Andrew S. Erickson

Jeremy Page, “China State TV Alludes to U.S. Website Attacks,” Wall Street Journal, 24 August 2011.

Chinese state television has broadcast footage of what two experts on the Chinese military say appears to be a military institute demonstrating software designed to attack websites in the U.S.

Although it could be a decade old or a mock-up, the 10-second segment—part of a longer report on cybersecurity—appears to be a rare example of an official source contradicting China’s repeated assertions that it doesn’t engage in cyberattacks, according to Andrew Erickson and Gabe Collins of the China SignPost analytical service, which specializes in military matters. …

China’s Foreign and Defense Ministries didn’t respond to requests for comment Wednesday. Nor did China Central Television Channel 7, known as CCTV-7, where the footage was shown. …

The brief footage—the relevant segment runs no more than 10 seconds—didn’t attract much domestic or international attention when it was first screened last month as part of a 20-minute report on cybersecurity broadcast on CCTV-7, which covers military affairs.

But it was highlighted Wednesday in a report published by Dr. Erickson, an associate professor at the U.S. Naval War College’s China Maritime Studies Institute, and Mr. Collins, a commodities and security specialist focusing on Russia and China. …

Dr. Erickson and Mr. Collins said that if the footage was real, it was probably a decade old, because of the rudimentary nature of the DDOS attack depicted, and because there was a spate of such attacks on Falun Gong targets 10 year ago.

They also said it was unclear whether the footage—which might also have depicted a civilian hacker—was included to reassure a domestic audience about China’s cybercapability, or simply because it suited CCTV-7’s need for some relevant imagery.

But they argued that, even if it were a symbolic representation, it was significant all the same because it was shown on CCTV, one of the government’s main official mouthpieces, and depicted as an attack on a foreign website.

“It appeared to show dated computer screenshots of a Chinese military institute conducting a rudimentary type of cyberattack against a U.S.-based dissident entity,” they wrote. “However modest, ambiguous—and, from China’s perspective, defensive—this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing’s official claims never to engage in overseas hacking of any kind for government purposes.”

They added later: “It certainly looks like a ‘smoking cursor,’ albeit a relatively modest one. China undoubtedly has far superior capabilities at its disposal today.” …

For full text of the report quoted here, see Andrew Erickson and Gabe Collins, “A Smoking Cursor? New Window Opens on China’s Potential Cyberwarfare Development: CCTV 7 program raises new questions about Beijing’s support for hacking,” China SignPost™ (洞察中国), No. 46 (24 August 2011).

Also, the U.S. Department of Defense has just released the following content on PRC cyberwarfare capabilities:

Military and Security Developments Involving the People’s Republic of China 2011

pp. 5-6

Cyberwarfare Capabilities. In 2010, numerous computer systems around the world, including those owned by the U.S. Government, were the target of intrusions, some of which appear to have originated within the PRC. These intrusions were focused on exfiltrating information. Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. China’s 2010 Defense White Paper notes China’s own concern over foreign cyberwarfare efforts and highlighted the importance of cyber-security in China’s national defense.

Cyberwarfare capabilities could serve PRC military operations in three key areas. First and foremost, they allow data collection through exfiltration. Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities. Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

Developing capabilities for cyberwarfare is consistent with authoritative PLA military writings. Two military doctrinal writings, Science of Strategy, and Science of Campaigns identify information warfare (IW) as integral to achieving information superiority and an effective means for countering a stronger foe. Although neither document identifies the specific criteria for employing computer network attack against an adversary, both advocate developing capabilities to compete in this medium.

The Science of Strategy and Science of Campaigns detail the effectiveness of IW and computer network operations in conflicts and advocate targeting adversary command and control and logistics networks to impact their ability to operate during the early stages of conflict. As the Science of Strategy explains, “In the information war, the command and control system is the heart of information collection, control, and application on the battlefield. It is also the nerve center of the entire battlefield.”

In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with the Russian Federation’s efforts to promote more international control over cyber activities. China has not yet agreed with the U.S. position that existing mechanisms, such as International Humanitarian Law and the Law of Armed Conflict, apply in cyberspace. China’s thinking in this area is evolving as it becomes more engaged.