Interesting, if not surprising news from SecurityNewsDaily. Also not surprisingly, the PLA has an innocent explanation:

The elite cyberwarfare unit of the People’s Liberation Army (PLA) is called the “Online Blue Army,” the People’s Daily Online reported. It is tasked with enhancing Chinese troops’ military training and network security, Ministry of National Defense spokesman Senior Colonel Geng Yansheng said.

Which most in the know are probably not buying:

China’s suspected participation in recent high-profile cyberattacks against, among others, Google, Morgan Stanley and DuPont, however, have security experts doubting the intentions of the PLA’s “Blue Army.”

George Smith, senior fellow at, told SecurityNewsDaily the creation of the elite military unit “offers a resource” for more Chinese-borne cyberattacks. Establishing a cyberwarfare military unit, Smith added, “provides a piece of convenient rationalization” for other nations to create similar teams.

Smart money also points to extensive Chinese fingerprints on North Korean network disruption efforts in South Korean and US networks.

The maritime challenge which The People’s Republic of China poses to US interests worldwide is but a portion of a great national effort on the part of the PLA and Red China’s government to gain the oft-stated goal of supremacy. Chinese intentions were spelled out a dozen years ago, in a road map that, with respect to disruption of US critical information infrastructure, the PLA has followed with remarkable fidelity.

Chinese capabilities are far in advance of what is generally acknowledged by either side. As are the resources and intellectual capital being dedicated to the effort. For all of the discussions of China’s new appreciation for Mahan, they have been downright Clausewitzian in developing their “admixture of other means”.


Update: Interesting article in the Wall Street Journal by Richard Clarke, former cybersecurity adviser and National Security Council adviser for three presidents. He makes the point about the US power grid that, before being reported by WSJ in 2009, was only talked about in hushed tones behind closed doors:

In 2009, this newspaper reported that the control systems for the U.S. electric power grid had been hacked and secret openings created so that the attacker could get back in with ease. Far from denying the story, President Obama publicly stated that “cyber intruders have probed our electrical grid.”

There is no money to steal on the electrical grid, nor is there any intelligence value that would justify cyber espionage: The only point to penetrating the grid’s controls is to counter American military superiority by threatening to damage the underpinning of the U.S. economy. Chinese military strategists have written about how in this way a nation like China could gain an equal footing with the militarily superior United States.

With all the debate about “Acts of War” in disruption of the information system realm by an enemy of America, the matter will come down to the yawning chasm between what you can believe with certitude, and what you can prove. Attribution for a “digital Pearl Harbor”, a decade-old phrase making a bit of a comeback, will not be as easy as spotting the red discs on the wings of the torpedo bombers….

Posted by UltimaRatioReg in Air Force, Army, Books, Coast Guard, Foreign Policy, Hard Power, History, Homeland Security, Marine Corps, Maritime Security, Navy

You can leave a response, or trackback from your own site.

  • Derrick

    This reminds me of those History channel shows about the space race of the 60s…with the US and USSR competing in space technology because of the nuclear implications.

    Probably need the same type of focus for Cyber-Warfare. Do a nerd version of the Apollo mission challenge: ensure the US will be the first in developing a super computer that can do upteem zillions of calculations in under 1 nanosecond or something…A good way to generate jobs too.

    In terms of network security…essential services such as the military should have their own physical network to exchange data on. Put high encryption on it and even if enemies were able to get a person on US soil to tap the network connection, it would take forever to decrypt the signal.

    DofS attacks are more complicated. Cannot really stop it on the Internet…but at least with separate physical networks it shouldn’t bog down the military.

    Other problem is viruses, worms, etc…too many out there…and it’s easy to make effective viruses due to open source software. Perhaps the US government should ban the use of open source software on its systems? Too easy for enemies to grab a copy of LINUX source online and make effective viruses against that and other UNIX variants. Perhaps Congress should enact a national security regulation requiring all financial, health, etc. institutions to stop using open source?

    As for getting the right people on cyber warfare…well…I guess the good ones will come if they get a lot of $$$. I say redirect $$$ from unnecessary elements like entertainment (actors, musicians, artists, athletes, etc…) to decrease tax rates for technology people. Then the US government will have a bigger and better pool of nerds to hire from. Plus if nerds got paid more, it would encourage competition amongst them to build better software and tools for Cyber Warfare and US technology in general.

    Last I would suggest establishing some type of cyber warfare arms control negotiation with China. Even if it would obviously boil down to a “we agree to disagree” discussion, at least we’re talking. Let them know we take cyber attacks seriously. At least it’s a start…

    Just my 2 cents worth. Feel free to reject.

  • SneekyCarrot

    I agree that there should be seperate physical networks for the military. There’s an old joke that the only secure computer is one that is unplugged from the wall and burried in concrete. While that’s obviously impractical, having computers connected to the internet is just inviting problems.

    The security of open source software is a long running arguement. There are basically two schools of thought for computer security. One school says that the best way to insure security is to keep as many aspects about design and implementation as secret as possible. From that, your adversary has a more difficult time finding weaknesses in your networks. The other school of thought is exactly the opposite. They contend that you have increased security the more open your system is because the more eyes you have examining your system for weakness, the better you’ll be able to find the holes yourself. Public key encryption would be a good example of this. Everyone knows how the internals work, but you still have significantly strong encryption (e.g. proven one-way algorithms, etc).

    It’s going to be very difficult for the military to compete with private industry for top talent. Financial institutions and others are willing to pay top dollar to protect their own systems and are likely to come without the headaches associated with being a government employee.

  • Robert Marsh, MSG USAR Ret.

    Wasn’t there a paper published on this from the Chinese equivalent to our War College prior to 9/11 and some thought that would be the face of future warfare, cyber, not terrorism? Could the first shots of WW III have been fired last year, and the second shot just this week? Unfortunately I lost my notes on where to get it. Does anybody remember its name or where it might be available?

  • UltimaRatioReg

    MSG Marsh,

    There sure was. The linked text above in the next-to-last paragraph of the post sends you to it. The work was by two PLA Colonels, and entitled “Unrestricted Warfare”.

  • UltimaRatioReg

    MSG Marsh,

    The specific text is “spelled out a dozen years ago”. THX

  • Robert Marsh

    THX, I missed the reference in the text when I read it the first time. That’s what happens when one gets old and tries to think coherently at 0430 in the morning (don’t know when to get in the rack). Being retired and out of the “community” loop I am worried about missing critical information needed to vote intelligently. With a certain country holding our funding and being a major supplier for everyday items and who knows how many defenses contract low level parts, can we still field an effective deterrent force? I read a fictional WW III book several years ago where we imbedded hidden firmware in our products that just happened to be used by our adversary and was the one of the key elements for our victory. Just a few years ago one of our national retailers sold an electronic picture frame for digital images did have imbedded firmware and stole personal data, guess what country was the manufacture? I wonder if I am paranoid or just aware of unrelated things.

  • Derrick

    I would assume US produced software has things in it usable by the US government…hence China’s decision to develop it’s own Operating System. But since most of the methods for developing OS are already known, it shouldn’t be impossible for both sides to develop computer viruses that can attack the others’ proprietary OS. And I’m pretty sure no military in general would run anything on off-the-shelf software anyways. Everything in the CVNs, ships, airplanes, whatever should be proprietary with top-secret source code owned by the US military.

    I think the logical thing to do in a peer to peer conflict would be to attack via cyberspace first, then outer space, and finally the traditional route. However, I’m pretty confident in US cyber security myself. I doubt Chinese cyber warfare units would compare against US ones. And I doubt even more that cyber warfare would do much damage to essential military systems of anyone, otherwise Al Qaeda would have done it years ago.

    That being said, should the US outlaw open source software? Too easy for Al Qaeda and other terrorist wannabe’s to download code and copy it for their own purposes…just a thought…

    My only concern would be information processing power. If China can produce supercomputers better than US, than a theoretically Chinese network centric military would process battlefield data faster than the US and may be able to react more quickly to a dynamically changing battlefield. However, my concern is not really valid for this blog topic.