What a Cyberwar With China Might Look Like
It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei.
Its first physical attacks against Singaporean assets are still weeks away. But already, China has launched a massive cyber campaign, designed largely to degrade and disrupt the communications capabilities of the U.S., Japan and other allied nations.
Members of the Chinese military's 60,000 strong cyber warfare group have deeply penetrated U.S. defense, government and corporate networks and are already manipulating and controlling them.
When the Chinese army finally launches its first attack against a Singaporean guided missile frigate in the South China Sea in September, U.S armed forces quickly find their communications capabilities severely compromised. Personal computers, radio, satellite communications capabilities and battlefield communication hardware are all but crippled.
Key military networks and servers come under crushing denial of service (DoS) attacks, hampering the military's efforts to mobilize conventional forces. Deliberately injected misinformation flows over the networks to field commanders and to ships at sea.
The conflict ends 55 days later in a standoff between the U.S and the Chinese navy, with a general war being avoided, and Singapore retaining its independence.
But it's the first truly full scale cyberwar launched against the U.S by China, and it's very different from what many had assumed it would look like .
The hypothetical scenario is described in detail in a report in the latest issue of the U.S. Air Force's Strategic Studies Quarterly (PDF document) . The report is authored by Christopher Bronk, a former diplomat with the U.S. State Department and a fellow in IT policy at Rice University's Baker Institute.
The scenario depicts just one way in which a real life cyberwar could unfold and is designed to highlight how such conflicts are very unlikely to be a bolt from the blue.
"Most likely, cyber conflict will be an 'always on' engagement, even if international policy is enacted to forbid it," Bronk writes in the article. "The only certainty in cyber conflict is that conflict there will not unfold in the ways we may expect."
Speaking with Computerworld this week, Bronk downplayed popular perceptions of a cyber Pearl Harbor, in which critical infrastructure targets such as the electrical grid are attacked and taken out.
Such attacks cannot be ruled out entirely but it's unlikely that a nation state would launch one because of the catastrophic response it would trigger.
"I did not try to make the case that it would be some sort of an apocalyptic event. I did not make the case that it would occur in isolation," he said. Instead, a cyberwar will most likely always be part of a broader war, or broader campaign as they were in Georgia and Estonia, he said.
In such a war, cyber attacks will be designed to degrade and disrupt communications and will be terribly hard to purge, Bronk said. The goal will be not so much to completely disable an opponent's networks but to own as much of it as possible in order to control it during a conflict, he said.
The effort will be "to get inside the other guy's decision process rather than shutting it off entirely," Bronk said. "You don't want your adversaries to abandon their information technology."
In Bronk's hypothetical scenario, for instance, China's cyber offensive is noisy and highly visible but also extremely disruptive. The attacks are not targeted just at America's highly-secure and classified networks.
Instead, China's cyber army has deeply penetrated many of the unclassified networks used by the government and the military for relatively low-level internal communications and for tasks such as routing supply information.
"Although unclassified, when aggregated, the information passing across these networks provided highly useful intelligence to the Chinese on U.S. dispositions and strategy," Bronk writes in his report. The information gleaned from such networks can provide adversaries with detailed information on troop movements, cargo operations, demand for fuel and other basic supplies.
Long before the conflict, China's cyber warriors have already penetrated the networks of U.S. corporations based in China, and now they are using information from these networks to add to the chaos.
False information is being deliberately injected into these systems. Companies such as Fedex and UPS are forced to halt operations because their systems are routing packages everywhere except to the correct destinations.
"For defense planners at the Pentagon, it was hard enough to know what U.S. forces were doing, let alone the enemy," he writes. "Ships at sea in the Pacific encountered all manner of navigation and datalink issues."
Bronk says his scenario is just one way a cyberwar is likely to play out. But one thing he is relatively sure of is that such a war, if it happens, will not necessarily involve power grids being knocked offline and planes falling from the sky.
To counter the attacks, the U.S. will have to muster all available resources from the NSA, DHS, DISA, CIA, State Department, the Department of Justice and other agencies. Also roped would be top theoretical staff, engineers and even linguists from academia, as well as from the private sector.
And even then it would several weeks to disassemble the Chinese attacks, mount a defense against them and to reestablish trust in U.S. networks and systems.
"I don't see these cascading set of attacks, where by the end of Day Three we are all sitting in darkness eating beans and heading out into the mountains with our guns," he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.