This article addresses a view outside our borders of potential targeting by foreign nations. When a nation seeks to limit or degrade our national computer infrastructure or conduct commercial or national espionage, it is in fact a homeland security issue.

China seeks information dominance, ultimately leading to global control. According to Lt. Gen. Robert Elder, Commander of Air Force Cyberspace Command at Barksdale AFB, when referring to Chinese cyberspace efforts, he said, “They’re interested in doing this in a way that they can be dominant without even having a fight.”

This mindset is consistent with the Chinese strategist, Sun Tzu who said, “The supreme art of war is to subdue the enemy without fighting.” Using the, “Conquer without a fight” strategy, China uses many avenues of attack to draw closer to their prize. While they use a variety of methodologies, those covered in this article include computer system attacks, national and corporate espionage and the exploitation of Intellectual Property (IP) through reverse engineering or, through outright counterfeit. This article will attempt to discuss these issues separately; yet, there is no clear demarcation line between them. While separate issues, each works together with the other.

China as a Conventional Fighting Force

Before addressing the methodologies noted above, it is important to look at the Chinese fighting force. The focus of this section is not upon the Chinese People’s Liberation Army (PLA) departments (Army, Navy, Air Force), but rather their challenges and how they are driven closer to asymmetrical warfare vice a conventional fight. The size and logistical task of supporting the Chinese military hampers success. With a population of over 1.3 billion, approximately 609 million are listed as being fit for military service. Training, feeding, equipping and transporting such a large force becomes unmanageable during a conventional war scenario. Unless China is faced with protecting border regions or the perceived mass of forces transiting across the straits to Taiwan, an invasion or overthrow of foreign governments are unlikely unless asymmetric tactics are used.

Even so, when China attacked Viet Nam in 1979 with a mass of 400,000 troops, they faced logistical difficulties and could not retain control of the region. After a month, they eventually retreated and in an effort to “save face,” later claimed victory. In both 2005 and 2007, China participated in the “Peace Mission” exercises through the Shanghai Cooperative Organization (SCO). The multi-national response cooperative is comprised of troops from Russia, China, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan. As China prepared to transport 1,600 troops to Russia for the exercise, the event was reported via multiple open sources far before the first aircraft departed. With today’s information networks, the long-range movement of troops rarely goes unnoticed.

Even so, China’s thirst for global domination continues in spite of lessons learned from recent conflicts and exercises. As this article will show, while China takes many small steps forward, they do so with the intent of quietly gaining control of resources, regions and global information systems. Following the tenet of Sun Tzu, “Opportunities multiply as they are seized”, the Chinese are following a patient long-term strategy.

Chinese Culture, Long-Term Strategy and an American View

The Chinese set long-term goals and build upon strategies that over time will yield the intended results. Because their focus is weighed by years or decades, rather than days or months, China can readjust as necessary, sometimes without an adversary recognizing the change. In American culture, those contributing to a project or mission often hopes to see the fruits of their labor. Because the Chinese strategy is extended over a long period, personnel recognize the importance of working toward a national goal. If by chance they get to partake and see the results, it is seen as a great honor to be a part of national history.

Within American culture, the Chinese long-term concept is often difficult to grasp since comparatively, the U.S. has a shorter history.  Even so, America has become a dominant leader in technology, military might, natural resource exploitation and agricultural expertise. A culture with a longer history may feel they own a right to claim these successes as theirs.  With the exception of the Afghanistan and Iraq wars, Americans have become used to fast success. Such a concept of short timelines to victory is in a sense, a key to our own vulnerability.

As China slowly carries out their strategic plan, observers often fail to see indicators of movement. Measured action by China is often seen as inaction until milestones are achieved, represented by a new weapons test, a significant intrusion into U.S. data systems, regional occupation or new Chinese accesses to valuable natural resources. In recent years, China has been reaching a variety of successes catching the attention of both U.S. and allied leaders. Such milestones may be indicators that the Chinese strategy is near complete.

Computer Data System Attacks

For years, computer attacks against military, government agencies and corporate and educational institutions originated from China. Evidence shows the objective is dual-faceted, intended for espionage and degradation of U.S. military operational capabilities. According to Dr. Andrew Palowitch during a presentation at Georgetown University in 2007, the Department of Homeland Security received 37,000 reports of computer attacks, including nearly 13,000 against federal agencies and over 80,000 against Department of Defense (DoD) computers.

While Dr. Palowich does not categorize the originators of the attacks, the 2007 Security Threat Report by Sophos PLC describes how China is the leading originator of computer malware throughout the globe. According to the report, in June 2006, China held 35% of global malware, behind the U.S.  The following year, China supplanted the U.S. in computer malware by increasing to 53.9% throughout the globe and retaining the leading position.

In November 2007, there were over 1,100 attempts to send “Phishing Emails” to employees of the Oak Ridge National Laboratory in Tennessee. Seven separate emails were sent to valid email addresses of personnel working within the center. The emails were intended to gain access to employee files. Eleven individuals opened the emails allowing the infiltration and removal of data. The computer attacks are believed to have originated in China.  Given this type of attack with spoof emails, during an asymmetric warfare scenario when attending to multiple threats simultaneously, how would a person distinguish real emails from those loaded with disinformation?

The price of admission for a computer attacker is cheap.  As we will see in the pages ahead, rather than recruit, train and emplace humans as a sole source for intelligence collection, attacks via computer networks allows anonymity and the chance to strike another day.