What a cyberwar with China might look like
Former U.S. diplomat describes hypothetical scenario
Computerworld - It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei.
Its first physical attacks against Singaporean assets are still weeks away. But already, China has launched a massive cyber campaign, designed largely to degrade and disrupt the communications capabilities of the U.S., Japan and other allied nations.
Members of the Chinese military's 60,000-strong cyberwarfare group have deeply penetrated U.S. military, government and corporate networks and are already manipulating and controlling them.
When the Chinese army finally launches its first attack against a Singaporean guided missile frigate in the South China Sea in September, U.S armed forces find their communications capabilities severely compromised. Personal computers, radios, satellite communications capabilities and battlefield communication hardware are all but crippled.
Key military networks and servers come under crushing denial-of-service (DoS) attacks, hampering the Pentagon's efforts to mobilize conventional forces. Deliberately injected misinformation flows over the networks to field commanders and to ships at sea.
The conflict ends 55 days later in a standoff between the U.S and the Chinese navy, with a general war being avoided and Singapore retaining its independence.
That's a hypothetical scenario of how a truly full-scale cyberwar launched against the U.S by China would play out, and it's very different from the way many expect such a confrontation look like.
The scenario is described in detail in a report in the latest issue of the U.S. Air Force's Strategic Studies Quarterly (download PDF). The report was authored by Christopher Bronk, a former diplomat with the U.S. Department of State and a fellow specializing in IT policy at Rice University's Baker Institute.
The scenario depicts just one way in which a cyberwar could unfold and is designed to highlight how such conflicts are very unlikely to be a bolt from out of the blue.
"Most likely, cyber conflict will be an 'always on' engagement, even if international policy is enacted to forbid it," Bronk writes in the article. "The only certainty in cyber conflict is that conflict there will not unfold in the ways we may expect."
Speaking with Computerworld this week, Bronk downplayed popular perceptions of a cyber Pearl Harbor, in which critical infrastructure targets such as the electrical grid are attacked and taken out.
Such attacks can't be ruled out entirely, but it's unlikely that a nation state would launch one because of the catastrophic response it would trigger.
"I did not try to make the case that it would be some sort of an apocalyptic event. I did not make the case that it would occur in isolation," he said. Instead, a cyberwar will most likely be part of a broader war or broader campaign, as cyberattacks were part of more conventional conflicts in Georgia and Estonia, he said.
As tactics employed as part of a larger war, cyberattacks will be designed to degrade and disrupt communications and will be terribly hard to thwart, Bronk said. The goal will be not so much to completely disable an opponent's networks but to own as much of a network as possible in order to control it when hostilities break out, he said.
The effort will be "to get inside the other guy's decision process rather than shutting it off entirely," Bronk said. "You don't want your adversaries to abandon their information technology."
In Bronk's hypothetical scenario, for instance, China's cyber offensive is noisy and highly visible but also extremely disruptive. The attacks aren't targeted just at highly secure and classified U.S. networks.
Instead, China's cyber army deeply penetrates many of the unclassified networks used by the government and the military for relatively low-level internal communications and for tasks such as routing supply information.
"Although unclassified, when aggregated, the information passing across these networks provided highly useful intelligence to the Chinese on U.S. dispositions and strategy," Bronk writes in his report. The data gleaned from such networks can provide adversaries with a detailed look at troop movements, cargo operations and demand for fuel and other basic supplies.
In Bronk's scenario, Chinese cyberwarriors penetrate the networks of U.S. corporations' China-based operations long before the conflict starts, and when the fighting begins they use information from those networks to add to the chaos.
False information is deliberately injected into the corporate systems. Package carriers such as FedEx and UPS are forced to halt operations because their systems are routing packages everywhere except to the correct destinations.
"For defense planners at the Pentagon, it was hard enough to know what U.S. forces were doing, let alone the enemy," he writes. "Ships at sea in the Pacific encountered all manner of navigation and datalink issues."
Bronk says his scenario is just one way a cyberwar is likely to play out. But one thing he is relatively sure of is that such a war, if it happens, will not necessarily involve power grids being knocked offline and planes falling from the sky.
To counter the attacks, the U.S. will have to muster all available resources from the NSA, the Homeland Security Department, the DISA, the CIA, the State Department, the Department of Justice and other agencies. Also joining the operation would be top theoretical staff, engineers and even linguists from academia and other specialists from the private sector.
And even then it would take several weeks to disassemble the Chinese attacks, mount a defense against them and re-establish trust in U.S. networks and systems.
However, Bronk said, "I don't see these cascading sets of attacks, where by the end of Day Three we are all sitting in darkness eating beans and heading out into the mountains with our guns."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts