Harry was a Russian secret service agent who spoke perfect English and wore cowboy boots with his uniform. I never knew what his face looked like because he wore a mask during the lengthy interrogation sessions he put me through during five days of captivity in Federal Security Service (FSB) hands in Chechnya in 1999. The first item taken from me by Harry and his friends was my laptop. I was as much unnerved as relieved when it was returned on my release. “I can have it back?” “Yeah, have it back,” the FSB agent replied, and laughed.

Within 24 hours of arriving home in London the laptop was deluged with spam, pornography and Russian hate mail, eventually crashing completely. The act was more a digital slap on the wrist than the attacks that the Russians would allegedly inflict on entire countries several years later, but it was my first experience of cyberwar.

The incident came to mind eight years later on a February morning in Helmand, southern Afghanistan, when I heard a Royal Marines colonel briefing his officers. He mentioned, almost as an aside, that one of the men’s e-mail accounts had been closed after being compromised by a “hostile intelligence agency”. In other words, someone hacked into a soldier’s computer to see what might be found there. Last December, in Sri Lanka, a senior UN official confided to me that his e-mails were being intercepted by a “key log” program that allowed everything he wrote and received to be read by an intelligence agency.

Today barely a week passes without the phrase “cyberattack” in the news. It is a loose term, incorporating everything from criminal hacking and commercial espionage to attempts to seize control of weapon systems or sabotage national infrastructures. Britain is treating the surge of hostile computer activity seriously enough to have established two organisations last year to co-ordinate, assess and expand its cyber strategy. The Office for Cyber Security (OCS), established by the Cabinet Office, was created in the autumn after a warning by intelligence chiefs that China may have acquired the ability to cripple key points of infrastructure such as telecommunications.

Whitehall departments were allegedly first targeted by Chinese hackers in 2007. Later that year Jonathan Evans, director-general of MI5, wrote to 300 chief executives warning of potential Chinese hacking attacks and data theft. In the year up to November 2009 Britain suffered 300 cyber intrusions — defined as a sophisticated attempt, successful or not, to steal data or sabotage systems — on government and military networks.

The OCS, at present staffed by 14 people, including personnel from the security services and military, is to be fully operational with a strength of 20 later this year. It works closely with a second organisation, the secretive Cyber Security Operations Centre, located within Government Communications Headquarters in Cheltenham. A key part of the approach is establishing rules of engagement for retaliatory cyberstrikes should critical infrastructure be attacked and crippled.

“If I go and bomb someone’s power station, that is an act of war,” Baron West of Spithead, the Permanent Under Secretary of State for Security and Counterterrorism, told The Times. “But if I use a computer to make that power station effectively not work, is that an act of war? That is a simple stark example. There are much more complex examples. These were issues that hadn’t been addressed before, and we are now at the forefront of doing so.”

The majority of attacks have been to obtain funds from commercial organisations, and a full assault on a country’s banks, stock market, energy grid, telecommunications and health systems is more likely if countries are already in a “hot” war. There are several other potential triggers, however. In 2007 Estonian ministries, banks and newspapers were bombarded with denial-of-service attacks — mass requests for information that cause systems to crash — for several days after the Government moved a Soviet war memorial in the capital, Tallinn.

In 2008 Georgia complained of similar attacks during its brief conflict with Russia over the breakaway province of South Ossetia. The Russians were blamed in both cases, although they denied involvement.

The threats and scenarios of cyberwar require some sideways thinking. British assessments conclude, for example, that the risk of a serious attack in this country is still lower than that of a flu pandemic — but that a flu pandemic would be a lot worse if combined with an attack on NHS computer systems involved in vaccine distribution. American academics have predicted that the physical damage from a country shutting the US power grid for three months would be several times greater than the damage done by Hurricane Katrina in Louisiana.

The strategy being developed by Lord West is not limited to risk assessment; retaliation is part of the package. “We could do what these people do [to us] if we wanted to,” he said. “We’re looking at … the ethics of all of this. If someone dropped a bomb on us, I would have no hesitation in shooting their bloody plane down and giving them a slapping … So we need to think through how we react to these ‘other things’ and the implications.”

The murky world of cyberwar is inhabited by small-time hackers, criminal syndicates and people operating with the support of their government.

“Everything that happens to us is called an ‘attack’,” said a senior official with a lead role in British cyber operations, “[but] most of what we see on a large scale … is about the exfiltration of data — theft, not an attack.” There exists, however, an overlap between the interests of hostile state intelligence agencies and cybercriminal syndicates seeking to steal intellectual data for profit. Russian cybercrime syndicates, better known as partnerka, lead commercial espionage in Europe and are known to have links with Harry and his comrades in the FSB. China has its own dedicated cyber operations headquarters within the People’s Liberation Army but also holds top rank in the league of cyberhostile countries — the list used by Western security companies to warn business clients of cyber-threat.

The West’s nuclear strategy was based on deterrence — the assurance that a guaranteed second strike would prevent a first strike from coming. Yet cyberwar is more complex because the attacks have certain things in common: they are fast, cheap and hard to trace.

“Attribution is unbelievably difficult,” admitted Lord West. “These guys could attack [as if it was from] your site — the attacks would come in from different nodes in a strange way that you can’t even identify. Follow the attack back and it gets to you — but it wasn’t you.”

The sophistication of commercial and state-sponsored activity has developed immensely since the attacks on Estonia and Georgia, with denial-of-service operations now considered relatively low-grade. More worrying is “zero-day malware” — an unidentifiable new generation of Trojan programs that are implanted into a host computer and lie dormant until activated.

“Let’s say that someone has received an e-mail that looks like it’s from someone they know, about a subject they feel comfortable with,” said Ian McGurk, associate director for information security at Control Risks, a security consultancy. “As a consequence they trust the material. If there’s an attachment — a photograph, a Word document, whatever — embedded within that attachment is some sort of malicious code that is going to install itself on the machine. That machine is then compromised, and a Trojan is installed that can search for information.”

As well as transmitting information back to its handler, zero-day malware can also hand a computer to outside control before going on to infect an entire system.

Raimund Genes, the chief technical officer of Trend Micro, said: “We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government.”

Hosts compromised with Aurora botnet agents and rallied to the botnet Command-and-Control (CnC) channels were distributed across multiple countries before the public disclosure of Aurora, with the top five countries being the United States, China, Germany, Taiwan and the United Kingdom.

Damballa identified additional botnet CnC domains used by these criminal operators and established a timeline of malware associations back to May 2nd, 2009 by tracking the evolution of the malware used by Aurora’s operators

This botnet has a simple command topology and makes extensive use of Dynamic DNS (DDNS) CnC techniques. The construction of the botnet would be classed as “old-school”, and is rarely used by professional botnet criminal operators any more. Reliance upon DDNS CnC is typically associated with new and amateur botnet operators

The criminals behind the Google attack appear to have built and managed a number of separate botnets and run a series of targeted attack campaigns in parallel. This conclusion is based upon CnC domain registration and management information. The earliest of the CnC domains associated with these botnets, reliant upon DDNS service provisioning, appear to have been registered on July 13th 2009

The botnet operators behind the Aurora attacks deployed other malware families prior to the key Trojan.Hydraq release. Some of these releases overlapped with each other. Two additional families of malware (and their evolutionary variants) were identified as “Fake AV Alert /Scareware – Login Software 2009” and “Fake Microsoft Antispyware Service,” both of which employed fake antivirus infection messages to socially engineer victims into installing malicious botnet agents.

But as China has grown more aggressive, Delhi has begun planning to fight a “two-front war” in case China and Pakistan ally against India. Army Chief of Staff General Deepak Kapoor recently outlined the strategy: Both “fronts”—the northeastern one with China and northwestern one with Pakistan—would receive equal attention. If attacked by Pakistan and China, India will use its new integrated battle groups to deal quick decisive blows against both simultaneously.

The two-front strategy’s ambitions go even further: In the long term China is the real focus for Indian strategists. According to local newspapers, Gen. Kapoor told a defense seminar late last year that India’s forces will “have to substantially enhance their strategic reach and out-of-area capabilities to protect India’s geopolitical interests stretching from the [Persian] Gulf to Malacca Strait” and “to protect our island territories” and assist “the littoral states in the Indian Ocean Region.”

Of course the existence of a new doctrine does not make it an operational reality. But a cursory glance at India’s acquisition patterns and strategic moves gives every indication that India is well on its way to implementation. Delhi is buying and deploying sophisticated command, control, communications, computers, intelligence, surveillance and reconnaissance networks; supersonic cruise missiles; lightweight towed artillery pieces; and new fighter aircraft with supporting electronic warfare and refueling platforms. India has already bought C-130J aircraft from the U.S. for rapid force deployment. The navy is planning to expand its submarine fleet, to acquire three aircraft carriers, and to deploy them with modernized carrier-based fighter aircraft. In addition India plans to deploy fighters and unmanned aerial vehicles at upgraded bases on the Andaman and Nicobar islands in the eastern Indian Ocean.

India is not looking for a fight with China: It simply understands it is prudent to develop a military that can deter Beijing. President Obama’s accommodating stance toward China and his apparent lack of interest in cementing partnership with Delhi have focused Indian minds, as have his failure to invest in resources his Pacific commanders need.

While America has a strong interest in sharing the burdens of checking China’s expansionism, it should be concerned when its friends react in part to a perception of American weakness and Chinese strength. Ultimately, the U.S. is the only country with the power and resources to reassure its allies they need not engage in costly arms races with China. But first the U.S. must identify Chinese military power for what Asian allies know it to be: a threat to peace in Asia.

Mr. Blumenthal is a resident fellow at the American Enterprise Institute in Washington.

Updated: 2009-04-01 07:44

China expressed surprise about reports India had planned a secret military exercise targeting Beijing, the Foreign Ministry said yesterday.

India’s Hindustan Times reported last week that the Indian army had on March 25 concluded a three-day military exercise codenamed Divine Matrix, based on the assumption a “nuclear-armed China will attack India before 2017″.

It said that before the exercise, the Indian military spent six months studying various hypothetical scenarios of war with Beijing and concluded: “China would rely on information warfare to bring India down on its knees before launching an offensive.”

It also quoted an officer as saying the People’s Liberation Army can now “launch an assault very quickly, without any warning”.

Foreign Ministry spokesman Qin Gang told a regular press briefing: “We are surprised by the report. Leaders of China and India had already reached consensus that the two countries will not pose a threat to each other but rather treat each other as partners.”

China is willing to work with India to boost relations over the long term, he said.

Espionage accusations

Qin also dismissed allegations yesterday that China was involved in worldwide computer espionage, accusing the report’s authors of being “possessed by the Cold War ghost”.

The Toronto-based Information Warfare Monitor report released on Saturday said that over the past two years, at least 1,295 computers in 103 countries were breached by software used for spying. It said the spy ring was mostly based in China but could not be definitively linked to the government.

Hacking targets included computers used by the Dalai Lama and his “government-in-exile”, the report said.

But the Canadian researchers admitted in the report that they are unsure of the identities or motivations of the hackers, adding that alternative explanations are possible.

“Nowadays, the problem is that there are some people abroad bent on fabricating lies about so-called Chinese computer espionage,” Qin said.

“Internationally, there’s a ghost called the Cold War and a virus called the China threat. People possessed by the Cold War ghost constantly spread this China threat virus.”

China pays great attention to computer network security, and resolutely opposes and fights any criminal activity harmful to computer networks, such as hacking, he said.

“These people’s attempts to vilify China through rumors will never succeed,” he said.

Hu-Sarkozy meeting

Qin said China is still waiting for France to address its grave concerns before President Hu Jintao and French President Nicolas Sarkozy could plan talks on the sidelines of the G20 summit scheduled to start tomorrow in London.

Such a meeting could help mend the countries’ bilateral ties, which soured after Sarkozy met with the Dalai Lama in Poland last year.

First Published: 00:04 IST(26/3/2009)
Last Updated: 01:52 IST(26/3/2009)

The Indian military fears a ‘Chinese aggression’ in less than a decade. A secret exercise, called ‘Divine Matrix’, by the army’s military operations directorate has visualised a war scenario with the nuclear-armed neighbour before 2017.

“A misadventure by China is very much within the realm of possibility with Beijing trying to position itself as the only power in the region. There will be no nuclear warfare but a short, swift war that could have menacing consequences for India,” said an army officer, who was part of the three-day war games that ended on Wednesday.

In the military’s assessment, based on a six-month study of various scenarios before the war games, China would rely on information warfare (IW) to bring India down on its knees before launching an offensive.

The war games saw generals raising concerns about the IW battalions of the People’s Liberation Army carrying out hacker attacks for military espionage, intelligence collection, paralysing communication systems, compromising airport security, inflicting damage on the banking system and disabling power grids. “We need to spend more on developing information warfare capability,” he said.

The war games dispelled the notion that China would take at least one season (one year) for a substantial military build-up across India’s northeastern frontiers. “The Tibetan infrastructure has been improved considerably. The PLA can now launch an assault very quickly, without any warning, the officer said.

The military believes that China would have swamped Tibet with sweeping demographic changes in the medium term. For the purposes of Divine Matrix, China would call Dalai Lama for rapprochement and neutralise him. The top brass also brainstormed over India’s options in case Pakistan joined the war to. Another apprehension was that Myanmar and Bangladesh would align with China in the future geostrategic environment.

Jiaotong is one of China’s top universities, and one charged with helping transform this country into a science and technology powerhouse.

The school has exchange programs with some of the world’s leading universities. Early this year, Duke said that with the help of Jiaotong, it would build its own campus near Shanghai.

Michael J. Schoenfeld, a spokesman for Duke, said on Friday that the university was troubled by the allegations.

“We’re going to have to explore that with Shanghai Jiaotong and understand the situation,” he said. “It’s a very complex situation.”

One of Jiaotong’s strongest departments is computer science, which has garnered support from some of America’s biggest technology companies, including Cisco Systems. Microsoft has collaborated with Jiaotong on a laboratory for intelligent computing and intelligent systems at the university.

Two weeks ago, Jiaotong students won an international computer programming competition sponsored by I.B.M., known as the Battle of the Brains, beating out Stanford and other elite institutions. It was the third time in the last decade that Jiaotong students had taken the top prize.

Jiaotong is also home to the School of Information Security Engineering, which specializes in Internet security. The school’s dean and chief professor have both worked on technology matters for the People’s Liberation Army, according to the school’s Web site.

The school, which has received financing from a high-level government science and technology project, code-named 863, has also regularly invited world-famous hackers and Web security experts to lecture there.

The latest clues do not answer the question of who was behind the attacks. But it is likely to put added pressure on Beijing to investigate a case that has prompted Google to threaten to pull out of China.

Beijing has not announced an investigation, but Web security experts emphasize that the Chinese government would need to be involved to find the ultimate perpetrators of the attacks.

“The U.S. would not be able to trace this” back to the source, said O. Sami Saydjari, the founder of the Cyber Defense Agency, a private Web security firm based in Wisconsin. “We cannot trace it beyond borders. We’d need the cooperation of the Chinese.”

Xiao Qiang, an expert on Chinese Internet censorship and control, says Jiaotong is studying not just Web security but also how to filter content that the government may deem unhealthy.

“Computer security may sound neutral, but in China, it also includes content, including content the government doesn’t like and wants to get rid of,” he says.

Scott J. Henderson, the author of “The Dark Visitor: Inside the World of Chinese Hackers,” said that in 2007, a prominent Chinese hacker with ties to China’s Ministry of Security also lectured at Jiaotong.

“He gave a lecture called ‘Hacking in a Nutshell,’ ” said Mr. Henderson, whose research was partly financed by the American military.

In a statement on Sunday, Microsoft said it could not comment on reports that some hacking had been traced to Jiaotong.

But the statement also said: “We condemn cyberattacks and industrial espionage no matter who is ultimately responsible. We hope officials will conduct a full investigation and cooperate fully with international authorities to get to the bottom of this situation.”

Google and other companies that were victims of the attacks have declined to comment.

Investigators are also looking into whether some of the intrusions originated at Lanxiang Vocational School, in the city of Jinan.

Lanxiang, which has 30,000 students studying trades like cosmetology and welding, was founded in 1984 by a former military officer on land donated by the military, according to Jinan’s propaganda department.

On its Web site, the school records visits to the campus by military officers and boasts of sending “a large batch of graduates to the army” and says “those graduates become the backbone of the army.”

Graduates of the school’s computer science department are recruited by the local military garrison each year, according to the school’s dean, Mr. Shao, who would give only his last name.

School officials also insist that Lanxiang students are not capable of sophisticated hacking.

“It’s impossible for our students to hack Google and other U.S. companies,” Mr. Shao said in a telephone interview. “They are just high school graduates and not at an advanced level.”

Little information is publicly available about the school’s computer science department. But the school says its computer laboratory is so enormous that it was once listed in the Guinness World Records book.

Bao Beibei and Chen Xiaoduan contributed research.

CDT’s further online investigation has found that, according to the school’s own website, the School of Information Security Engineering of Shanghai Jiaotong University is one of the main research units of the China’s “National Information Security Application Demonstration Project” “国家信息安全应用示范工程” – (code name S219) , and the Information Security Project* within the “National 863 Program**.” The school is “a training base for high-level Information Security experts in the national 863 production (east) base” (“国家863产业化（东部）基地信息安全高级专业人才培养基地”).

And who are the trainers of these high-level information security experts? Here is just one example:

Two Chinese Schools Tied to Google Attacks Linked to the Great Firewall and PLA Professor Li Jianhua (李建华), Deputy Dean of the School of Information Security Engineering. Research area：Information Security, Computer Communication Network , Information/Signal Processing, Artificial Intelligence. His titles include: Chief Expert of the Expert Group of Information Security Project of National 863 Program; Expert Committee of National 863 Program Anti-Computer-Invasion and Anti-Virus Technology Research Center (Ministry Public Security) 公安部国家863计划反计算机入侵和防病毒技术研究中心专家委员会成员（公安部）国家863计划信息安全主题专家组首席/管理专家 (科技部)

Together with Shanghai Jiaotong University, the Lanxiang Vocational School is also one of the five colleges which are known to have associated with the national “information security” research program, including the Great Firewall of China. The other three schools known to have participated are Harbin Institute of Technology, Beijing University of Post and Telecommunications, and National University of Defense Technology.

Two Chinese Schools Tied to Google Attacks Linked to the Great Firewall and PLA From information available online, it is not difficult to find connections linking these university research units to the government’s “Information Security” technology research network. For example, from this already deleted list of “Second Term of (National) Internet and Information Security Working Committee (2007),” professor Li Jianhua is listed as a “Member of the Standing Committee”. And the Head of this Committee is none other than Dr. Fang Binxing (方滨兴), a computer scientist, widely known as the the father of the Great Firewall of China. Fang Binxing is the honorary director of the National Computer network Emergency Responses technical Team/Coordination Center of China (CNCERT), a.k.a. the Great Firewall. In Dr. Fang’s public resume, he is the current president of the Beijing University of Post and Telecommunications, and he taught and conducted research from 1984-1999 at the School of Computer and Electronic Engineering at the Harbin Institute of Technology. Since 2005, he has also been a Specially Hired Professor (“特聘教授”) at the National University of Defense Technology. Among many other titles held by Dr. Fang, he has been the Ministry of Public Security’s Specially Hired Expert on Information Security since 2007; a member of the Informationalization Expert Consulting Committee of the People’s Liberation Army General Logistics Department; and in 2001 he was awarded the title of “Outstanding Individual”, jointly given by the Chinese Communist Party Central Organizational Department, Chinese Communist Party Central Propaganda Department, Chinese Communist Party Political and Legal Committee, Ministry of Public Security, Ministry of Civil Affairs and Ministry of Human Resources and Social Security.

What is this mysterious “Lanxiang Vocational School” then? How could a obscure “Vocational School” be listed among China’s top research universities in “information security” research? The answer is that this school includes a special training program for future PLA technology officers. According to the Lanxiang Vocational School website, translated by CDT, “Deputy Chief of Staff of the Jinan Military District, General Zeng Qingzhu came to Shandong Lanxiang to review the national defense education work. In March 2006, the Lanxiang Vocational School established the first military department among the private schools in Shandong, specializing in educating and training high quality technology officers for the military. In the last two years, a large number of excellent graduates have enlisted in the PLA and become the important technology backbone of the military.”

(济南军区副参谋长曾庆祝少将来到山东蓝翔视察国防教育工作。06年3月，蓝翔技校成立山东首家民办学校武装部，专门为部队培养高素质的高级技术士官。两年来，大批优秀学员应征入伍，成为军队的重要技术骨干)

A 14-page ‘restricted’ report prepared by the British intelligence agency MI5’s Centre for the Protection of National Infrastructure has recently come to light.

The report describes how China has attacked British defence, energy, communications and manufacturing companies in a concerted hacking crusade. It also details how undercover intelligence officers from the People’s Liberation Army (PLA) and the Ministry of Public Security approached UK businessmen at trade fairs and exhibitions, offering them ‘lavish hospitality’ and presenting nice ‘gifts’. Unfortunately for the recipients of the famed Chinese hospitality, the gifted cameras and memory sticks, tokens of Chinese friendship, contained electronic Trojan bugs which could enable hackers to remotely access their computers. According to the MI5 report, the Chinese government “represents one of the most significant espionage threats to the UK”.

China was also accused of ‘bugging and burgling’ UK business executives and setting up ‘honeytraps to later blackmail them’.

One thought that techniques like the one used against John Profumo, a British Defence Minister during the Cold War had been relegated to the dustbin of history and were only good for third rate Hollywood scripts, but the MI5 report says that “Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to co-operate with them.”

But today, cyber attacks by Chinese hackers are causing a lot more concern than these ‘honeytraps’. The public became aware of this new type of warfare after Google announced that it would reconsider working in China: the US search engine giant had been the victim of wild attacks originating from China. The attacks involved not only involve Google, but more than 30 companies whose servers were compromised by hackers; this included several human rights groups and some prominent Chinese dissidents. What provoked Google to react in such a sudden manner was the high sophistication of the attack. The attackers seem to have employed some techniques never seen before.

Ron Deibert and Rafal Rohozinski who worked on Tracking Ghostnet (a 10-month assessment of alleged Chinese cyberspying of diplomatic missions, ministries of foreign affairs, and international organizations) explained in the Christian Science Monitor: “As principal investigators in the Information Warfare Monitor, a project formed in 2002 to investigate and analyze the exercise of power in cyberspace, we have seen many of these types of attacks first hand in our research, and have followed closely those examined by other researchers.”

They believe that the Google attacks were unusual not only in ‘scope or sophistication’, but also ‘in terms of the high-profile nature of the victims’. According to cyber watchers, “targeted cyber attacks such as these will grow in frequency as cyberspace becomes more heavily contested. …solutions won’t be easy”.

This is the general opinion among experts, who also point to criminal organizations “thriving in the hidden ecosystems of cyberspace, profiting from cyberattacks, cybercrime, and cyberfraud”.

What about India?

Before leaving for his new assignment in West Bengal, former National Security Advisor M.K. Narayanan declared that China had ‘unleashed cyber aggression against India’. In an interview, he admitted that Chinese hackers had tried to penetrate the Prime Minister’s Office. The former NSA said that his office and other government departments were targeted on December 15 (the same day as Google and other US companies). The attack came through e-mail attachments containing a ‘Trojan’ virus which allows the hacker to penetrate the server and help himself to sensitive files. Officials had to be asked not to log into the server until the threat could be eliminated.

“This was not the first instance of an attempt to hack into our computers,” Narayanan told the journalist.

“People seem to be fairly sure it was the Chinese. It is difficult to find the exact source but this is the main suspicion. It seems well founded.”

Hardly a month later, The Tribune reported that “computer networks at sensitive establishments have experienced a second wave of cyber attacks from foreign-based hackers. Sources in the intelligence reveal that fresh attacks began on January 28 and about 25 computers were targeted.”

The attacked computers belonged to the National Security Council (NSC) Secretariat and the National Security Advisory Board (NSAB). The source of information was an official at the National Technical Research Organisation (NTRO) which is supposed to deal with cyber attacks.

According to the same source, even the Cabinet Secretary has been a victim: “Initial investigations revealed that 30 computers, including eight from the PMO, were compromised. This also involved two persons not on the regular posted strength of the PMO, prompting intelligence agencies to believe that the cyber attacks were backed by a high level of human intelligence, providing the whereabouts of key individuals and their portfolios and e-mail addresses. Others who came under attack from cyber space included the chairman of the Joint Intelligence Committee, chief of the Naval Staff, deputy chief of Naval Staff, PM’s special envoy, the three military intelligence services and establishments of the BSF and CRPF in Jammu and Kashmir.”

Again the Chinese ‘signature’ was suspected. The NTRO has apparently formed a rapid reaction team to deal with such attacks. They claim that their reaction time is about an hour-and-a-half. Experts consulted, however, dismiss this as pure wishful thinking, as attacks are now very sophisticated and not easy to notice.

But let us go back some years. In February 1999, the PLA Literature and Arts Publishing House in Beijing released a fascinating book written by Qiao Liang and Wang Xiangsui, two Senior Colonels of the People’s Liberation Army. The title of the book was Unrestricted Warfare.

The two Chinese officers prophesized the ‘destruction of rules’ in future warfare. They wrote: “The direct result of the destruction of rules is that the domains delineated by visible or invisible boundaries which are acknowledged by the international community lose effectiveness. This is because all principals without national power who employ non-military warfare actions to declare war against the international community all use means that go beyond nations, regions and measures.”

Interestingly they gave some examples: “Whether it is the intrusions of hackers, a major explosion at the World Trade Center, or a bombing attack by bin Laden, all of these greatly exceed the frequency bandwidths understood by the American military, …they [the US] have never taken into consideration and have even refused to consider means that are contrary to tradition and to select measures of operation other than military means.”

One of the reasons behind this thinking has been the arm-dealers lobby striving to sell military ‘hardware’.

But the Art of War is changing fast, very fast.

Many believe that the exhibitors at the Defexpo India 2010 in Delhi’s Pragati Maidan, were only ‘showcasing Land and Naval Systems’ of yesterday. The War of Tomorrow is being prepared behind some computer monitors in Sichuan or Hainan.

In an eye-opening article titled Cyber Warriors published in The Atlantic, James Fallows wrote that it was “rare to hear US military or diplomatic officials talk about war with China as a plausible threat” in the conventional sense of the term. “Yes, circumstances could change, and someday there could be a consensus to ‘take on the U.S.’ But the more you hear about the details, the harder it is to worry seriously about that now,” he says. However, it is different with a cyber war: “After conducting this round of interviews, I now lose sleep over something I’d generally ignored: the possibility of a ‘cyberwar’ that could involve attacks from China — but, alarmingly, could also be launched by any number of other states and organizations.”

The recent shutting down of the Black Hawk Safety Net, the largest hacker training center in Hubei Province is only an eye-wash, smaller centers working in close collaboration with the People’s Liberation Army will stay open and hacking will continue as before.

A few months ago, in a report prepared for the US China Economic and Security Review Commission, Northrop Grumman presented a list of electronic intrusions and disruptions originating from China since 1999. The conclusion was that in most cases it was difficult to say whether the activity was amateur or government-planned, but: “The depth of resources necessary to sustain the scope of computer network exploitation targeting the US and many countries around the world coupled with the extremely focused targeting of defense engineering data, US military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organized cybercriminal enterprises and is difficult at best without some type of state-sponsorship.”

The Chinese State is clearly identified in these attacks.

Another conclusion of the Report is: “The breadth of targets and range of potential ‘customers’ of this data suggests the existence of a collection management infrastructure or other oversight to effectively control the range of activities underway, sometimes nearly simultaneously.”

It will probably take 10 years for the NTRO to prepare such a report and 10 more to make it public. Here, as in infrastructure development, India is far, far behind China. While it will take several more years to complete a deal for 126 Multi Role Combat Aircrafts (for some 11 billion dollars), for a much smaller budget, the Chinese will have found ways to neutralize the electronics of these planes.

But there is worse. In a forthcoming novel, Directive 51, John Barne envisages the collapse of the world ‘financial life’ (most of our ‘assets’ being kept inside some banks’ computer systems), the halt of most manufacturing systems, the evaporation of the technical knowledge and legions of other consequences. A truly frightening thought.

Let us hope that the Indian Government wakes up to the threat, and NRTO will truly be able to respond in one hour.

The TRC has received a grant from the Institutional Development Fund
(IDF) under the World Bank to develop its knowledge base and
implementation capacity, enabling it to design and implement the
second-generation of regulatory reforms in the Information and
Communication Technology (ICT) sector, official sources said.

