On 23 May 2017, an Indian Air Force Sukhoi 30 fighter aircraft was downed, purportedly by a cyber-attack from China. This was just one more incident in the series of cyber incidents against India.1 To most observers, this did not come as a surprise as India has been one of the most cyber-attacked countries with most of the attacks originating from China.
In a 2018 report to India’s National Security Council Secretariat (NSCS), almost 35 percent of cyber attacks were attributed to China. The situation has not improved since then. India was one of the most cyber-targeted countries in the world in 2019 with over 50,000 cyber-attacks from China alone. India held the top spot for being the most cyber targeted country for three months- April, May and June and remained in the top 5 cyber-attacked countries throughout the year. According to a report (read here), the most cyber-attacks targeting India in 2019 originated in Slovenia followed by Ukraine, the Czech Republic, China, and Mexico.2
The cyber-attacks are against infrastructure, financial institutions and government agencies. While they include attacks for personal, financial gains, there is no denying the fact that a large number target India strategically and undermine the national security. A major difficulty in understanding the dangers, and own vulnerabilities to cyber-attacks is the lack of a common definition of cyber warfare.
What is Cyber Warfare ?
One of the commonly used definitions of Cyberwarfare is:
“Cyberwarfare is an extension of policy by actions taken in cyberspace by state actors (or by non-state actors with significant state direction or support) that constitute a serious threat to another state’s security, or an action of the same nature taken in response to a serious threat to a state’s security (actual or perceived).”
However, there is no commonly accepted definition of cyberwarfare as it is debateable if cyberwarfare involves only state and state-sponsored actors thus restricting its scope, or does it also include non-state actors, such as terrorist groups, companies, political or ideological extremist groups, hacktivists, and even transnational criminal organizations working in their own self-interests or at the behest of the state thereby increasing the scope of cyberwarfare and making it free-for-all with no restrains.
Keeping in mind the extent of cyber-attacks that take place every day, the latter viewpoint is more apt and the same has been considered in a study by RAND corporation that considers cyber warfare as ‘strategic warfare in the information age’, just as nuclear warfare was in the 20th century. This study is frequently quoted by Chinese military analysts and it is noteworthy that this definition argues that cyber warfare is more than mere operations in the military domain involves competition in areas of economy, diplomacy, and social development, and has much broader significance to national security.
Early Chinese Concepts
Gulf War is often said to be the turning point when China realised the need for deep reforms of its military to compete in future conflicts driven by technology. In 1993, China changed its military strategic guideline to “winning local wars in conditions of modern technology, particularly high technology” as the basic aim of preparations for military struggle.
One of the first works that provided a hint of the new strategy was ‘Unrestricted Warfare’ by Qiao Liang and Wang Xiangsui in 1999 wherein they write that, “If we want to have victory in future wars, we must be fully prepared intellectually for this scenario, that is, to be ready to carry out a war, which may be conducted in a sphere not dominated by military actions.” The key was “unrestricted warfare” and the need to ., “fight the fight that fits one’s weapons” and “build the weapons to fit the fight”. This demarcated traditional warfare from future wars and seeks optimum tactics for the weapons one possesses.
The strategy was changed to “winning local wars under conditions of informationization” in 2004 as China underscored that “informationization has become the key factor in enhancing the warfighting capability of the armed forces.” China has come a long way since then and has slowly but surely established itself as a leading cyberwarfare capable nation, with some arguing that it is the only nation capable of challenging United States, and is far ahead of Russia.
While defence analyst Brig Gurmeet Kanwal (Retd) was of the view that , “… information warfare has gradually assumed the position to be regarded as an extremely attractive option in China, since they view it as an asymmetric tool that would enable them to overcome their relative backwardness in military hardware3,” what needs to be understood is that china has gone way beyond information warfare and to restrict our understanding of China’s capabilities to information warfare would be myopic.
China’s Cyberwarfare Capabilities
“The Science of Military Strategy”—a study by the Academy of Military Science in 2013 was the first time that the Chinese military publicly addressed cyber warfare from a holistic point of view. It emphasized that cyberspace has the new and essential domain of military struggle. This view was not only echoed in the 2015 China’s Ministry of National Defence paper entitled “China’s Military Strategy ” but it also modified the basic aim for preparations for military struggle to “winning informationized local wars” and addressed cybersecurity for the first time. It defined cyberspace as a “new pillar of economic and social development, and a new domain of national security.” Acknowledging the interplay between military, economy, domestic and foreign policy, China understood that the cyber capabilities need to be developed holistically, not only as a response to the evolving cyber warfare approaches and practices of other countries, but also to be in accordance with its national security environment and domestic situation.
Objectives of Cyber Capabilities
China’s Military Strategy described the primary objectives of cyber capabilities to include: “cyberspace situation awareness, cyber defence, support for the country’s endeavours in cyberspace, and participation in international cyber cooperation.” The objectives aim to “stemming major cyber crises, ensuring national network and information security, and maintaining national security and social stability.” Also of importance is defence of critical information infrastructure. China has maintained that it adheres to the strategic guideline of Active Defence and that its the primary stated goal i cyber warfare is to enhance cyber defence capabilities in order to survive and counter after suffering an offensive cyber strike.
China’s Strategic Support Force
The PLA Strategic Support Force (SSF) is the first step in the development of a cyberforceby combining cyber reconnaissance, cyberattack, and cyberdefense capabilities into one organization to centralize command and control of PLA cyber units, and appears an effort to consolidate cyber elements of the former PLA General Staff Third (Technical Reconnaissance) and Fourth (Electronic Countermeasures and Radar) Departments and Informatization Department.
The PLASSF is however more than just consolidation of Cyber Divisions and Electronic warfare as it clubs together its space division also with the former divisions. The Space Systems Department provides space-based information support and intelligence for the PLA’s newly established theatre commands and enable future joint operations and power projection while the Network Systems Department is responsible for managing cyber, electronic, and psychological warfare capabilities. The consolidation of cyber and information warfare divisions aims at generating synergies by combining national level cyber reconnaissance, attack, and defence capabilities in its organisation.
One of the unique aspects of Chinese Cyber Warfare capabilities is the integration of civilian institutions with the military. Though integration of civil-military power has always been a hallmark of China, use of civil cyber capabilities will directly help the PLA, a phenomenon not seen in any other country. This was formalised in January 2017 with the establishment of the Central Commission for Integrated Military and Civilian Development, with civil-military cyber integration being identified as one of the core missions of the new centre. China’s inaugural ‘cybersecurity innovation centre’ was established in December 2017 and is operated by 360 Enterprise Security Group. It has been charged with enhancing private sector cooperation to “help [the military] win future cyber wars.”
As part of the civil-military integration, State-affiliated cyber militias with a membership base believed to number in excess of 10 million people operate to further the national goal of dominance in cyber space, with some of these militias dating back to around 20 years ago.
The first indication of China’s cyber-attack units came as early as 2003 with defensive and offensive capabilities including the ability to plant information mines, conduct information reconnaissance, change network data, release information bombs, dump information garbage, disseminate propaganda, apply information deception, release clone information, and establish network spy stations. By 2007, China had not only started penetrating US and European networks, successfully copying and exporting huge volumes of data but had started carrying out “Byzantine Hades” cyberattacks. The alleged theft of the F-35 fighter jet was one such example of Chinese cyberattacks4.
The most well known of these units is Unit 61938. According to CNN, the unit, also known as the “comment crew,” has systematically stolen hundreds of terabytes of data from at least 141 organizations across 20 industries worldwide since 2006. It is estimated that that the unit has more than 1,000 servers and employs anywhere from hundreds to thousands of staff. The unit, that was given a special fibre optic communication infrastructure by state-owned enterprise China Telecom in the name of national defence, is just one of more than 20 Chinese cyber-attack groups.
In 2015, when China signed the cyber agreement with United States, ostensibly to stop hacking and data privacy, it used the opportunity to further its aim of refining its cyber defences. While China arrested some hackers, based on the list supplied by United States, it took this information to identify its own weaknesses , to close the gaps in its methods of cyber thefts, making its cyberattacks progressively more difficult to identify5.
Why China would carry out cyber attacks
Its vulnerabilities in cyber-defence notwithstanding, China is expected to continue expoilting cyber space for its strategic goals and continue carrying out cyber-attacks as part of a well laid out long term plan. While it seeks to exploit cyberspace to offset the traditional advantages of its peer rivals viz. United States, it would use the cyber space to further degrade the combat potential of other rivals like India.
The official documents reveal that PLA has consistently advocated cyber warfare to achieve a range of operational objectives, such as targeting an adversary’s command, control, and communications (C3) and logistics networks to hamper its ability to generate combat power during the early stages of an armed conflict. The use of cyber-attacks with conventional attacks is also expected and all this will be supplemented by its use of cyber space to gather intelligence.
According to the US Department of Defence report (read here), China believes that by achieving ‘cyberspace superiority’ it can deter or degrade an adversary’s ability to conduct military operations against China and manage the escalation of a conflict. Also, this enables China to scale these attacks to achieve desired conditions with minimal strategic cost and that using “cyber-attacks demonstrate capabilities and resolve to an adversary.”
Between 2010-2018, China’s main goal in targeting India was to gain access to sensitive information from the government and the private sector (over 55 percent of cases), followed by disruption of daily activities as was seen in 2010 when China’s use of Stuxnet worm to compromise India’s communication satellite. Intrusion with the use of malicious software such as Trojans to enter the target’s network or software program has been the most common form of method in cyber attacks during this time period.
