The Dragon and the Computer: Chinese Cyber-Warfare
I’m happy to be writing for Elsevier’s new blog to introduce the book Introduction to Cyber-Warfare: A Multidisciplinary Approach that I wrote with my wife Jana and our good friend Andrew Ruef. The book is designed to introduce the reader to this new domain of warfare through a series of case studies. This is much the way I learned about conventional military operations through my military training – and why there are so many good books on military history. Jana, Andrew, and I felt that there should be a similar “military history” for cyber-war – so we hope this can help fill that void.
Many people have asked us what we thought about In the light of recent news stories about China engaging in cyber-warfare, particularly regarding intellectual property theft. So, in talking with the good folks at Elsevier, we want answer some of those questions – while giving you a taste of this new book.
The following article is an excerpt from the new book Introduction to Cyber-Warfare: A Multidisciplinary Approach published by Syngress, an imprint of Elsevier. Order your copy now and save 30%! Just enter discount code “SYN30” at checkout.
The Dragon and the Computer: Why Intellectual Property Theft is Compatible with Chinese Cyber-Warfare Doctrine
By Paulo Shakarian, Jana Shakarian, and Andrew Ruef
Abstract: Along with the USA and Russia, China is often considered one of the leading cyber-powers in the world. In this exerpt, we explore how Chinese military thought, developed in the 1990’s, influenced their cyber-operations in the early 2000’s. In particular, we examine the ideas of Unrestricted Warfare and Active Offense and discuss how they can permit for the theft of intellectual property. We then specifically look at how the case study of Operation Aurora – a cyber-operation directed against many major U.S. technology and defense firms, reflects some of these ideas.
Over the past five years, the news media is seemingly littered with alleged Chinese cyber-incidents. These activities have included instances of theft of guarded scientific data, monitoring of communication of the Dalai Lama, and theft of intellectual property from Google. In a testimony to the Congressional Armed Services Committee, General Keith Alexander, the commander of U.S. Cyber Command and head of the National Security Agency (NSA), stated that China is stealing a “great deal” of military-related intellectual property from the U.S. Clearly, cyber-espionage, which includes the theft of intellectual property, is already a key component of Chinese cyber-strategy. The recently released report by the security firm Mandiant provides technical analysis leading to the conclusion that an organization within the People’s Liberation Army (Unit 61398) has been responsible for a great deal of cyber-espionage against English-speaking countries. In this paper, we highlight some of the relevant Chinese doctrine that we believe led to organizations like Unit 61398 and others.
The activities of exfiltration, monitoring, and theft of digital information described here can be easily labeled as incidents of cyber-espionage. The apparent goal of this type of cyber-operation is not to take the computers offline or destroy the data that they contain but rather to capture data of the opposing force. This being the case, such activities could not be labeled as cyber-attacks, because the targeted systems and their data must remain intact in order to obtain the desired data. Hence, we can define cyber-espionage as the act of obtaining access to data from a computer system without the authorization of that system’s owner for intelligence collection purposes.
However, like incidents of computer network attack, these incidents of cyber-espionage too are notoriously difficult to attribute. What then, leads us to believe Chinese involvement in the cyber-espionage incidents? If attribution is so difficult, then why do these actions cause corporations like Google and Northrop Grumman, as well as high-level diplomats such as U.S. Secretary of State Hilary Clinton to issue strong statements against the Chinese government in the wake of such attacks? The issue lies in the origin of the incidents. Often computers involved with the theft of digital information are traced back to networks that are located on the Chinese mainland. Further, forensic analysis of malware from such incidents often indicates the use of Chinese-language software development tools. Though it is virtually impossible to implicate the government of the People’s Republic of China (PRC) in these cyber-espionage actions, the fact that they can be consistently traced to the Chinese mainland raises serious policy questions. Is the Chinese government conducting active investigations against the hackers, and what legal actions are they taking once hackers are identified? Is the Chinese government transparently sharing information of these supposed investigations with the victims of the cyber-espionage? What legal actions is Beijing taking to prevent individual hackers from attacking organizations outside of China? These questions must be given serious consideration in the wake of attempted cyber-espionage to when there is evidence of Chinese origin… [Click here to read the full except as a PDF]
Also note that this excerpt is also available in the Spanish language, courtesy of the U.S. Air Force.
Additional Reading from Elsevier Connect: China and Cyberwarfare — Insights from a Military Computer Scientist
About the Author:
Paulo Shakarian, Ph.D. is a Major in the U.S. Army and an Assistant Professor of Computer Science at the U.S. Military Academy (West Point) teaching classes on computer science and information technology as wells as conducting research on cyber-security, social networks, and artificial intelligence. He has written over twenty papers published in scientific and military journals. Relating to cyber-warfare, he has written the paper “Stuxnet: Cyberwar Revolution in Military Affairs” published in Small Wars Journal and “The 2008 Russian Cyber-Campaign Against Georgia” published in Military Review.
His scientific research has also been well received, featured in major news media such including The Economist and Nature. Previously, he has authored Geospatial Abduction: Principles and Practice published by Springer.
Paulo holds a Ph.D. and M.S. in computer science from the University of Maryland, College Park, a B.S. in computer science from West Point, and a Depth of Study in Information Assurance also from West Point. Paulo has served two combat tours in Operation Iraqi Freedom. His military awards include the Bronze Star, Meritorious Service Medal, Army Commendation Medal with Valor Device, and Combat Action Badge. Learn more about Paulo, at his website.
The opinions in this article are solely those of the author and do not necessarily reflect the opinions of the US Military Academy, the US Army or the Department of Defense.
Securing computer systems is crucial in our increasingly interconnected electronic world. With so many business, consumer, and governmental processes occurring online, a growing potential exists for unauthorized access, change, or destruction of those processes. For years, Elsevier’s Syngress imprint has helped computer and information security professionals learn theory, strategy, and tactics for protecting digital assets in this constantly evolving field. Our books and eBooks in areas such as info security, digital forensics, hacking and penetration testing, certification, and IT security and administration enable these professionals to comply with industry standards, test and analyze protected systems, and extract evidence for improved security resources — all vital aspects of their jobs. Click here for access to our archive of free eBooks, booklets and downloadable PDFs for Syngress and Computer security content. Access companion materials and instructor’s resources for all our books from the Elsevier Store. Search by author, title or ISBN, then look for the “Resources” tab on any book page.