Chinese Capabilities for Computer Network Operations and Cyber Espionage

Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage

  • 137 pages
  • March 7, 2012


The PLA’s sustained modernization effort over the past two decades has driven remarkable transformation within the force and put the creation of modern command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) infrastructure at the heart of the PLA’s strategic guidelines for long term development. This priority on C4ISR systems modernization, has in turn been a catalyst for the development of an integrated information warfare (IW) capability capable of defending military and civilian networks while seizing control of an adversary’s information systems during a conflict.

Information Warfare Strategy

PLA leaders have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively. This goal has effectively created a new strategic and tactical high ground, occupying which has become just as important for controlling the battlespace as its geographic equivalent in the physical domain.

The PLA has not publicly disclosed the existence of a computer network operations strategy distinct from other components of IW, such as electronic warfare, psychological operations, kinetic strike, and deception, but rather appears to be working toward the integration of CNO with these components in a unified framework broadly known as “information confrontation.” This concept, as discussed by the PLA, seeks to integrate all elements of information warfare—electronic and non-electronic—offensive and defensive under a single command authority.

Earlier in the past decade, the PLA adopted a multi-layered approach to offensive information warfare that it calls Integrated Network Electronic Warfare or INEW strategy. Now, the PLA is moving toward information confrontation as a broader conceptualization that seeks to unite the various components of IW under a single warfare commander. The need to coordinate offensive and defensive missions more closely and ensure these missions are mutually supporting is driven by the recognition that IW must be closely integrated with PLA campaign objectives. The creation of what a probable information assurance command in the General Staff Department bureaucracy suggests that the PLA is possibly creating a more centralized command authority for IW that will possibly be responsible for coordinating at least network defense throughout the PLA.

As Chinese capabilities in joint operations and IW strengthen, the ability to employ them effectively as either deterrence tools or true offensive weapons capable of degrading the military capabilities of technologically advanced nations or hold these nations’ critical infrastructure at risk in ways heretofore not possible for China will present U.S. leaders and the leaders of allied nations with a more complex risk calculus when evaluating decisions to intervene in Chinese initiated conflicts such as aggression against Taiwan or other nations in the Western Pacific region.

Chinese Use of Network Warfare Against the United States

Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict. A defense of Taiwan against mainland aggression is the one contingency in the western Pacific Ocean in which success for the United States hinges upon the speed of its response and the ability of the military to arrive on station with sufficient force to defend Taiwan adequately. PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict.

The effects of preemptive penetrations may not be readily observable or detected until after combat has begun or after Chinese computer network attack (CNA) teams have executed their tools against targeted networks. Even if circumstantial evidence points to China as the culprit, no policy currently exists to easily determine appropriate response options to a large scale attack on U.S. military or civilian networks in which definitive attribution is lacking. Beijing, understanding this, may seek to exploit this gray area in U.S. policymaking and legal frameworks to create delays in U.S. command decision making.

Key Entities and Institutions Supporting Chinese Computer Network Operations

The decision to employ computer network operations and INEW capabilities rests with the senior political and military leadership and would be part of a larger issue of employing force during a crisis. Once that decision was made, however, the operational control for the military use of CNO rests with the PLA’s Third and Fourth Departments of the General Staff Department (GSD). The Third Department (3PLA), China’s primary signals intelligence collector is likely tasked with the network defense and possibly exploitation missions. The Fourth Department (4PLA), the traditional electronic warfare arm of the PLA, likely has the responsibility for conducting network attack missions.

The PRC government actively funds grant programs to support CNO related research in both offensive and defensive in orientation at commercial IT companies and civilian and military universities. A review of PRC university technical programs, curricula, research foci, and funding for research and development in areas contributing to information warfare capabilities illustrates the breadth and complexity of the relationships between the universities, government and military organizations, and commercial high-tech industries countrywide.

Share this: