There’s been a glut of military journal releases this week – the stalwart Military Review, featuring an excerpt (PDF) from Bing West‘s new book on Afghanistan; a new issue from the journal Prism, which discusses what are known as “complex operations” (basically, the messy, nation-building-type wars heavy in interagency coordination that have proliferated in the last decade) with an interesting-looking article on human security in complex operations (human security is a newer concept in security studies with the premise that without security at the human level – essentially addressing Maslow’s hierarchy of needs at the lowest level – then you aren’t going to be able to achieve any other type of security); and finally a new issue from Strategic Studies Quarterly. Regular readers will recall I examined an article from their last edition on the “new” Korean War and implications for Taiwan. (It came out just about when the NorKos were shelling Yeonpyeong Island and it seemed as if we were about to say goodbye to the 1953 armistice.) The latter contains an article called “Blown to Bits: China’s War in Cyberspace, August–September 2020“. (PDF) OK, you got me – I’m pretty interested in China’s computer network operations capabilities – let’s take a look at this one.
The author, Christopher Bronk, Fellow in Information Technology Policy at the Baker Institute for Public Policy at Rice University, sets up the fictitious future cyberwar scenario by discussing the development of U.S. information warfare superiority from the 1991 Gulf War to the 1999 Kosovo War. He also mentions the other, more recent bellwethers of possible future cyber conflict, the 2007 and 2008 cyber wars on Estonia and Georgia, respectively. (The belligerent in both instances was thought to be Russia.) In the latter case (Georgia), kinetic conflict was preceded by a cyber “preparation of the battlespace” just as many analysts believe would be the case if the U.S. and China at some point come into a state of military conflict. On the prospects of such an occurrence, Bronk notes
While it is the author’s deepest and most sincere hope that no military conflict will come between China, Japan, India, the United States, or any other states of the Western Pacific and Asia, the massive interest in cyber conflict among these countries leads many to ponder such a struggle.
And so here we are. The scenario he asks us to ponder is this: it is 2020, Taiwan has completed its Finlandization, and the PRC aches for greater conquest in Asia. It sets its sites on Singapore, at the southern end of the Chinese “lake” called the South China Sea and at the eastern mouth of the Strait of Malacca, perhaps the most crucial maritime chokepoint in the Pacific Basin, if not the world. Quite plausibly, China’s actions are spurred by concerns about the security of precious seaborne fossil fuel imports coming through the Indian Ocean.
The author’s intent is not to try to present a litany of details about potential cyberwar that would be impenetrable to anyone not holding an advanced degree in theoretic mathematics or computer science, but instead to consider “how cyberwar might supplant more traditional conflict and how cyber dimensions may alter warfare.”
After laying the groundwork, the scenario begins:
Many a pundit and strategic theorist had wondered what shape unrestrained information warfare might take. The opening hours of China’s virtual war with the United States and its allies over Singapore would confirm many of the worst suspicions of that crowd. Chinese forces were quite clearly working inside the decision loop of the allied forces. Preliminary moves by the PLA in the information space indicated that it could do much damage to enemy communication and computing resources, but a series of hints would reveal that China also likely had compromised, at least to a degree, the encryption mechanisms used to secure US and allied military and diplomatic communications. At times, Beijing most probably held the capacity to have a fairly complete information picture even of very high-level, classified systems, although the reverse was also likely true.
Though the author intended to “stay out of the cyber weeds”, there is a bit of digital undergrowth to deal with, though not too much to detract from his main intent: starting a discussion about whether a forceful political goal can be achieved by cyber means alone. I think this is a lot like the shopworn, discredited thesis popular in the late 1990s that wars could be won by airpower alone that grew from the 1999 Kosovo War – it would be great if the answer was yes, but it’s not.
The scenario demonstrates ably the potential vulnerability of U.S. and allied information nets to cyber attack; the question remains if U.S. decision-makers are willing to take concrete steps now to really protect these vital information channels. Sure, the U.S. has established a formal joint command to deal with cyber issues, but in many cases the lines of responsibility have not been clearly drawn and require further clarification.
- It will soon be too late to stop the cyberwars (ft.com)
- Cyberwar and the Future of Cyber Conflict (schneier.com)
- Cyberwar Planning? It’ll Take a Catastrophe (wired.com)