 The Global Cyber Threat Environment, Module 8, Chinese Cyber Operations Background, Objectives. Once you have completed the readings, lecture, activity and assessment, you will be able to articulate the effect that the quick U.S. victory of Iraqi forces during the 1991 call for had on China's military leadership. Describe the three types of computer network operations highlighted in China's 2013 white paper, Science of Military Strategy. Welcome to the Global Cyber Threat Landscape, Module 8. In this lecture, we discuss the development and operations of China's cyber enterprise. The 1991 Gulf War was a seminal event in prompting China to evaluate the role of technology within its armed forces. China watched from the sidelines as the U.S.-Iraq conflict initiated the era of net-centric warfare in which computer and information technology was incorporated into military operations. This allowed commanders to increase their situational awareness of the battlefield and, thus, act with greater unity of effort and efficiency. Within 100 hours of the United States' ground campaign launch in Iraq, a ceasefire was initiated with the Iraqi army essentially defeated. Chinese generals were surprised and intrigued at such a quick victory by the United States since technologically China's military forces were quite comparable to Iraq's. Realizing the United States might have an intractable advantage, Chinese military planners initiated a series of commissions to investigate how the war ended so rapidly. These commissions ultimately produced several white papers addressing how China could develop its own high-tech force while minimizing the obvious technological advantages of the United States. One approach that the Chinese implemented to disrupt the U.S. advantage as they concurrently developed their own net-centric capabilities was to embrace asymmetrical warfare. Such reliance on asymmetrical capabilities was compatible with China's long-standing tradition of using stealth, deception, and indirect approaches to warfare. China also felt that the United States was too dependent on communications technology, especially with regard to intelligence, surveillance, reconnaissance, or ISR, and believed that it might exploit this dependence should armed conflict occur. China's previous security posture had focused on fighting a large-scale land war on its own ground against Russian invasion. Less than one year after the end of the Gulf War, however, the Chinese president published a set of military strategic guidelines to modernize the development of its military forces. The new posture focused China on developing more joint and maneuverable forces that could fight small regional wars outside its borders. The new policy also addressed China's underdeveloped technological capability and defined a strategy that would allow the country to fight what it called local wars under informationized conditions. By informationized, China meant incorporating computer technology into all aspects of society for modernization, and local wars referred to China's assessment that future wars would be fought close to home in a geographically limited area. Seeing how the United States' technological advantage overpowered Iraq's military so rapidly, China's People's Liberation Army leadership determined that future conflicts would demand technology to quickly defeat an enemy and obviate the need for long-extended wars. China's concept of fighting local wars under informationized conditions was initially a template to develop the People's Liberation Army into a fighting force that could win high-technology wars under modern conditions while using an asymmetric approach. However, as computer technology quickly evolved, the term informationization expanded to capture technologies associated with information superiority, reconnaissance, jamming, networking, space operations and electronic attack. In a 2006 Defense White Paper, China's president highlighted the country's need to modernize its military forces by using information technology, mandating a series of deadlines for its implementation. His vision was a fully computerized military capable of waging high-tech warfare by 2050, and he highlighted the need for taking a whole-of-government approach to meet this goal. By 2010, China had succeeded in building itself into a formidable cyber power and was known to have executed several sophisticated hacks into computer systems of both the U.S. government and various U.S. corporations. The cybersecurity firm Mandiant provided a glimpse of China's growing cyber capability in an extraordinary 2013 report, APT-1, exposing one of China's cyber espionage units. This report highlighted the organization and operations of a highly active and secretive Chinese cyber espionage group, Unit 61398, and its connections to the Third General Staff Department of the Chinese People's Liberation Army, or PLA. The Mandiant report was granular about Unit 61398, including members, location, IP addresses it used for hacking operations, and even some of its secret tactics, techniques, and procedures, or TTPs. Another extraordinary aspect of the report was its outline of how broad the Chinese intrusions were, providing evidence that the unit had targeted more than 141 public and private organizations within the United States and other English-speaking countries. Other cybersecurity firms had reported on serious Chinese intrusion sets in the past, but had never provided the granular detail of the Mandiant's APT-1 report. In 2009, the Information Warfare Monitor, a Canadian cybersecurity organization, released a report on the Chinese intrusion set GhostNet, accusing the Chinese government of hacking political, economic, and foreign media targets in 103 countries. The report implicated China in hacking multiple computers associated with the Office of the Dalai Lama and other exiled Tibetan individuals in an apparent attempt to track their political and diplomatic moves. Subsequent investigations of other Chinese intrusion sets have also shown what seems to be a narrow mission for focus. The intrusion set Byzantine Hades was purportedly a Chinese operation with designs on obtaining sensitive U.S. military technology to include technology associated with the F-35 Joint Strike Fighter. Your readings for this module highlight the actions of Bin Su, a Chinese operative arrested for attempting to steal information about the U.S. Air Force's C-17 cargo plane and F-22 and F-35 fighter jets. As with so many malware intrusions, these Chinese sets all seem to have gained access through sphere-fishing emails. Historically, obtaining information on Chinese cyber strategy has been extremely difficult, as China is famous for its operational security. But 2013 saw the release of not only the Mandiant Report, but also a white paper titled Science of Military Strategy, published by the Chinese Academy of Military Sciences. This publication was the first in which the Chinese military outlined specific types of computer network operations that could be used during a conflict. The document defined network reconnaissance, network attack and defense operations, and network deterrence. The document defined network reconnaissance as exploiting loopholes in an adversary's computers so that spyware could expatriate data or scan for vulnerabilities. Network attack and defense operations were described as the highest form of military struggle in the network domain, as these capabilities can best neutralize a strategic competitor's command and control and intelligence systems during a conflict. Network deterrence was defined as actions which display network attack and defense operational capability and the firm resolve for retaliation to prevent the adversary from daring to carry out large-scale network attacks. Important to remember is that these three types of computer network operations are meant to be mutually supporting as they facilitate both offensive and defensive operations while increasing the likelihood of deterrence. As China's cyber capability grows, the country is actively seeking ways to become more efficient and effective with its cyber capabilities. In 2015, in an apparent effort to prevent organizational stovepiping, China announced that it was consolidating many of its military and governmental cyber organizations into one streamlined organization. The Strategic Support Force, as the new entity is called, includes organizations with traditional cyber missions as well as China's space forces, demonstrating the importance the country places on its space-based communications technologies. China's technological and organizational advancements have been occurring at breakneck speeds, astonishing many U.S. military strategists. If the trajectory continues, the country will likely reach technological parity with the United States much earlier than its goal of the year 2050. Quiz question one, true or false. The quick victory of U.S. forces over Iraq in the 1991 Gulf War prompted China's leadership to initiate a series of plans to develop and incorporate information technology into its armed forces. A, true, B, false. The answer is A, true. Quiz question two, which of the following is not a mission of Chinese computer network operations? A, network reconnaissance. B, network attack and defense operations. C, network disruption. D, network deterrence. The answer is C, network disruption. Activity, as you learned in this module, China employs three types of computer network operations or CNO. Network reconnaissance, network attack and defense operations, and network deterrence. Search each of these terms and briefly explain what each term means. For instance, how is network reconnaissance different from network attack or deterrence? Does the United States military employ any strategies in cyberspace? What are some differences and similarities between China and the United States in this regard?