Today, the Pentagon uses over 5 million computers on 100,000 networks at 1,500 sites in 65 countries worldwide. Not surprisingly, potential adversaries have taken note of our slavish dependence on cutting-edge, network-centric warfare.
Last year, the Department of Defense suffered a record 79,000 computer network attacks, including some that actually reduced the military’s operational capabilities. In the past, top-flight military units such as the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division have been “hacked.”
According to Pentagon sources, most attacks on America’s “digital” Achilles’ Heel are originating from the People’s Republic of China (PRC), making Chinese information warfare (IW) operations an issue we’d better pay close attention to.
IW, including network attack, exploitation and defense, isn’t a new national security challenge. Cyberwarfare was all the rage in the late 1990s, but faded in importance since 9/11 in comparison to the mammoth matters of Islamic terrorism, Iraq, Afghanistan, etc.
IW appeals to many state (and non-state) actors because it can be low-cost, highly effective and provide plausible deniability to the attacker. It can launch viruses, crash networks, collect intelligence and spread misinformation, interfering with vital friendly military and intelligence operations.
The PRC is serious about cyberwarfare, making the development of IW capability a top national-security priority. China’s military planners recognize that the U.S. dependence on computers for command, control, communications and intelligence is a potential strategic weakness, ripe for exploitation.
China’s military has incorporated cyberwarfare tactics into military exercises and created schools that specialize in IW. It’s also hiring top computer-science graduates to develop its cyberwarfare capabilities and, literally, create an “army of hackers.”
According to the congressionally mandated U.S.-China Security Review Commission (USCC): “The Chinese realize that they cannot win a traditional war against the U.S [in Asia] and are seeking unorthodox ways to defeat the U.S. in any such conflict . . . while building up their military power to eventually match or exceed U.S. military capabilities in East Asia.”
China’s plan is to develop asymmetrical warfare weapons, including so-called “assassin’s mace weapons,” that will allow the PRC to balance America’s military superiority in Asia. These weapons are also intended to counter, if necessary, existing U.S. military might by attacking perceived vulnerabilities, such as computer networks.
Supporting these assertions, in 1999, two Chinese colonels published a book called “Unrestricted Warfare” that advocated “not fighting” the U.S. directly, but “understanding and employing the principle of asymmetry correctly to allow us [the Chinese] always to find and exploit an enemy’s soft spots.”
The idea that a less-capable foe can take on a militarily superior opponent also aligns with the thoughts of the ancient Chinese general, Sun Tzu. In his book “The Art of War,” the strategist advocates stealth, deception and indirect attack to overcome a stronger opponent in battle.
Overlaying the still-influential Sun Tzu onto modern Chinese military thought would lead one to see that the People’s Liberation Army (PLA) believes that a Chinese “David” could, in fact, slay an American “Goliath” using an asymmetrical military option such as cyberwarfare.
According to the USCC, the PLA cyberwarfare target list is expansive, including, “forward-based command, control, communications, computers, and intelligence (C4I) nodes, airbases, aircraft carriers and sea- and space-based command and control platforms.”
But even more troubling: Potential Chinese cyberattacks aren’t limited to military targets. “Chinese military strategists envisage attacks on all American vulnerabilities, including civilian communications systems or on the vital nervous systems of our economic institutions such as the New York Stock Exchange’s computer system,” according to a July 2002 USCC report.
Bottom line: China isn’t necessarily America’s next enemy, but its IW efforts/activities provide a cautionary tale to U.S. policymakers. Fortunately, both the government and the private sector have devoted significant resources to cybersecurity, including against terrorists and criminals.
But potential foes are seeking cyber-based, asymmetrical advantages to overcome America’s military might. And with attacks on Pentagon computers up nearly 50 percent in 2004 over 2003, it’s likely that cyberwarfare will be as important as today’s warfare conducted at sea, on land and in the air/space.
A “digital Pearl Harbor” is by no means a certainty, but then again, no one believed that terrorists would fly airplanes into buildings, either. The time to take heed of the cyber threat — Chinese or otherwise — is now.
Peter Brookes is a Senior Fellow for National Security Affairs and Director of the Asian Studies Centre at The Heritage Foundation, and was former Deputy Assistant Secretary of Defense for Asian and Pacific Affairs in the Office of US Defense Secretary Donald Rumsfeld from 2001-2002.
First appeared in the New York Post