China Cyberwar, or Not?

I've been writing about the Chinese threat for a while. I was glad to see Professor Spafford chime in with Who is Hacking Whom?:

It remains to be seen why so many stories are popping up now. It’s possible that there has been a recent surge in activity, or perhaps some recent change has made it more visible to various parties involved. However, that kind of behavior is normally kept under wraps. That several stories are leaking out, with similar elements, suggests that there may be some kind of political positioning also going on — the stories are being released to create leverage in some other situation.

Cynically, we can conclude that once some deal is concluded everyone will go back to quietly spying on each other and the stories will disappear for a while, only to surface again at some later time when it serves anoher political purpose. And once again, people will act surprised. If government and industry were really concerned, we’d see a huge surge in spending on defenses and research, and a big push to educate a cadre of cyber defenders.

You might also be wondering if the West and its allies is engaged in a "cyberwar" with China. Some might be asking if this is "information warfare." Here is my perspective.

DoD Joint Publication 3-13, Information Operations, differentiates between two sorts of offensive information operations.

  1. Computer Network Exploitation. Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. Also called CNE.

  2. Computer Network Attack. Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. Also called CNA.

You can think of CNE as spycraft, and CNA as warfare. In the physical world, the former is always occurring; the latter is hopefully much rarer. I would place all of the publicly reported activity from the last few months in the CNE category.

So why the war in the media over Chinese activity? I think this is part of the answer: what else can the West or China do? Consider similar situations and their consequences.

  • The UK seeks the extradition of Andrei Lugovo for the murder of Alexander Litvinenko. Russia refuses, so the UK expels four Russian "diplomats." Russia responds by expelling four UK "diplomats."

  • Russian bombers encroach on the North Sea. The UK scrambles interceptors.

  • The FBI discovers Robert Hansen is a Russian spy. The US expels six Russians, and the Russians seek to match that with their own expulsions.

This is how the international relations game is played. When the players have no way to express their concerns or make their intentions known, they are left with making statements to the media. The question is whether anything else might happen.


I don't feel especially aware of the details of the goings on in the world of internet warfare, criminal or otherwise, but it strikes me as cynical to the point of naive (as in too much cynicism is foolish) to say that the possible explanations for reports like the Germany national government's about hacking are limited to politics or politics. It would seem to me that it's just getting out of hand -- all of it from the criminal to the national. And the EU for one is looking for some sanity. Now of course everything in government has political dimensions and utilities. But I found it clearly likely in the German case that the politics were of the reason sort as much as of the trading sort. As in perhaps sending the message, "do you have any control over what's going on?".
A message which would have some resonance in China.

my two cents
Spy Guy said…
I saw the former Chief Strategist of Netscape speak on Cyber Warfare at the SECTOR Conference in Toronto, What an eye opening experience. He stated that given the current cyber weapons race, a cyber war is all but a sure thing. He said "with every tick of the clock we are one second closer to an all out cyber war." He also talked about a number of cyber weapons that are both software and hardware. The attack on Syria seem like a small skirmish compared to the massive cyber events in late 2007.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4