Truman National Security Project

Why Is Anyone Surprised by Chinese Cyber Activities?

By Gail Harris | 2.25.13

In the late 1980’s I was part of the U.S. Pacific Fleet Staff as an intelligence officer. I was in charge of the shop that monitored what the Soviet military was up to on a daily basis. On just another day at the office the Soviets conducted a long range missile test. The unarmed war heads dropped about 600 miles from Hawaii. Over the next few days, Hawaii was in an uproar and there was lots of stuff in the local papers about how awful it was.

I looked at a couple of my co-workers and asked: “Don’t people realize we’re in the midst of a Cold War and things like this are a common occurrence? Does the American public think the military is making up the Soviet threat? Don’t they realize there is a constant high stakes chess game going on between the U.S. and the Soviet Union and that at any time this Cold War can get very hot?”

This brings me to what I’d like to blog about. I experienced the same sort of reaction last week observing the public uproar when the security firm, Mandiant, put out an extensive report on what they believe to be China espionage activities saying:

“Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world. The majority of these security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). We first published details about the APT in our January 2010 M-Trends report. As we stated in the report, our position was that ‘The Chinese government may authorize this activity, but there’s no way to determine the extent of its involvement.’ Now, three years later, we have the evidence required to change our assessment. The details we have analyzed during hundreds of investigations convince us that the groups conducting these activities are based primarily in China and that the Chinese Government is aware of them.”

This suspected activity from China should come as no surprise to anyone. Government leaders and cyber security experts have long been sounding the alarm. Last year in the intelligence community’s annual worldwide threat assessment, the Director of National Intelligence, James Clapper stated:

“Cyber threats pose a critical national and economic security concern…among state actors, China and Russia are of particular concern”.

Every year the defense department does a report on military and security developments in China. In the 2012 report the conclusion was:

“Authoritative writings and China’s persistent cyber intrusions indicates the likelihood
that Beijing is using cyber network operations (CNOs) as a tool to collect strategic intelligence.”

Some may say, “Gail, are not these incidents primarily focused on economic espionage? Granted some defense companies were hacked but couldn’t you argue that it was still economic espionage with intent to get an advantage on developing and potentially selling weapons to other nations like we do?”

I don’t think economic espionage is the only aim. As noted in a New York Times article, of particular concern “is that the latest set of attacks…focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.”

What is the so what factor? I believe China is not only involved in economic espionage but also in what is called Computer Network Exploitation (CNE). For an excellent rundown on CNE and other cyber warfare topics as relates to China, I recommend reading China’s Cyber Power and America’s National Security by Colonel Jayson M. Spade.

In one particularly interesting passage he states:

“CNEs are intrusive, involving unauthorized entry into a network, but do not necessarily cause damage. CNEs are ‘enabling operations and intelligence collection to gather data from automated information systems or networks.’ As an enabler, a CNE not only gathers information, but can map networks for future attacks and can leave behind backdoors or malware designed to execute or facilitate an attack.

Timothy Thomas, a retired Army intelligence officer and expert on PRC cyber warfare, believes China’s CNEs are reconnaissance missions: mapping networks, collecting intelligence, looking for system vulnerabilities, and planting programs in U.S. networks. This pre-conflict reconnaissance would give the PLA the advantage in a confrontation with the United States. Thomas believes this behavior reflects an old Chinese stratagem: ‘A victorious army first wins and then seeks battle. A defeated army first battles and then seeks victory.’”

There’s a military expression called preparation of the battlefield. I think this activity by China falls in that category. Am I saying China sees us as an enemy? I can’t express what I think any better than Colonel Spade does in his paper:“From China’s perspective, they are a rising world power and the United States, as the sole superpower, is both the standard for military technological achievement and China’s principal adversary for regional dominance.China sees the United States trying to ring and contain it with military bases and alliances. It sees U.S. concerns over human rights, particularly concerning groups the CCP sees as subversive or separatist elements, as a means of destabilizing the regime. And the American relationship with and military support for Taiwan poses a threat to national sovereignty and therefore regime legitimacy.”

Do I feel China is planning to attack us? No, but I do believe they’re giving themselves the capability to militarily defend their goals if diplomacy fails. I think you have to take a holistic approach to determine China’s intentions. Look at not only what they say but what they do.

A few weeks ago I attended a military themed conference in San Diego called West 2013. One of the more interesting panels was titled: Chinese Navy: Operational Challenge or Potential Partner? One of the speakers, Dr. Jacqueline Deal made some interesting points. She said in the past people thought contingency planning for Taiwan was the primary driver of the Chinese Navy. Then people started to speculate that it was natural for a country with a growing and rich economy to have a Navy. In 2009 a Chinese official gave a speech about the Navy’s mission to defend overseas interests.

I’ll conclude with some points made by Captain Jim Fanell, United States Navy, and senior intelligence officer for the Pacific Fleet. He began by saying everyday his staff spends about 45 minutes to an hour briefing him on what’s happening in the Pacific and Indian Ocean. He said every day China is at the center of virtually every dispute in the maritime domain.

Some of Capt. Fanell’s main points:

● China is maintaining a robust and constant presence in the East China Sea, South China Sea, and the Philippine Sea.

● They are going to sea to learn how to do naval warfare. Their movements are largely about countering the U.S. Pacific Fleet.

● They’re trying to gain control of what they call the Near Seas and regularly challenge the Economic Exclusion Zones of South Korea, Japan, the Philippines, Brunei, Indonesia, and Vietnam.

● China has set up 8 military installations on 7 reefs in the Spratlys.

● Maritime patrols in the South China Sea have tripled since 2008.

● China’s attitude seems to be “What’s mine is mine and what’s yours we’ll negotiate”.

● They’re taking control of maritime areas that have never been controlled by China in over 5,000 years.

● In his opinion, China is knowingly and operationally and incrementally seizing maritime rights of its neighbors under the rubric of a maritime history that is not only contested in the international community but has largely been fabricated in order to educate the populace about its rich maritime history clearly as a tool to sustain the Party’s control.

Gail Harris is a Truman Security Fellow.