The TRC intends to engage a consulting firm to assist it in the
establishment of a policy and regulatory framework for Next Generation
Networks (NGNs).

The overall objective of the consultancy is to establish a policy and
regulatory framework with a view to facilitate efficient investments
in NGN and other new comparable technologies and maintain effective
competition among the infrastructure and service providers while
safeguarding consumer interest. The Chinese IT experts will assist the
TRC in the detailed consultation process in formulating the policy and
regulatory framework on NGNs, the sources revealed.

The consultancy will also consider the issues relating to both the
Internet Protocol (IP) based core networks and their interconnection
with NGNs and the issues relating to the IP based Next Generation
Access Networks (NGANs) connecting end users to the NGNs.

The practical lesson was to not point a camera toward uniformed groups of soldiers or police. The broader hint I took was to be more careful when asking about or discussing military matters than when asking about most other aspects of modern China’s development. I did keep asking people in China—carefully—about the potential military and strategic implications of their country’s growing strength. Ever since the collapse of the Soviet Union and consequent disappearance of the U.S. military’s one superpower rival, Western defense strategists have speculated about China’s emergence as the next great military threat. (In 2005, this magazine published Robert Kaplan’s cover story “How We Would Fight China,” about such a possibility. Many of the international-affairs experts I interviewed in China were familiar with that story. I often had to explain that “would” did not mean “will” in the article’s headline.)

The cynical view of warnings about a mounting Chinese threat is that they are largely Pentagon budget-building ploys: if the U.S. military is “only” going to fight insurgents and terrorists in the future, it doesn’t really need the next generation of expensive fighter planes or attack submarines. Powerful evidence for this view—apart from familiarity with Pentagon budget debates over the years—is that many of the neoconservative thinkers who since 9/11 have concentrated on threats from Iraq, Afghanistan, and Iran were before that time writing worriedly about China. The most powerful counterargument is that China’s rise is so consequential and unprecedented in scale that it would be naive not to expect military ramifications. My instincts lie with the skeptical camp: as I’ve often written through the past three years, China has many more problems than most Americans can imagine, and its power is much less impressive up close. But on my return to America, I asked a variety of military, governmental, business, and academic officials about how the situation looks from their perspective. In most ways, their judgment was reassuringly soothing; unfortunately, it left me with a new problem to worry about.

Without meaning to sound flip, I think the strictly military aspects of U.S.-China relations appear to be something Americans can rest easy about for a long time to come. Hypercautious warnings to the contrary keep cropping up, especially in the annual reports on China’s strategic power produced since 2000 by the Pentagon each spring and by the U.S.-China Economic and Security Review Commission each fall. Yet when examined in detail, even these show the limits of the Chinese threat. To summarize:

• In overall spending, the United States puts between five and 10 times as much money into the military per year as China does, depending on different estimates of China’s budget. Spending does not equal effectiveness, but it suggests the difference in scale.

• In sophistication of equipment, Chinese forces are only now beginning to be brought up to speed. For instance, just one-quarter of its naval surface fleet is considered “modern” in electronics, engines, and weaponry.

• In certain categories of weaponry, the Chinese don’t even compete. For instance, the U.S. Navy has 11 nuclear-powered aircraft-carrier battle groups. The Chinese navy is only now moving toward construction of its very first carrier.

• In the unglamorous but crucial components of military effectiveness—logistics, training, readiness, evolving doctrine—the difference between Chinese and American standards is not a gap but a chasm. After a natural disaster anywhere in the world, the American military’s vast airlift and sealift capacity often brings rescue supplies. The Chinese military took days to reach survivors after the devastating Sichuan earthquake in May of 2008, because it has so few helicopters and emergency vehicles.

• For better and worse, in modern times, American forces are continually in combat somewhere in the world. This has its drawbacks, but it means that U.S. leaders, tactics, and doctrine are constantly refined by the realities of warfare. In contrast, vanishingly few members of the People’s Liberation Army have any combat experience whatsoever. The PLA’s last major engagement was during its border war with Vietnam in February and March of 1979, when somewhere between 7,000 of its soldiers (Chinese estimate) and 25,000 (foreign estimates) were killed within four weeks.

Beyond all this is a difference of military culture rarely included in American discussions of the Chinese threat—and surprising to those unfamiliar with the way China’s Communist government chose to fund its army. The post-Vietnam American military has been fanatically devoted to creating a “warrior” culture of military professionalism. The great struggle of the modern PLA has been containing the crony-capitalist culture that comes from its unashamed history of involvement in business. Especially under Deng Xiaoping, the Chinese military owned and operated factories, hotels and office buildings, shipping and trucking companies, and other businesses both legitimate and shady. In the late 1990s President Jiang Zemin led a major effort to peel the PLA’s military functions away from its business dealings, but by all accounts, corruption remains a major challenge in the Chinese military, rather than the episodic problem it is for most Western forces. One example: at a small airport in the center of the country, an airport manager told me about his regular schedule of hong bao deliveries—“red envelopes,” or discreet cash payoffs—to local air-force officers, to ensure airline passage through the sector of airspace they controlled. (Most U.S. airspace is controlled by the Federal Aviation Administration; nearly all of China’s, by the military.) A larger example is the widespread assumption that military officials control the vast Chinese traffic in pirated movie DVDs.

The Chinese military’s main and unconcealed ambition is to someday be strong enough to take Taiwan by force if it had to. But the details of the balance of power between mainland and Taiwanese forces, across the Straits of Taiwan, have been minutely scrutinized by all parties for decades, and shifts will not happen by surprise. The annual reports from the Pentagon and the Security Review Commission lay out other possible scenarios for conflict, but in my experience it is rare to hear U.S. military or diplomatic officials talk about war with China as a plausible threat. “My view is that the political leadership is principally focused on creating new jobs inside the country,” I was told by retired Admiral Mike McConnell, a former head of the National Security Agency and the director of national intelligence under George W. Bush. Another former U.S. official put it this way: “We tend to think of everything about China as being multiplied by 1.3 billion. The Chinese leadership has to think of everything as being divided by 1.3 billion”—jobs, houses, land. Russell Leigh Moses, who has lived in China for years and lectures at programs to train Chinese officials, notes that the Chinese military, like its counterparts everywhere, is “determined not to be neglected.” But “so many problems occupy the military itself—including learning how to play the political game—that there is no consensus to take on the U.S.”

Yes, circumstances could change, and someday there could be a consensus to “take on the U.S.” But the more you hear about the details, the harder it is to worry seriously about that now. So why should we worry? After conducting this round of interviews, I now lose sleep over something I’d generally ignored: the possibility of a “cyberwar” that could involve attacks from China—but, alarmingly, could also be launched by any number of other states and organizations.

The cyber threat is the idea that organizations or individuals may be spying on, tampering with, or preparing to inflict damage on America’s electronic networks. Google’s recent announcement of widespread spying “originating from China” brought attention to a problem many experts say is sure to grow. China has hundreds of millions of Internet users, mostly young. In any culture, this would mean a large hacker population; in China, where tight control and near chaos often coexist, it means an Internet with plenty of potential outlaws and with carefully directed government efforts, too. In a report for the U.S.-China Economic and Security Review Commission late last year, Northrop Grumman prepared a time line of electronic intrusions and disruptions coming from sites inside China since 1999. In most cases it was impossible to tell whether the activity was amateur or government-planned, the report said. But whatever their source, the disruptions were a problem. And in some instances, the “depth of resources” and the “extremely focused targeting of defense engineering data, US military operational information, and China-related policy information” suggested an effort that would be “difficult at best without some type of state-sponsorship.”

The authorities I spoke with pooh-poohed as urban myth the idea that an electronic assault was behind the power failures that rippled from the Midwest to the East Coast in August of 2003. By all accounts, this was a cascading series of mechanical and human errors. But after asking corporate and government officials what worried them, I learned several unsettling things I hadn’t known before.

First, nearly everyone in the business believes that we are living in, yes, a pre-9/11 era when it comes to the security and resilience of electronic information systems. Something very big—bigger than the Google-China case—is likely to go wrong, they said, and once it does, everyone will ask how we could have been so complacent for so long. Electronic-commerce systems are already in a constant war against online fraud. “The real skill to running a successful restaurant has relatively little to do with producing delicious food and a lot to do with cost and revenue management,” an official of an Internet commerce company told me, asking not to be named. “Similarly, the real business behind PayPal, Google Checkout, and other such Internet payment systems is fraud and risk management,” since the surge of attempted electronic theft is comparable to the surge of spam through e-mail networks.

At a dinner in Washington late last year, I listened to two dozen cyber-security experts compare tales of near-miss disasters. The consensus was that only a large-scale public breakdown would attract political attention to the problem, and that such a breakdown would occur. “Cyber crime is not conducted by some 15-year-old kids experimenting with viruses,” Eugene Spafford, a computer scientist at Purdue, who is one of the world’s leading cyber-security figures (and was at the dinner), told me later via e-mail.

It is well-funded and pursued by mature individuals and groups of professionals with deep financial and technical resources, often with local government (or other countries’) toleration if not support. It is already responsible for billions of dollars a year in losses, and it is growing and becoming more capable. We have largely ignored it, and building our military capabilities is not responding to that threat.

With financial, medical, legal, intellectual, logistic, and every other sort of information increasingly living in “the cloud,” the consequences of collapse or disruption are unpleasant to contemplate. A forthcoming novel, Directive 51, by John Barnes, does indeed contemplate them, much as in the 1950s Nevil Shute imagined the world after nuclear war in On the Beach. Barnes’s view of the collapse of financial life (after all, our “assets” consist mostly of notations in banks’ computer systems), the halt of most manufacturing systems, the evaporation of the technical knowledge that now exists mainly in the cloud, and other consequences is so alarming that the book could draw attention in a way no official report can.

Next, the authorities stressed that Chinese organizations and individuals were a serious source of electronic threats—but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole. “The Chinese would be in the top three, maybe the top two, leading problems in cyberspace,” James Lewis, a former diplomat who worked on security and intelligence issues and is now at the Center for Strategic and International Studies, in Washington, told me. “They’re not close to being the primary problem, and there is debate about whether they’re even number two.” Number one in his analysis is Russia, through a combination of state, organized-criminal, and unorganized-individual activity. Number two is Israel—and there are more on the list. “The French are notorious for looking for economic advantage through their intelligence system,” I was told by Ed Giorgio, who has served as the chief code maker and chief code breaker for the National Security Agency. “The Israelis are notorious for looking for political advantage. We have seen Brazil emerge as a source of financial crime, to join Russia, which is guilty of all of the above.” Interestingly, no one suggested that international terrorist groups—as opposed to governments, corporations, or “normal” criminals—are making significant use of electronic networks to inflict damage on Western targets, although some groups rely on the Internet for recruitment, organization, and propagandizing.

This led to another, more surprising theme: that the main damage done to date through cyberwar has involved not theft of military secrets nor acts of electronic sabotage but rather business-versus-business spying. Some military secrets have indeed leaked out, the most consequential probably being those that would help the Chinese navy develop a modern submarine fleet. And many people said that if the United States someday ended up at war against China—or Russia, or some other country—then each side would certainly use electronic tools to attack the other’s military and perhaps its civilian infrastructure. But short of outright war, the main losses have come through economic espionage. “You could think of it as taking a shortcut on the ‘D’ of R&D,” research and development, one former government official said. “When you create a new product, a competitor can cherry-pick the good parts and introduce a competitive product much more rapidly than he could otherwise.” Another technology expert, who serves on government advisory boards, told me, when referring to the steady loss of technological advantage, “We should not forget that it was China where ‘death by a thousand cuts’ originated.” I heard of instances of Western corporate officials who arrived for negotiations in China and realized too late that their briefing books and internal numbers were already known by the other side. (In the same vein: I asked security officials whether the laptops and BlackBerry I had used while living in China would have been bugged in some way while I was there. The answers were variations on “Of course,” with the “you idiot” left unsaid.)

The final theme was that even though these cyber concerns are not confined to China, the Chinese aspects do deserve consideration on their own, because China’s scale, speed of growth, and complex relationship with the United States make it a unique case. Hackers in Russia or Israel might be more skillful one by one, but with its huge population China simply has more of them. The French might be more aggressive in searching for corporate secrets, but their military need not simultaneously consider how to stop the Seventh Fleet. According to Mike McConnell, everything about China’s military planning changed after its leaders saw the results of U.S. precision weapons in the first Gulf War. “They were shocked,” he told me. “They had no idea warfare had progressed to that point, and they went on a crash course to take away our advantage.” This meant both building their own information systems—thus China’s aspiration to create a Beidou (the Chinese name for the Big Dipper) system of satellites comparable to America’s GPS—and being prepared in time of war to “attack what they see as our soft underbelly, our military’s dependence on networking,” as McConnell put it, noting the vast emerging PLA literature on defending and attacking data networks.

Ed Giorgio, formerly of the NSA, has prepared charts showing the points of “asymmetric advantage” China might have over the long run in such competition. Point nine on his 12-point chart: “They know us much better than we know them (virtually every one of their combatants reads English and virtually none of ours read Mandarin. This, in itself, will surely precipitate a massive intelligence failure).” But James Lewis, of CSIS, pointed out an “asymmetric handicap”: “For all the effort the Chinese put into cyber competition, external efforts”—against a potential foe like the United States—“are second priority. The primary priority is domestic control and regime survival. The external part is a side benefit.” For many other reasons, the China-cyber question will, like the China-finance and China-environment and China-human-rights questions, demand special attention and work.

The implications of electronic insecurity will be with us in the long run, among the other enduring headaches of the modern age. The “solution” to them is like the solution to coping with China’s rise: something that will unfold over the years and require constant attention, adjustments, and innovations. “Cyber security is a process, not a patch,” Eugene Spafford said. “We must continue to invest in it—and for the long term as well as the ‘quick fix,’ because otherwise we will always be applying fixes too late.”

No doubt because I’ve been so preoccupied for so long with the implications of China’s growth, I thought I heard a familiar note in the recommendations that many of the cyber-security experts offered. The similarity lies in their emphasis on openness, transparency, and international contact as the basis of a successful policy.

In overall U.S. dealings with China, it matters tremendously that so many Chinese organizations are led or influenced by people who have spent time in America or with Americans. Today’s financial, academic, and business elite in China is deeply familiar with the United States, many of its members having studied or worked here. They may disagree on points of policy—for instance, about trade legislation—but they operate within a similar set of concepts and facts. This is less true of China’s political leaders, and much less true of its military—with a consequently much greater risk of serious misunderstanding and error. The tensest moment in modern China’s security relationship with the outside world came in January of 2007, when its missile command shot one of its own weather satellites out of the sky, presumably to show the world that it had developed anti-satellite weaponry. The detonation filled satellite orbits with dangerous debris; worse, it seemed to signal an unprovoked new step in militarizing space. By all accounts, President Hu Jintao okayed this before it occurred; but no one in China’s foreign ministry appeared to have advance word, and for days diplomats sat silent in the face of worldwide protests. The PLA had not foreseen the international uproar it would provoke—or just didn’t care.

Precisely in hopes of building familiarity like that in the business world, the U.S. Navy has since the 1980s taken the lead in military-to-military exchanges with the PLA. “I think both sides are trying to figure out what kind of a military-to-military relationship is feasible and proper,” David Finkelstein, of the Center for Naval Analyses, in suburban Washington, D.C., told me. “We have two militaries that, in some circumstances, see each other as possible adversaries. At the same time, at the level of grand strategy, the two nations are trying to accommodate each other. There is a major chasm, but both sides are working hard to bridge it.” Such exposure obviously doesn’t eliminate the real differences of national interest between the two countries, but I believe it makes outright conflict less likely.

A similar high-road logic seems to lie behind recommendations for cyber security in general, and for dealing with the Chinese cyber threat in particular. The NSA, which McConnell directed and where Giorgio worked, is renowned for its secrecy. But both men, along with others, now argue that to defend information networks, the U.S. should talk openly about risks and insecurities—and engage the Chinese government and military in an effort to contain the problem.

As a matter of domestic U.S. politics, McConnell argues that we now suffer from a conspiracy of secrecy about the scale of cyber risks. No credit-card company wants to admit how often or how easily it is cheated. No bank or investment house wants to admit how close it has come to being electronically robbed. As a result, the changes in law, regulation, concept, or habit that could make online life safer don’t get discussed. Sooner or later, the cyber equivalent of 9/11 will occur—and, if the real 9/11 is a model, we will understandably, but destructively, overreact.

While trying to build bridges to the military, McConnell and others recommend that the U.S. work with China on international efforts to secure data networks, comparable to the Chinese role in dealing with the world financial crisis. “You could have the model of the International Civil Aviation Organization,” James Lewis said, “a body that can reduce risks for everyone by imposing common standards. It’s moving from the Wild West to the rule of law.” Why would the Chinese government want to join such an effort? McConnell’s answer was that an ever-richer China will soon have as clear a stake in secure data networks as it did in safe air travel.

We’re naturally skeptical of abstractions like “cooperation” or “greater openness” as the solutions to tough-guy, real-world problems. But in making the best of a world that will inevitably be changed by increasing Chinese power and increasing electronic threats from many directions, those principles may offer the right, realistic place to start.

The URL for this page is http://www.theatlantic.com/doc/201003/china-cyber-war