chief of counterintelligence in the U.S. also identified Chinese network operations in the U.S. electrical grid (Hjortdal, 2011, pg. 8). Critical infrastructure breaches can cause states to devote resources to recovery (Chasnoria, 2012, pg. 121) which could otherwise be used towards military support. Although these operations are not causing immediate damage, China may exploit them should conflict arise (Hjortdal, 2011).
Regarding the second part of China's strategy, China’s military technology lags behind the U.S. (Fritz, 2008) (Hjortdal, 2011), and export barriers from around the world block China from accessing the latest military technology (Fritz, 2008). To accommodate for this gap, China relies on espionage to steal military designs and blueprints to maintain their competitiveness (Fritz, 2008).
China’s economic espionage involves a combination of the two aforementioned strategies. China conducts economic espionage in sectors other than defence to improve competitiveness (Hjortdal, 2011). For example, MI5 and MI6 identified China stealing confidential commercial information from the computer systems of banks and financial firms (Ball, 2011, pg. 89). China also uses economic espionage to counter potential actions against the Chinese regime. In 2010, China conducted economic espionage on Google to access the g-mail accounts of Chinese dissidents and human rights activists (Ball, 2011, pg. 93).
Implications for the U.S.:
Several scenarios could lead to U.S. military action against China including disputes in the South-China sea, North Korea’s nuclear program, and Taiwanese independence (Gombert & Libicki, 2014, pg. 9-10). As mentioned before, China would look to disrupt any military action against their interests. In the event of a U.S. attack, fears exist that China would activate a “kill chain” disrupting U.S. sensors, networks, launchers, weapons, and control centres (Gombert & Libicki, 2014, pg. 8). Also, the U.S. military's dependence on IT could allow China to “degrade or delay” military mobilisation in a time-sensitive scenario (Ball, 2011, pg. 101). Ultimately, the threat of activating a “kill chain” serves as a deterrent against the U.S. from deploying conventional military engagement against China (Gompert & Libicki, 2014) (Hjortdal, 2011). However, studies generally agree that China would want to avoid a prolonged conflict with the U.S. due to inferior military and cyber capabilities (Ball, 2011) (Gompert & Libicki, 2014).
Additionally, with interconnected networks, a cyber-attack could be highly disruptive if U.S. allies were not prepared (Billo & Chang, 2004, pg. 13). This concept of allied defence has encouraged the U.S. to reach out to other countries, such as India, to establish cooperation on interdependent networks (Chasnoria, 2012, pg. 125). Cooperation between countries feeds the U.S. with timely information on potential cyber-attacks before they can impact U.S. and allied networks (Chasnoria, 2012).
Theoretically, for China, cyber warfare offers a borderless attack vector to undermine other countries’ interests from within Chinese territory (Chasnoria, 2012). Additionally, cyberspace does not act like a traditional arms scene like the cold-war, where the U.S. would have an advantage, because cyberspace attacks are cheaper to deploy and can have impacts similar to a military attack (Hjortdal, 2011).
Empirically, China is using an informal public-private partnership model in its offensive cyber warfare where the government can mobilize additional resources at a lower cost (Klimburg, 2011). The lower cost of cyber warfare allows China to compete with the U.S. economically and technologically through espionage (Fritz, 2008). Additionally, China’s targets for cyber warfare have expanded since the turn of the century (Chang & Bello, 2004) (Ball, 2011) causing more overlap between Chinese and U.S. interests (Gompert & Libicki, 2014). Looking to the future, countries should look to secure their networks and collaborate to detect potential Chinese attacks to lower the potential attack surface (Chasnoria, 2012) (Klimburg, 2011).
Ball, D. (2011). China’s Cyber Warfare Capabilities. Security Challenges, 7(2), 81–103. doi:
Billo, C., Chang, W. (2004). Cyber warfare: An analysis of the means and motivations of
selected nation states. Hanover, NH: Institute for Security Technology Studies at
Carr, J. (2011). Inside cyber warfare: mapping the cyber underworld. Sebastopol, CA: OReilly &
Chasnoria, M. (2012). DEFYING Borders In Future Conflict In East Asia: Chinese Capabilities
In The Realm Of Information Warfare And Cyber Space. The Journal of East Asian
Affairs, 26(1), 105–127. doi: 220.127.116.11
Fritz, J. (2008). How China will use cyber warfare to leapfrog in military competitiveness. The
Bulletin of the Centre for East-West Cultural and Economic Studies, 8(1), 28–80.
Retrieved from http://epublications.bond.edu.au/cm/vol8/iss1/2
Gompert, D. C., & Libicki, M. (2014). Cyber Warfare and Sino-American Crisis Instability.
Survival, 56(4), 7–22. doi: 10.1080/00396338.2014.941543
Hjortdal, M. (2011). China's Use of Cyber Warfare: Espionage Meets Strategic Deterrence.
Journal of Strategic Security, 4(2), 1–24. doi: 10.5038/1944-0418.104.22.168
Klimburg, A. (2011). Mobilising Cyber Power. Survival, 53(1), 41–60. Doi: