Sangathi

News in the interests of the Global Tamils

Inside China’s cyber war room: How PLA is plotting global attacks


The border tensions between India and China has triggered a flurry of intelligence about Chinese indulging in cyber warfare and the latest is the information on a secret People’s Liberation Army unit targeting India’s security and defence related information.

(Rep Image)

The border tensions between India and China has triggered a flurry of intelligence about Chinese indulging in cyber warfare and the latest is the information on a secret People’s Liberation Army unit targeting India’s security and defence related information.

Those tracking the Chinese cyber forays say an aggressive trend has been noticed since the standoff started in early May. Sources say there has been a clear shift with the Chinese trying to target sensitive information and not limiting themselves to merely defacing websites.

It’s not just India but even the United States and the European Union that has issued alerts against Chinese cyber attacks recently.

In a series of warnings the US agencies identified a malware used by China and issued a fresh alert on August 3.

The Eurpoean Union imposed sanctions against two Chinese citizens and company linked to Chinese intelligence after a cyber attack targeting several companies.

As security agencies across the world are closely observing attempts by China, in India the focus is on the Chinese army’s special 61398 unit as it gets active amid the India-China tussle at the Line of Actual Control in Ladakh and India’s decision to ban 59 mobile applications.

Nature of threats

Sources say the involvement of Chinese PLA in cyber warfare is alarming as it’s not restricted to espionage but aims to target critical infrastructure during a conflict.

Jayadev Ranade, Ex- Additional Secretary, R&AW says, “Deception, stealth, ingenuity and evasion of war are the principles China follows. Cyber warfare fits well into this school of thought. They integrated cyber security and technology firms with the PLA units to create cyber battalions within PLA.”

ADVERTISEMENT

He goes on to say that as per information obtained a few years ago, an estimated 50,000 analysts in Chengdu, China are solely stationed to probe and focus on India and its repertoires, including the cyber space. China is said to be conducting passive surveillance of the Indian cyber networks.

Chengdu hosts the headquarters of the Western theater Command of the PLA that is responsible for the entire India frontier from Ladakh to Arunachal Pradesh.

Alok Joshi, a former R&AW chief who also headed the National Techincal Research Organisation (NTRO) heightened cyber activity by the Chinese is not unexpected amid the ongoing border tensions.

“The Chinese are good at masking their cyber activities. It’s sometimes not easy to pin point where they have originated from. It’s always important to assess what targets are being looked into. Many a time they also do it through another country. But when the targets are defence related in such a scenario its clear it’s one of the two adversaries,” he said.

What Joshi says about attacks originating from a third country is a trend that has been noticed even now. Off late cyber attacks from China, Pakistan and North Korea have increased but these could be controlled by China experts feel especially because it comes amid the military escalation.

“Enhancing capabilities against such aggressive cyber warfare needs synergy between public and private agencies as both are equally vulnerable,” he says.

The recent cyber attacks have targeted websites in hacking attempts across a spectrum, both private and government related to information technology and banking.

Cyber warfare as planned by the Chinese can take the whole nation down if they target critical infrastructure. Aviation industry, power grids, banking system can all be hit to paralyze the country, experts feel.

Lt Gen PJS Pannu (retd) who was deputy chief in the Integrated Defence Staff and was responsible for raising the defence space, cyber and special operations division says critical infrastructure needs to be protected at all costs. “During a military conflict cyber attacks can hit the nerve centre and not just soldiers on the ground,” he says.

“Data is the new oil, it’s everything to a nation. It needs to be preserved and protected. In time to come it also be crucial for artificial intelligence,” he says.

Lt Gen Pannu who was at the helm of affairs last year when a cyber exercise was conducted feels matching the adversary is not enough but one needs to be ahead of them.

With the threat of data and information getting compromised the Defence Development and Research Organisation (DRDO) is working towards having safeguards in the military and security domain.

Indian computers and networks are flooded with viruses and trojans. Banking websites and data repositories are often subjected to intrusions or attacks via hackers belonging to China. Most of the routers in the Indian market are manufactured in China and the same can be easily penetrated.

Other than data thefts through Chinese hardware & microchips, in private telecom operators or public (BSNL) operators, power grid failures through cyber warfare can be used for paralyzing the functioning of the country. It is noteworthy to remember that in 2015, the IEEMA (Indian Electronics and Electricals Manufacturers’ Association) asked for a complete ban on Chinese equipment being used in the Indian power sectors. This was after the 2012 National Power Grid failure which was caused owing to cyber-attacks.

Indian Railways too faces a grave threat if it were to face similar attacks on its systems.

Kickstarting of China’s Cyber Warfare

In April 1997, a 100-member elite corps group was set up by the CMC (Central Military Commission) to ideate ways of hacking into American and European computer systems. Ever since this initiative, China has been making wonderful progress in acquiring cyber warfare capabilities.

Fast forward to 2003, and the Communist Chinese Party Central Committee and the Central Military Commission approved the conceptualisation of a new tool called ‘Three Warfares’- psychological, media and legal- making up key areas of cyber warfare, a tool that can be used in the run up to and during hostilities.

Sources say the Chinese in the last 15 years or so are talking about informatisation– a new age warfare based on information technology to enhance their military capabilities.

A small example of this is how Chinese army posts with big domes close to the Line of Actual Control are fitted with radars that have come up in the last decade. These are called radomes, they are basically radars with a data wall meant to keep sucking information.

In 2013, a security company Mandiant released a detailed report linking a Chinese military unit with cyber espionage. This was perhaps the first time that such technical evidence and analysis linking activities to a government entity had been made public. The Mandiant report is said to be a watershed moment for senior U.S. government officials in their approach towards China, with several of them, including then President Barack Obama, publicly addressing the issue of Chinese cyber espionage. In March 2013, the then U.S National Security Advisor Thomas Donilon stated, “Businesses are speaking out about their serious concerns about sophisticated targeted theft of confidential business information and proprietary information through cyber intrusions emanating from China.”

Strategic Support Force

In December 2015, Beijing created a counterpart to the US Cyber Command Centre, the Strategic Support Force, which effectively combines the resources of the PLA(People’s Liberation Army) in the field of cyber, space and electronic warfare.

President Xi Jinping remarked during the SSF founding ceremony on 31 December 2015 that the SSF was a “new-type combat force to maintain national security and is an important growth point for the PLA’s combat capabilities.”

The SSF was formed to consolidate cyber elements of the former PLA General Staff Third (Technical Reconnaissance) and Fourth (Electronic Countermeasures and Radar) Departments and Informatization Department.

The SSF combines cyber reconnaissance, cyberattack, and cyberdefense capabilities into one organization to reduce bureaucratic hurdles and centralize command and control of PLA cyber units.

The SSF is now in the midst of transferring all cyber mission units to the NSD (Network Systems Department), a deputy theater command leader grade organization that acts as the headquarters for the SSF’s cyber operations force, sometimes referred to as a “cyber force” [wang jun] or “cyberspace force”.

Despite its name, the NSD and its subordinate forces are responsible for information warfare more broadly, with a mission set that includes cyber warfare, EW, and potentially psychological warfare.

The Network Systems Department also helms the PLASSF Information Engineering University, a corps leader training facility. This University offers the below specialisations.

The increasing influence of the Central Military-Civil Fusion Development Commission – led by Xi Jinping himself is noteworthy. This confluence has resulted in the Cyberspace Security Military-Civil Fusion Innovation Centre. One of the leaders In the Chinese cyber-security spectrum – Qihoo 360 is a company that is guiding force behind this installation, aiming to improve China’s cyber defences.

The Network Systems Department also helms the PLASSF Information Engineering University, a corps leader training facility. This University offers the below specialisations.

China’s Cyber Warfare Capabilities

The PLA could employ its cyberwarfare capabilities to assist military operations in three key areas.

Firstly, cyber reconnaissance allows the PLA to collect technical and operational data for intelligence and potential operational planning for cyberattacks.

Secondly, the PLA could employ its cyberattack capabilities to establish information dominance in the early stages of a conflict by impeding the actions of the adversary actions or by slowing the mobilization and deployment of troops by targeting network-based C2 (Command and Control Centres), C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) , logistics, and commercial activities.

Thirdly, cyberwarfare capabilities can serve as a significant force multiplier when complimented with conventional warfare. PLA military doctrines explain the effectiveness of information operations and cyberwarfare in modern conflicts and advocate the targeting of an adversary’s C2 and logistics networks to affect the adversary’s ability to operate during the early stages of conflict.

Cyber Security threats and Implications for India

Chinese military doctrines often state that “The first rule of unrestricted warfare is that there are no rules, and nothing is forbidden”. There is a tactic known as “sha shou jian” (or assassin’s mace) which is the concept of taking advantage of an adversary’s seemingly superior conventional capabilities by “fighting the fight that fits one’s own weapons” and “making the weapons to fit the fight”.

It proposes ignoring traditional rules of conflict and advocates such tactics as manipulating foreign media, flooding enemy countries with drugs, controlling the markets for natural resources, joining international bodies so as to be in a position to bend them to one’s will, and engaging in cyberwarfare.

In 2018, a report by Computer Emergency Response (CERT-In) documented that China carried out the highest number of attacks on the official websites of India. China was the host country for35% of all intrusion activities recorded from across the globe targeting Indian websites. The companies widely targeted government industries like ONGC and IRCTC and banks like SBI with a specific targeting of state data centres of banks across states.

India has seen numerous cyber related intrusions and breaches in the last decade.

In 2015, a report by “Fire Eye” – a US based cyber security firm reported that China had been spying on Indian government and businesses for more than a decade without India being aware of it. It would be safe to assume that a spate of intrusions and attempted intrusions like the ones on NIC (National Informatics Centre) in 2009, Websites of MHA (Ministry of Home affairs) and MEA (Ministry of External affairs) in 2012, Norther Power Grid in 2012, Websites of DRDO and PMO in 2013 etc do draw a high level of suspicion against China. In 2017, there was also talk of Chinese hackers attempting to intrude into systems that controlled and monitored Sukhoi 30 fighters of the India Air force in order to forcefully down them.

China’s capabilities will enable the country to launch protracted non-contact warfare. This will be a tough space for India to counter where the fight will be online and not on the ground. There will be no territorial limitations in place, and it will be difficult to call out China at the world stage even with ample proof as international cyber laws are still tricky and China can always get away with blaming non-state actors or private entities behind co-ordinated cyber-attacks.

The PLASSF will be at the centre of all this and a direct threat to critical infrastructure and military networks.

(The writer is a Singapore-based Open-Source Intelligence analyst)


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: