The world of cyberwarfare may be the
latest hall of mirrors in the relations among nation states. In the days of Cold War espionage – of agents
and double agents – our intelligence services were often never quite sure what
was true or what was false, what was a threat or what was simply intended as a
So, too, in the new world of
cyberwarfare, where the Chinese government and People’s Liberation Army (PLA) may
or may not be systematically planning to bring down our computer networks in a
time of war; the hackers with Chinese addresses who have entered our systems may
or may not even be Chinese; and the thousands of daily attacks may or may not
have the potential for compromising or destroying the network capabilities of
our military and civilian infrastructure.
In its June, 2008 issue, the National
Journal published a widely-noted article by Shane Harris ("China's Cyber-Militia") strongly suggesting that the Chinese government or PLA may have
been responsible for the blackout that hit the North East United States in
2003, as well as a smaller blackout in Florida earlier this year.
Precisely because of all the unknowns,
the Chinese may have felt free to take a chance; but precisely because they
could not be sure what the U.S. might know or how it would react, it is unlikely
that they did. Right now, then – and
only right now it should be emphasized – there may be less here than meets the
However serious the medium- and
long-term threat – and it is quite serious – some perspective is necessary in
assessing Chinese responsibility for the blackouts, as exaggeration and even
hysteria in the IT community may only ultimately undermine a sober response to
China’s capabilities and future designs in cyberwarfare.
As Harris reports, there’s no question
that the Chinese are already engaged in cyberespionage by breaking into
government and private computers in an effort – often successful – to harvest
our military and commercial secrets.
Their efforts took off during the Clinton Administration, during which
there were a series of Chinese spy scandals to which the Administration offered
only the most feeble response.
In fact, in a move that has entrenched
significant danger for years to come, the Clinton Administration – as part of a
misplaced gesture of trust toward the Chinese and Russians – ended efforts by
our military to protect command and control systems from electromagnetic shock
weapons. These weapons can bring down
systems and physically destroy them, the ultimate cyberwarfare nightmare.
The cyberspying that took off during
the Clinton years (despite an acknowledgement by the President of its
seriousness and a vow to stop it) continued at an increasing tempo and at a
more sophisticated level with the development and diffusion of computer
technology and the internet.
High profile incidents – especially
one involving the U.S. Secretary of Commerce, who had information on his laptop
electronically stripped during a visit this year to China – may finally have
alerted top business and government officials to the threat. President Bush,
himself, is now taking the issue more seriously, as is the federal bureaucracy
and private industry. In fact, cyberspying
is relatively easy to counter with off-the-shelf technology – or by something
as simple as not taking crucial information in laptops on trips abroad.
Even more significant than the spying are
Chinese efforts – likely going back to the Clinton Administration – to
penetrate systems with a view to shutting down or destroying economic or
military infrastructure. That, more than
cyberspying, could be a game-changer.
Clearly, China is developing these
capabilities. They have established a kind of cybermilitia, developed
techniques to attack enemy computer systems, and in all probability have at
least penetrated and mapped various of our computer systems in both the private
and public sectors.
But even while China has embraced asymmetrical
warfare in cyberspace as a way to even the odds with the U.S., claims in the National Journal article on its own
terms are not entirely convincing as to any official Chinese role in the
The Journal article only offers one firm
assertion of Chinese government involvement in the 2003 blackout. According to Tim Bennett, former President of
the Cyber Security Industry Alliance, U.S. intelligence officials told him that
the PLA had gained access to the electric power systems network and that the
intrusion “may” have resulted in the blackout.
The official reports on the Northeast
blackout of 2003 blame a variety of factors, none involving a foreign power. And just a few weeks ago, despite another
claim by Bennett (corroborated only by an anonymous expert who cited other
“sources with direct knowledge of the investigation”) that computer hacking was
involved, possibly of Chinese government origin, the official report on the
Florida blackout essentially ruled out cybersecurity breaches.
Conspiracy buffs may allege a cover up,
but it’s unlikely that what could be construed as acts of war could be kept entirely
under wraps. There hasn’t been the hint of
an authoritative word of an official Chinese role in either instance, while
Paul Kurtz, special assistant to the President on critical infrastructure at
the time of the 2003 blackout, has recently flatly denied the claim.
While the PLA is developing the
capacity for cyberwarfare, that is a far cry from prompting serious electrical blackouts
that would engender a terrific risk for China and at the very least could only
have seriously damaged Sino-American relations – and toward what end?
Computer ownership is difficult to
verify; others, including foreigners, could have remotely used Chinese
government computers; and the hackers may simply have been individuals angry at
the West over Tibet or another perceived grievance. The skills employed in
hacking our systems have been used for years by individuals for financial gain
or out of simple maliciousness.
At the same time, there is no way of knowing
to what extent our infrastructure is even prone to the kind of degradation
suggested by the National Journal
article. Certainly defenses against physical
disruption that outlast the attack are available in the form of redundant
systems, firewalls and protective software, as well as private networks. If systems crash, they can usually be brought
up quickly without lasting damage, as happened in Georgia in early August and also
in Lithuania last year.
Crucially, and as China is likely
aware, its own systems may be more exposed than ours given its increasing
reliance on computers and its interest in electromagnetic dominance, which
among other responses has prompted the establishment of a U.S. Air Force cyber
command that will make use of the same kind of hackers China seems to be
Any confrontations between militaries
across the 130 kilometers of the Taiwan Strait, for example, will be heavily
dependent on electrons in command and control of military operations and
weapons systems – and the PLA would face an American military now systematically
engaged in cyberwarfare exercises and with access to the technology of the country
that leads the world in IT.
The totality of circumstances, then, makes
the recent blackout scenarios suggested by the National Journal improbable; more
appearance than reality. But as with anything seriously threatening national
security, especially given the knowns and especially the unknowns of
cyberwarfare, vigilance is required as much as exaggeration is to be avoided.
Even if China has not already brought
down our systems, its capabilities present an increasing and profound peril in
a military and civilian world now totally dependent on computers, and we need
to ensure that the events suggested by the National
Journal do not become a nightmarish reality that allows our adversaries a
crucial advantage in any confrontation.