A lengthy report prepared for the U.S. government about China's high-tech buildup to prepare for cyberwar includes speculation about how a potential conflict with the U.S. would unfold -- and how it might only take a few freelance Chinese civilian hackers working on behalf of China's People's Liberation Army (PLA) to sow deadly disruptions in the U.S. military logistics supply chain.
As told, if there's a conflict between the U.S. and China related to Taiwan, "Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness," write the report's authors, Bryan Krekel, Patton Adams and George Bakos, all of whom are information security analysts with Northrop Grumman. The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," focuses primarily on facts about China's cyberwar planning but also speculates on what might happen in any cyberwar. It's suggested that China would make a pre-emptive cyberstrike weeks ahead of any purely physical confrontation.
The report's authors say China's People's Liberation Army are calling this "paralysis warfare" which aims at disrupting critical supply lines, logistics and command-and-control systems to support U.S. military operations well in advance of an obvious conflict occurring.
"Unlike traditional air or ballistic missile strikes, network attack and exploitation in particular can be initiated prior to the start of traditional hostilities without being a de-facto [Casus belli] and if done properly, can be implanted with little or no attribution back to China," the report says. It notes that a 2007 PLA-published book, "Informationized Joint Operations," asserts that enemy command and control networks and logistics systems will be among the first elements targeted by integrated network electronic forces under control of the PLA. The report details many disruption methods, including use of BIOS attacks to destroy motherboard hardware components, known in the Chinese cyberwar arsenal today.
The report's authors speculate that what the U.S. military calls the U.S. Transportation Command (TRANSCOM) systems would be considered good targets for disruption because they also provide trusted network access to military logistics systems.
Since an estimated 90% of TRANSCOM's distribution and deployment transactions are handled via unclassified commercial and Department of Defense networks, according to the report, this means Chinese hackers would also be going after civilian-sector companies in TRANSCOM. (The report points out that TRANSCOM combatant commander Gen. William Fraser noted in Senate testimony just last month there has been a 30% annual increase in network penetration attempts against TRANSCOM networks.)
"If the Chinese computer-network espionage team is able to compromise the civilian contractor network via even a rudimentary spear-phishing campaign, they will likely attempt to use valid employee network credentials, e.g. certificates, passwords, user names, and most significantly, network permissions; these elements provide all of the same access as the legitimate user to immediately begin navigating around the contractor network to compromise other machines and establish a command-and-control network before attempting to identify high-value data to penetrate TRANSCOM networks directly from the contractor's now compromised system," the report says.
Sign up for Computerworld eNewsletters.