China’s Cyber Threat to U.S. national security

On March 31, 2001, a United States (U.S.) Navy EP-3 Aries II (a four-engine turboprop) spy plane, collided with and was damaged by a Chinese fighter jet over international waters, forcing it to land at a Chinese air base on Hainan Island. Hainan Island is located at the southern tip with the Chinese mainland in the South China Sea.

The U.S. Navy pilot, Lt. Shane Osborn's EP-3 surveillance plane was on autopilot and flying straight and level when a Chinese fighter jet hit him. The Chinese F-8 jet was "buzzing" the EP-3 when its tail hit the Navy aircraft's No. 1 engine propeller, Defense Secretary Donald H. Rumsfeld said. At that point, the EP-3's autopilot went off and the plane made a steep left turn and lost some 5,000 to 8,000 feet in altitude before Osborn regained control. "Our EP-3 was flying an overt reconnaissance and surveillance mission in international airspace in an aircraft clearly marked `United States Navy,' Rumsfeld told reporters.

”It was on a well known flight path that we had used for decades. Many countries perform such flights, including China." U.S. intelligence has still photographs and videos of Wang Wei, the Chinese pilot presumed dead after a midair collision with a Navy spy plane, as his F8 jet darted in and around U.S. aircraft during previous intercepts over the South China Sea. One photograph shows Wei holding up a sign to the American pilot that appears to contain an e-mail address, U.S. officials. From the still photograph, taken last January, the electronic address says something like: PFUFYEAH.NET or AFUFYEAH.NET. Messages to those addresses bounce back as undeliverable.

After the Chinese got their hands on the EP-3 Aries II spy plane, the NSA figured that nobody would be able to reverse engineer US codes from the equipment they left on board. But in 2008, Americans caught intercepts detailing American naval movements indicating that maybe that’s just what they did. After the EP-3 incident, Chinese vessels, without provocation, harassed American intelligence gathering ships in international waters.

In March (2009) in the South China Sea, a Chinese boat attempted to separate a towed sonar array from the Impeccable, an unarmed vessel. More recently the Chinese have made several disclosures in recent weeks concerning their advancing capabilities, including its anti-ship ballistic missile program, which could challenge U.S. aircraft carriers in the Pacific.

China has made advances in other areas as well, and may be ready to launch its first aircraft carrier in 2011. New photographs released the week of January 17, 2011, indicate that the country may also have a prototype of a stealth fighter jet, named the J-20. To gain a better understanding as to why the Chinese have advanced as far as they have in a relatively short period of time, we have to go back to “Desert Storm” (circa 1990-1) to learn the probable reasons.

As Desert Storm unfolded, Americans sat glued to their TVs, watching those grainy videos of bombs being dropped down smokestacks. We all cheered when we saw “the luckiest man alive” cross an intact bridge over the Tigris River mere seconds before an American Stealth bomber dropped a smart bomb from thousands of feet up, destroyed the same bridge. But we were also cheering our renewed prowess of the once-again formidable American military. Saddam Hussein’s army was the fourth largest in the world. His weapons, largely of Soviet make and design, the same as China’s arsenal, were mostly destroyed from the air before they could ever be used.

The U.S. ground war lasted one hundred hours, following thirty-eight days of air strikes. Among those watching on television were the leaders of the Chinese military. Modern information technologies had begun to transform the battlefield, rendering industrial age military forces ever more vulnerable. Chinese assessments of U.S. military capabilities prior to Operation Desert Storm were well wide of the mark, with many in the People’s Liberation Army (PLA) anticipating a protracted conflict and significant U.S. combat losses. The stunning successes of American forces triggered an internal reassessment within the Chinese military that continues to the present day.

The PLA leadership sought to accelerate acquisition and integration of advanced technologies into Chinese military research and development. These technological needs were also reflected in doctrinal reassessments and important organizational reforms, including continued reductions in the size of the armed forces and increased professionalization of the officer corps. Having long emphasized mass, redundancy, and defense of the homeland, PLA commanders embarked on gestational changes that have achieved far greater fruition over the past decade. Later theChinese probably read The First Information War and other accounts and realized just how far behind they really were.

They soon began referring to the Gulf War as zhongda biange, “the great transformation.” In the 1990s, China's Ministry of Public Security (MPS), which manages the country's police services, pioneered the art of state control of cyberspace by partnering with foreign network systems firms to monitor information flows via the Internet.

By 1998, according to an insider's account of China's Internet development, the MPS and its subordinate bureaus found that their resources for monitoring the Internet had been overwhelmed by the sheer volume of Internet traffic -- which by 1998 had not yet reached 1 million users in China. Several U.S. firms (Microsoft among them) reportedly aided the Chinese security services in constructing a new Internet architecture and training a vast Army of cyber-police to monitor Internet sites in real time and identify both site owners and visitors.

In August 1998, the cyberpolice announced their first arrest of a Chinese hacker via online monitoring. China's MPS has been successful beyond its wildest dreams. Using widely available sophisticated telecommunications equipment and services and using its own software tailored to China's requirements, China can effectively monitor all domestic Internet and wireless traffic of its netizen population of 137 million.

Beijing uses a variety of means to monitor and control the online activities of the “Five Poisons” (these are the dissident groups the Chinese government want to continually monitor), groups and other social elements deemed a threat to the regime. The MPS launched a censorship initiative called “Golden Shield Project” (referred to outside China as the “Great Firewall of China”) in 1998, which included censorship tools such as Internet Protocol (IP) Blocking, Domain Name Service filtering and redirection, URL Filtering, Packet Filtering, Connection Resets, Web Feed Blocking, and Reverse Surveillance.

The People's Liberation Army (PLA) organized its first cyberwarfare units (zixunhua budui) in early 2003. They have since become a highly active element in China's ground force organization, no doubt building on the expertise developed in the late 1990s by China's police and state security services, which are well trained and equipped in using the Internet and cell phone networks to monitor, identify, locate, and censor cyberdissidents. China's 2006 Defense white paper states the PLA's intention to "basically reach the strategic goal of building informationized armed forces and being capable of winning informationized wars by the mid-21st century."

PLA cyberwarfare units are both active and highly sophisticated. They are apparently the only PLA units that regularly target enemy military assets in the course of their duties. New PLA doctrine sees computer network operations as a force multiplier in any confrontation with the United States and other potential adversaries, including Taiwan, Japan, and South Korea as well as Canada, France, Germany, and the United Kingdom.

Different industries and operators use a variety of different terms to describe the systems that run their operations, but all of these systems have the common elements of physical processes and systems that are computer-interfaced and controlled. Control systems operate the physical infrastructures that distribute critical infrastructure services to the public and to other infrastructure operators.

The electrical grid and water distribution systems that provide water and electricity to our homes and businesses are examples of vital Supervisory Control and Data Acquisition (SCADA) systems. Other control systems operate processes to manufacture food or chemical products, and monitor and control natural gas pipelines and petroleum refineries. A cyber attack on these systems has the potential to cause large scale interruption of these services with cascading effects into other sectors of the economy. Cyber-security has increasingly become a national security priority over the past decade. Cyber threats may be perpetrated with little cost and few resources.

Cyber attacks are typically anonymous, launched from any of billions of sources worldwide. Impacts may be immediate and obvious, or elude recognition for years. National cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm US interests. These threats range from propaganda and low-level nuisance web page defacements to espionage and serious disruption with loss of life and extensive infrastructure disruption. Among the array of cyber threats, as seen today, only government-sponsored programs are developing capabilities with the future prospect of causing widespread, long-duration damage to U.S. critical infrastructures.

The tradecraft needed to effectively employ technology and tools remains an important limiting factor, particularly against more difficult targets such as classified networks or critical infrastructures. For the next 5 to 10 years, only nation states appear to have the discipline, commitment, and resources to fully develop capabilities to attack critical infrastructures.

Their goal is to weaken, disrupt or destroy the U.S. Their sub-goals include espionage for attack purposes, espionage for technology advancement, disruption of infrastructure to attack the US economy, full scale attack of the infrastructure when attacked by the U.S. to damage the ability of the US to continue its attacks. Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities.

Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power - impacts that could affect the daily lives of U.S. citizens across the country. Basically, there are two threat scenarios ─ one from hackers and individuals, and the other from foreign nation states. The first is sometimes described as an “unstructured” threat, while the latter is considered a “structured” threat. • The unstructured threat is random and relatively limited. It consists of adversaries with limited funds and organization and short-term goals.

These actors have limited resources, tools, skills, and funding to accomplish a sophisticated attack. The unstructured threat is not a danger to national security. However, such attacks might cause considerable damage if they are sufficiently foolish or lucky. • The structured threat is considerably more methodical and better supported. These adversaries have all-source intelligence support, extensive funding, organized professional support, and long-term goals. Foreign intelligence services, criminal elements, and professional hackers involved in information warfare, criminal activities, or industrial espionage fall into this threat category.

Even though the unstructured threat is not of direct concern, it is feared that a structured threat actor could masquerade as an unstructured threat actor. In conclusion, China is using stolen technology to rapidly produce new and lethal high-technology weapons. China's espionage activities are the single greatest threat to U.S. technology not-to-mention national security. This illicit activity significantly contributes to China military modernization and acquisition of new capabilities. China's cyber-spying and computer attacks are major worries.

The U.S. government, private-sector networks, and national grid are targets and the U.S. counterespionage services are seriously overwhelmed in trying to counter this “Clear and Present Danger.” Spying today includes traditional Cold-War-style espionage as well as sophisticated cyber-operations and attacks to not only gather trade secrets but to export-controlled military technology, which very-well could be used against us in the near future.

[ 4 ]. Norman Schwarzkopf, General, Desert Shield/Storm Commander, statement made by during a press briefing, circa 1991. [ 5 ]. Dennis J. Blasko, The Chinese Army Today-Tradition and Transformation for the 21st Century (London and New York: Routledge, 2006). [ 6 ]. Richard A. Clark, “Cyber War: The Next Threat to National Security and What to do about it.” (New York: Harper Collins, 2010). pp. 49 [ 7 ]. John J. Tkacik, Jr,.”Trojan Dragon: China’s Cyber Threat.” Executive Summary Backgrounder (Washington, D.C.:The Heritage Foundation, 2008) pp, 2 Accessed on the Internet via on 10 January 2011. URL://<> [ 8 ]. Ibid, p.2.

[ 9 ]. Ibid, p.2. [ 10 ]. Ibid, p.2. [ 11 ]. Ibid, p.2. [ 12 ]. The U.S. Department of Homeland Security, U.S. Cert-United States Computer Emergency Readiness Team. Accessed on the Internet via on 16 Jan 2011. URL:// [ 13 ]. National Academy of Sciences, 1991. [ 14 ]. Minihan, Kenneth A. (1998): Prepared statement before the Senate Governmental Affairs Committee, 24 June 1998.