As per, Alexey Kupriyanov, a Russian commentator, until recently, Indian authorities had paid relatively little attention to introducing cyber technologies in the country’s governance system and using them to combat cyber threats.According to him, the main factor was that India’s leadership underestimated the scale of confrontation in cyberspace, believing that it was limited to negligible operations that aim to collect information at best6.
One of India’s first serious attempt to respond to challenges in cybersecurity date back to 2012 when, Indian specialists stated they were working on creating their own microprocessors and planning to cut imports of military software, instead of channelling money into domestic R&D (the share of imported military software in India is currently about 70%). Additionally, in the same year, a proposal was made to create a command and control centre to monitor critical infrastructure and eliminate breaches in cybersecurity. An attempt to introduce a specialized operating system called Bharat Operating System Solutions (BOSS), which was developed by the Centre for Development of Advanced Computing, however ended in failure and the Indian military went back to using Windows OS7.
Viewed dispassionately, India’s efforts till recently have been disjointed and not serious. One of the main hurdles has been the continued reliance not only on imported military software but also the fact that India imports most of its hardware from China, making it vulnerable to attacks. The formation of Defence Cyber Agency has been a step in the right direction but it will be a long haul.The present policy is also due to the uncertainty connected to cyber attacks with attribution a problem in the cyber domain. Unlike with the use of conventional weapons that are the domain of the country’s military, a government can deny its connections to hackers. In this context, the targeted country needs to proceed with caution.
A major factor that holds back development of a viable response is the continued prioritization of conventional threats from Pakistani militants over cyber attacks from China. And reliance on existing capabilities to limit attacks that have been undeterred by such capabilities.
In the long term, China plans to integrate artificial intelligence (AI) technologies to boost its cyber defence and offence capabilities. By 2030, China aims to establish itself as the global leader of AI technologies. The use of AI for cyberwarfare is not difficult to understand as the vast amounts of data and the speed of cyber attacks is beyond the human cognitive capabilities and requires AI as it helps process and filter information, enabling adaption to rapidly evolving operational environments. Even in cyber defence, AI support could significantly increase reaction speed by using predictive capabilities.
Like the nuclear deterrence based on mutually assured destruction (MAD), one viable way to thwart cyber-attacks is to develop a credible first-strike and counter-strike capability that would restrain the adversary from using its cyber attack capability.
A massive attack on one nation’s power grid might lead to a tit-for-tat attack on the electrical grid of the other. And, to avoid this scenario of having to hit back hard after already being hit, a nation might decide to develop a “first strike” capability. This would be tantamount to being able to let fly hundreds of intercontinental nuclear weapons, all at the same time, in order to destroy a nation before it ever has a chance to respond. As a result, the next generation might grow up under the constant risk of a cyber attack taking down the national energy grid, in the same way that generations before lived with the constant risk of nuclear war.
A word of caution will not be out of place here. China’s internet is also one of the most regularly attacked. According to a report ( read here) China suffered the highest rate of distributed denial of service attacks (DDOS) in the world in 2018—an average of over 800 million a day. Though bout 97 percent were conducted by domestic hackers, a growing percentage came from overseas, mostly from the US, South Korea, and Japan, targeting mostly government and financial websites.
This vulnerability needs to be kept in mind when we discuss China’s capabilities to carry out cyber attacks.
- Brigadier Saurabh Tewari,China’s Cyber Warfare Capabilities, USI Journal, April-June 2019, accessed online at https://usiofindia.org/publication/usi-journal/chinas-cyber-warfare-capabilities/
- Regina Mihindukulasuriya, India was the most cyber-attacked country in the world for three months in 2019, The Print, 3 March, 2020
- Chansoria, Dr Monika, China’s Cyber Wars, India Strategic, April 2010 https://www.indiastrategic.in/topstories570.htm
- Wagner David, China’s head start in cyberwarfare leaves the US and others playing catch-up, South China Morning Post, 7 March 2019 https://www.scmp.com/comment/insight-opinion/united-states/article/2188873/chinas-head-start-cyberwarfare-leaves-us-and
- Alexey Kupriyanov, India in the Era of Cyber Wars, 29 July, 2019
Elizabeth Radziszewski, Brendan Hanson, and Salman Khalid, India’s Response to China’s Cyber Attacks,The Diplomat, 3 July 2019, https://thediplomat.com/2019/07/indias-response-to-chinas-cyber-attacks/
JinghuaLyu, What Are China’s Cyber Capabilities and Intentions?, Carnegie Endowment, 1 April, 2019 https://carnegieendowment.org/2019/04/01/what-are-china-s-cyber-capabilities-and-intentions-pub-78734