Independent Domain of China’s Cyberspace Operations

The transformation of the Chinese Military from September 2015 greatly emphasised on new Strategic Support Force (SSF), bringing about significant changes in warfighting and organizational structure of Peoples Liberation Army (PLA). The PLA prophesized that cyber operations are independent means to subdue any adversary, by achieving information dominance. A key facet of this transformation is that space, cyberspace, and electromagnetic spectrum (EMS) are warfighting domains in their own right, rather than being supporting elements in traditional land, sea, and air domains.

On 23 May 2017, a Sukhoi 30 aircraft crashed on India-China Border in North East, which IAF inquiry later opined was cyber attacked, presumably by China.[1] Four major cyberattacks have been noted in India. In July 2016, Union Bank of India heist, through a phishing email sent to an employee, hackers accessed credentials to execute a fund transfer, swindling the Bank of US $171 million, which was recovered later. In May 2017 May, Wannacry Ransomware attack took its toll in India with several thousands of computers getting locked down by ransom-seeking hackers, including Andhra Pradesh police and state utilities of West Bengal. May 2017 data theft at Zomato, discovered that an ‘ethical’ hacker who stole data, including names, email IDs and hashed passwords of 17 million users, demanded the company must acknowledge its security vulnerabilities and put up for sale on the Dark Web. In June 2017 Petya Ransomware attack impacted the world, including India, where container handling terminal of Danish firm AP Moller-Maersk’s at Jawaharlal Nehru Port Trust Mumbai got affected.[2]

In 2019, for three months India faced the most cyber-attacks in the world, according to a report released by Subex, a Bengaluru-based firm providing analytics to telecom and communication service providers. The most commonly targeted sectors in India were critical infrastructure followed by banking, defence, and manufacturing. Chinese cyber-attacks (50,000 in 2019) targeting India are traditionally routed through Vietnam or the Philippines. The purpose of cyber-attacks in many instances was not to cause immediate damage but to stay in the victim’s computer system for the long term, study security deployed within the computer network, and then gather information of strategic importance.[3]

Over the last three decades, China’s military policy pronouncements had been causing qualms on capabilities and intentions on cyber warfare. In the 1990s it was called “information warfare,” than “winning local wars in conditions of modern technology” and “winning local wars under conditions of informationization”. By 2004 “informationization became the key factor in enhancing warfighting capability of the armed forces.” “The Science of Military Strategy” in 2013 emphasized that cyberspace has become a new and essential domain of the military. China also uses the term “Integrated Network Electronic Warfare” (INEW) to describe an integrated approach to information warfare operations, that includes electronic warfare (EW), computer network warfare, and psychological operations.

The PLA now characterizes and understands modern warfare as a confrontation between opposing operational systems rather than merely opposing armies. It is will be won by disrupting, paralysing, or destroying the operational capability of the adversary’s operational systems. By sheer breadth and depth of scientific prowess, PLA will aim at achieving success to dictate political terms, by a modern, technological war to project the international repute of an emerging superpower.

Cyberwarfare is a very cost-effective means of disrupting or disabling an opponent.  Understandably in the information age, cyber power has become an indispensable factor in military operations, part and parcel of military doctrines in defence and attack strategies.  China has also emphasised on the information domain, where information is created, manipulated, and shared.  Five salient manifestations of cyber warfare planned by China merit attention:

  • The span of Cyber Warfare has transcended to the civilian domain of critical infrastructure, like financial institutions, banking, electrical/ power, water, sewage, railways, and telecommunication networks. Indeed, there has been a proliferation of Chinese made computers/ laptops, routers, modems, and telecommunication hardware in Indian networks, which could well have been embedded with viruses, trojans, malware, supplying information to the masters regularly that could be exploitable during the war.[4]  Cyber attacks could include espionage, military, and strategic data stealing and corruption, with cyber weapons, like viruses, worms, Trojan horses, script attacks, rogue Internet codes, and denial-of-service (DDoS) operations and even control on command and control systems. It is also necessary to draw attention on the report “China Has ‘First-Strike’ Capability to Melt U.S. Power Grid with Electromagnetic Pulse Weapon (EMP)”.[5] As per this report China’s military doctrine is closely associated with cyber-attacks with a non-nuclear high-altitude electromagnetic pulse (for example High Powered Microwave produced by magnetrons and vircators), in what is called Total Information Warfare. “If the communications equipment for the transmission of battlefield information were attacked, would face the danger of disruption in battlefield information transmission. EMP severely restricts the tactical performance and battle survivability of informatised equipment.”[6]
  • These configured critical new domains in China’s “informationalized” 21st-century warfare are space operations, cyber, electronic and psychological warfare capabilities, and signals intelligence, among others. In the same vein, offensive operations across the electronic medium employ electronic jamming, electronic deception, directed energy weapons and EMP. China has also elevated cyber warfare to strategic level by adding cyber attacks on satellites or space warfare, to its offensive operations.
  • The cyber warfare also attempts to target cognitive domain of the warfighter. The psychological warfare concept is drawn from the Chinese “Three Warfares” (the two other being Legal and Public Opinion Warfare). It is the domain that facilitates the communication of information among warfighters. In the SSF, Network Systems Department has integrated cyber, electronic and psychological warfare. Psychological Warfare would undermine an adversary’s ability to conduct combat operations by cumulating cyber and EW to deter, shock and demoralize enemy military personnel and supporting civilian populations.
  • The Technical Reconnaissance Bureaus (TRB) with technical intelligence collection resources, would enhance battlefield awareness through intelligence gathered utilizing its extensive space-based resources, and developing target indicators (image, electronic and heat signatures, as well as cyber vulnerabilities) for specific weapon platforms, to be used for targeting by theatre forces in, EW and cyber (and even kinetic) domains. The Ist TRB under WTC is at Chengdu, Sichuan will provide valuable support to Western Theatre Command by space, cyber, electronic and psychological weapons as strategic weapons to paralyze and sabotage operational and command system of systems in initial stages of the conflict. The integration of EW and CW is vital, both a part of EMS for transmission.
  • While warfighting capabilities and security implications of PLA are studied, there is lack of clear understanding of political and psychological warfare. Exploiting vulnerabilities of openness of democratic systems, PLA and Communist Party of China (CPC) play an important role in attempting to influence adversary’s public opinion and shaping way of thinking. The Confucius Institutes, set up in many countries, including three in India, are an important part of China’s influence and propaganda operations.

The aggression by China in Eastern Ladakh in 2020 is in the physical domain, with PLA furtively executing a range of territorial incursions.  There was a robust response by Indian Armed Forces, as the physical domain is one that they have been largely involved in since Independence, and can measure up to even an asymmetrically larger combat power, as also undertake offensives.

Cyberwarfare by China becomes significant for India, also in light of recent belligerence and aggression.  That brings to fore the all-important question, has cyber warfare for PLA becomes a first strike option that can independently achieve political aims and objectives, without undertaking conventional military operations? Without accepting or disallowing adequacy of capacities to undertake it, will China’s cyber warfare campaign materially affect outcomes in the physical domain? The issues are examined as follows:

  • The ambit of cyber warfare and attacks in the civilian realm in India can be substantial, though, is a subject of Governmental consideration, is not deliberated.
  • The primary concern for operational commanders will be the effect of the synergy of space, cyber, EW and psychological warfare capabilities across EMS, for effectively carrying out operations. It is appreciated that this integration will involve Computer Network Operations (CNO), which is offensive action as cyber-attacks against digitisation and computer systems that are networked, and EW like jamming (with spoofing) and hacking.  It can be appreciated that:
    • The effect of integrated cyber-EW-space operations on tactical and operational levels in physical domain will greatly vary from limited to moderate to severe.
    • If the cybersecurity aspects of air assets, UAVs and helicopters, and their infrastructures have not been catered for, their onboard computer, communication, and data links may become vulnerable to cyber-attacks. Similarly electronic fire control systems in ‘A’ vehicles or missile systems, which have embedded computers and insecure communication systems, can be affected. Many of the systems may be protected or resort to manual over-rides to obviate the problems. Similarly, Global Positioning System (GPS) and satellite communications could be hacked or jammed, and wreak havoc on strategic weapons systems, though that may have international ramifications.
    • Tactical command, control and communication (including military radio) networks are prone to cyberattacks and will be vulnerable.
    • There will be a glut of propaganda and psychological warfare, with deep fakes, fakes, and half-truths, addressing political hierarchy, masses of the nation, and the Services. This aspect generally gets underplayed in Government/ Services and overplayed by national audiovisual/ social media. A very important aspect in this information age, this issue mandates immediate strategising.

It is argued that while China has greatly focussed on cyber warfare, its efficacy can only be discerned in actual combat, though currently along the Line of Control it may not be catastrophic and would not lead to any capitulation of force.  There is resilience in warfighting capabilities of Indian Armed Forces and redundancies to continue to undertake military operations, in spite of cyber warfare. With the vastness of borders and effort required, PLA may resort to selective and focussed cyber attacks in the military domain, that lend to the furtherance of operations.

There are however gaping vulnerabilities in cyberspace that need to be significantly reduced by good training and tactical drills and decentralised operations.  Services must strategise against cyberattacks, enhancing robustness and protection of critical infrastructures and warfighting platforms, the ability to detect an attack, and capability to respond and recover afterward. Cyber Deterrence will not be established overnight, but demonstrating credibility through consequences will bolster it.

There is hence a crying need for Indian Armed Forces to create a robust, capable, and adaptable information warfare operational system, subsuming the multi-fragmented agencies exploiting the space and EMS.  We will also require hardening our systems against premature destruction!  We require doctrinal clarity and synchronisation of cyber warfare and electronic warfare operations. There are serious requirements of human resource reforms, of creating a specialist Information Warfare technologists and analysts (both are complementary but not identical).

There are momentous changes afoot in the realms of warfare. The strategic conclusion is that information warfare technologies have fundamentally transformed the character of war, and maybe its nature too!  Time may not be on our side and India might already be the testing ground for newer technologies. The measure of victory in future wars may be successful paralysis over destruction!

End Notes

[1] Naveen Goud,  Cybersecurity Insiders,  accessed at https://www.cybersecurity-insiders.com/china-cyber-attacks-indian-sukhoi-30-jet-fighters/

[2] Saraswat VK, Cyber Security Presentation, Nitin Aayog, New Delhi accessed at https://niti.gov.in/sites/default/files/2019-07/CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf

[3] Regina Mihindukulasuriya, India was the most cyber-attacked country in the world for three months in 2019, The Print, 03 March 2020, accessed at https://theprint.in/tech/india-was-the-most-cyber-attacked-country-in-the-world-for-three-months-in-2019/374622/

[4] Saurabh Tewari China’s Cyber Warfare Capabilities, USI Journal, April 2019 – June 2019, accessed at https://usiofindia.org/publication/usi-journal/chinas-cyber-warfare-capabilities/

[5] Peter Vincent Pry, EMP Task Force on National and Homeland Security, 10 Jun 2020, accessed at https://www.scribd.com/document/466092865/ACFrOgDmmAfPOwLZUAA54O2LFTVwwQRYpt3-b3EO9AmFJTdzyjD7CD-VeTMMHs55q4XU3vFOcbdfzPhVuJuNyDI9dIn78iX20yREnsdYllv9aKaB0k5vW0D1H4dqKfEMGvvOmIUJ9ZOXoKBx7Ly7#download

[6] Zhao Meng, Da Xinyu and Zhang Yapu, Overview of EMP weapons and Protection techniques against them, Winger Missile (PRC Air Force Engineering Unit: 01 May 2014), quoted in Ibid.