China makes viruses for cyberwar first-strike
DoD report shows change in Chinese military's thinking on information warfare
Computerworld - China's military has developed cyberwarfare first-strike capabilities that include units charged with developing viruses to attack enemy computer networks, a Department of Defense (DoD) report warned last Friday.
"The PLA [People's Liberation Army] has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks," the Pentagon's annual report to Congress on China's military power said. "In 2005, the PLA began to incorporate offensive CNO [computer network operations] into its exercises, primarily in first strikes against enemy networks."
This newest report shows how the Chinese military's thinking on information warfare has changed in recent years, said Andrew Macpherson, director of the technical analysis group at the University of New Hampshire's Justiceworks and a research assistant professor of justice studies. Macpherson, a cybercrime and cyberwar researcher whose group debuted a Cyber Threat Calculator in January at a DoD cybercrime conference, noted that as recently as two years ago, other editions of the report stressed China's investments in defensive measures.
"The Chinese were a lot more concerned about our viruses because they were using off-the-shelf [Western] software," Macpherson said. "Now there's no mention of that, and much more of the discussion is about first-strike capabilities."
Even though the report's short section on information warfare is necessarily vague, "it's a good window into what our government is seeing from China," Macpherson said. "It's the highest level of unclassified American thought on China's capabilities and how they would use them. These annual reports are helpful [because] they show how China continues to develop it's information warfare strategy."
And that development, Macpherson said, includes thinking about using viruses and other cyberwarfare tactics in a first strike. "A lot of [the PLA's] weapons systems are first-strike capable, to give them an advantage in any conflict. They're actively thinking about it. They know they will never catch up [to U.S. military technology], so they need these leapfrog technologies," such as an integrated information warfare capability, he added.
Using cyberwarfare in a first strike, however, is another matter, and as in other military-political decisions, rests on whether China's leaders believed that they had an answer to some sort of political question. Most analysts have pointed to Taiwan, the island nation that the People's Republic of China views as a rogue province, as the location of any possible first strike by the PLA, cyberwarfare or otherwise. "Taiwan is their primary national security issue," Macpherson noted.
The DoD report put it into perspective: "A limited military campaign could include computer network attacks against Taiwan's political, military and economic infrastructure to undermine the Taiwan population's confidence in its leadership."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts