What a cyberwar with China might look like
Former U.S. diplomat describes hypothetical scenario
Computerworld - It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei.
Its first physical attacks against Singaporean assets are still weeks away. But already, China has launched a massive cyber campaign, designed largely to degrade and disrupt the communications capabilities of the U.S., Japan and other allied nations.
Members of the Chinese military's 60,000-strong cyberwarfare group have deeply penetrated U.S. military, government and corporate networks and are already manipulating and controlling them.
When the Chinese army finally launches its first attack against a Singaporean guided missile frigate in the South China Sea in September, U.S armed forces find their communications capabilities severely compromised. Personal computers, radios, satellite communications capabilities and battlefield communication hardware are all but crippled.
Key military networks and servers come under crushing denial-of-service (DoS) attacks, hampering the Pentagon's efforts to mobilize conventional forces. Deliberately injected misinformation flows over the networks to field commanders and to ships at sea.
The conflict ends 55 days later in a standoff between the U.S and the Chinese navy, with a general war being avoided and Singapore retaining its independence.
That's a hypothetical scenario of how a truly full-scale cyberwar launched against the U.S by China would play out, and it's very different from the way many expect such a confrontation look like.
The scenario is described in detail in a report in the latest issue of the U.S. Air Force's Strategic Studies Quarterly (download PDF). The report was authored by Christopher Bronk, a former diplomat with the U.S. Department of State and a fellow specializing in IT policy at Rice University's Baker Institute.
The scenario depicts just one way in which a cyberwar could unfold and is designed to highlight how such conflicts are very unlikely to be a bolt from out of the blue.
"Most likely, cyber conflict will be an 'always on' engagement, even if international policy is enacted to forbid it," Bronk writes in the article. "The only certainty in cyber conflict is that conflict there will not unfold in the ways we may expect."
Speaking with Computerworld this week, Bronk downplayed popular perceptions of a cyber Pearl Harbor, in which critical infrastructure targets such as the electrical grid are attacked and taken out.
Such attacks can't be ruled out entirely, but it's unlikely that a nation state would launch one because of the catastrophic response it would trigger.
"I did not try to make the case that it would be some sort of an apocalyptic event. I did not make the case that it would occur in isolation," he said. Instead, a cyberwar will most likely be part of a broader war or broader campaign, as cyberattacks were part of more conventional conflicts in Georgia and Estonia, he said.
As tactics employed as part of a larger war, cyberattacks will be designed to degrade and disrupt communications and will be terribly hard to thwart, Bronk said. The goal will be not so much to completely disable an opponent's networks but to own as much of a network as possible in order to control it when hostilities break out, he said.
The effort will be "to get inside the other guy's decision process rather than shutting it off entirely," Bronk said. "You don't want your adversaries to abandon their information technology."
In Bronk's hypothetical scenario, for instance, China's cyber offensive is noisy and highly visible but also extremely disruptive. The attacks aren't targeted just at highly secure and classified U.S. networks.
Instead, China's cyber army deeply penetrates many of the unclassified networks used by the government and the military for relatively low-level internal communications and for tasks such as routing supply information.
"Although unclassified, when aggregated, the information passing across these networks provided highly useful intelligence to the Chinese on U.S. dispositions and strategy," Bronk writes in his report. The data gleaned from such networks can provide adversaries with a detailed look at troop movements, cargo operations and demand for fuel and other basic supplies.
In Bronk's scenario, Chinese cyberwarriors penetrate the networks of U.S. corporations' China-based operations long before the conflict starts, and when the fighting begins they use information from those networks to add to the chaos.
False information is deliberately injected into the corporate systems. Package carriers such as FedEx and UPS are forced to halt operations because their systems are routing packages everywhere except to the correct destinations.
"For defense planners at the Pentagon, it was hard enough to know what U.S. forces were doing, let alone the enemy," he writes. "Ships at sea in the Pacific encountered all manner of navigation and datalink issues."
Bronk says his scenario is just one way a cyberwar is likely to play out. But one thing he is relatively sure of is that such a war, if it happens, will not necessarily involve power grids being knocked offline and planes falling from the sky.
To counter the attacks, the U.S. will have to muster all available resources from the NSA, the Homeland Security Department, the DISA, the CIA, the State Department, the Department of Justice and other agencies. Also joining the operation would be top theoretical staff, engineers and even linguists from academia and other specialists from the private sector.
And even then it would take several weeks to disassemble the Chinese attacks, mount a defense against them and re-establish trust in U.S. networks and systems.
However, Bronk said, "I don't see these cascading sets of attacks, where by the end of Day Three we are all sitting in darkness eating beans and heading out into the mountains with our guns."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency... All Cybercrime and Hacking White Papers | Webcasts