Sun Tzu and Cyberspace: Lord of War shapes China's cyberwarfare policy

 In the last two and a half millennia and in accordance with Chinese military tradition, it has been standard practice in China, for all aspiring military officers as well as high ranking administrative officials to study and be rigorously examined in the seminal work of one Sun Tzu of Wu.


His book, the Art of War, and the precepts contained within it, still strongly informs the conditioning and perspectives of the modern Chinese leaders, especially with regard to security issues.  The pervasive view in the west (a myth in actuality) that the mind of Chinese officials and the Chinese in general is impenetrable, owes it's origins in part to the ideology found in the Art of War.  Early Europeans who had initial contact with the Chinese (who were possibly also frustrated with the language and the intricacies of Chinese culture) were quite content to dismiss this deliberate concealment of one's thoughts as oriental eccentricity, superstitious mysticism or a strange, irritating Chinese version of superiority complex . 

Unbeknownst to them but pretty much common knowledge to every Chinese, it was a cardinal rule for one to be shifty, crafty or play the fool, depending on what the situation demanded. In the Art of War, amongst other things regarding the impression one should project, Sun Tzu says -- "Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt". I can't help but feel that perhaps these pioneering europeans would have been better served if they were only provided with a rough translation of the Art of War -- rather than being taken through the lifelong rigors of trying to understand the Chinese psyche or even by learning Mandarin and the Chinese culture!

It is noteworthy though, that today the book is widely read more than ever in its long history and not just by the Chinese.  It got a new lease of life after the validation of the lethal efficacy of it's principles by the Vietnamese, who astutely used the strategies within it first against the French and to an even more appalling effect against the overwhelming might of the US in the Vietnam War (the ardent disciple of Sun Tzu who advocated for and eventually managed to put the simple book to such frightful and vicious effect was the Vietcong commander, General Vo). Thereafter the world was forced to take note and finally accorded the ancient classic the awe and unswerving respect it rightly deserves.

Following the humiliation of a forced retreat and ultimately complete withdrawal from the field by a vastly inferior force, the Americans wisely made it a mandatory book in all it's officer libraries (even in tiny remote bases) and a requisite study for military officers and all CIA recruits. It has been unanimously acclaimed by military men all over the world as well as individuals who have worked its wonders of organizational strategy in business and other spheres of life.

But what does Sun Tzu, who died circa 505-497 BC, have to do with the Internet and cyberspace in general? As a veteran soldier, his book is imbued with the pragmatism and practicalities of conduct of war in his era. There is inherent talk of chariots, horses, regimentation, landscapes and such like. It is not exactly a philosophical treatise -- the kind with ambiguous subliminal content, and subjective malleable meanings, which exclusively hinge on the mind that seeks practical application of such a book's contents. It is a concise, strategist's guide book and on the face of it, it has nothing even remotely close to technological or scientific discourse within it.
 
Well according to CRS reports for the US Congress on cyber-warfare, (expressly with regard to what am about to refer; the one of 2001 by Steven A. Hildreth, a specialist in National Defense and Foreign Affairs) ancient Chinese military strategies still inform all spheres of military thinking in China, and cyber-warfare is no exception -- and I will strive to demonstrate how apparently it seamlessly fits in with the ancient Analects.

Just to quote the CRS Report above: "The  Chinese  concept  of  cyber warfare  incorporates  unique  Chinese  views  of warfare  based  around  the  People’s  War  concept  (modern)  and  the  36  Stratagems(ancient)".
These 36 stratagems that Steven Hildreth is referring to are filtered, anecdotal derivatives from centuries of voluminous Chinese military literature and commentary, which are preeminently based or expound on  the sole surviving, accredited work of SunTzu - the Art of War.  Actually most of the 36 stratagems are snippets directly extracted from the Art of War. The People's War concept on the other hand is more or less conventional modern theory on military organization, conduct and purpose of war based along revolutionary Sino-Marxist lines.

Before proceeding onto how China's ancient military strategic thinking plays into cyberwarfare and why it makes China so much more potently dangerous, it would be prudent to elucidate the meaning and context in which cyber warfare currently occurs.

Cyber warfare in a broad sense is the intentional attack, sabotage, disruption and incapacitation of computer-based systems and computer services which may or may not be integrated within a networked environment. Though not included in the conceptual or actionable definition of cyberwarfare in the view of state actors, in operational respects computer related espionage and theft of data is also handled under the framework of cyberwarfare units.

Contrary to popular belief cyberwarfare is not soley the perpetration of the above acts with the use of remote computer systems against the targeted ones -- physical or kinetic attacks e.g. bombing -- that involves damaging of computer systems, their power supply lines and also removal of critical parts such as storage devices are now considered by many authorities, including governments, as integral aspects of cyberwarfare.

It must be noted that the issue of cyber warfare is still very much a grey area when it comes to definition for it is inextricably dependent on the intention and nature of the perpetrating  party. Based on the attacker's intentions the actions that are construed to comprise cyber warfare can also be defined as cybercrime or cyberterrorism and all three definitions can be valid in the same instance of an attack.

The main parties in cyberwarfare i.e. the targeted entity and the attacker, can be state or non-state actors the latter comprising of criminal rings, terrorist groups, various types of private organizations and solitary individuals as well. Onward I shall restrict myself to only military and state involvement in cyberwarfare.

According to a recently published report by Visiongain, a business intelligence consultancy firm, the market for cyberwarfare technologies will reach $15.9 billion by the end of 2012. A starkly conservative figure, which nonetheless represents the seriousness of the new arms race. Virtually every government in the developed world and all the major powers are actively and independently engaged in the development of arsenals and strike capabilities in cyberwarfare as a deterrent.

The governments known to have the most robust programs in cyberwarfare within the structure of their military or/ and intelligence services but not limited to these countries are: the USA, Russia, the People's Republic of China, Israel, Britain, France, Germany, Japan, India, Pakistan, South Korea and with comparatively limited resources but nonetheless allegedly hyper-normally active -- Iran and North Korea.

 In the case of the last two it could partially be a case of frantic counter-reaction as a response to relentless probing by foreign entities (and in the case of Iran, a well documented crippling attack ) of their critical systems . It could also be  partly due to the campaign that surrounds the  international pressure being brought to bear upon Iran and North Korea mainly for their controversial nuclear programs. The overarching motive would be that with cyberwarfare capabilities they could in the very least anonymously harass their antagonists in protest of punitive or coercive measures  and at best inflict serious damage to their critical ICT assets, which includes military as well as financial and industrial systems.


Here is an overview of known and alleged activities of some of these countries:


China
China's military has set up an elite Internet security task force tasked with fending off cyberattacks but denies that the initiative is intended to create a "hacker army".
The 30-member "Cyber Blue Team" -- the core of the PLA's cyber force -- has been organised under the Guangdong military command in the country's south, and will carry out "cyber-warfare drills".  AFP

In 2003, a series of cyberattacks designed to copy sensitive data files was launched against the US Department of Defence systems, and the computers belonging to DOD contractors. The cyber espionage attack apparently went undetected for many months.  This series of cyberattacks was labeled “Titan Rain,” and was suspected by DOD investigators to have originated in China.  The attacks were directed against the U.S. Defense Information Systems Agency (DISA), the U.S. Redstone Arsenal, the Army Space and Strategic Defense Installation, and several computer systems critical to military logistics.   (CRS Report 2008)


In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite, a weapon and tactic that could be used to knock out the high-tech communications of its enemies.

2007 August German Chancellor Angela Merkel’s visit to China  was disrupted when a report appeared in Der Spiegel claiming that German government computers had been infected with Chinese spy software. Computers in the chancellery, as well as the foreign, economy and research ministries, had been attacked. It was feared that German companies may have been also infiltrated .


In April 2009, computer spies infiltrated the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program in history. In milliseconds, bandits were able to make off with several terabytes of data related to the aircraft's design and electronics system. Once again, officials said the attacks appeared to originate from China, but attribution challenges made verifying of this claim extremely difficult.   WSJ and Committee on Foreign Relations


In January 2010, a sophisticated cyberattack originating in China targeted Google's corporate infrastructure (along with those of other tech companies), stealing intellectual property and infiltrating the email accounts of Chinese human rights activists. An investigation into the incident led Google to end its policy of censoring searches on Google.cn.   Committee on Foreign Relations

US computer firm McAfee said in February 2010 that hackers from China have also infiltrated the computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information.

According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China's leadership has directed hacking campaigns against US Internet giant Google and Western governments.In one cable, the US embassy in Beijing said it learned from "a Chinese contact" that the Politburo had led years of hacking into computers of the United States, its allies and Tibet's exiled spiritual leader, the Dalai Lama.  2011 AFP


In February 2011, hackers linked to China were found to have conducted a multi-year cyberespionage campaign directed at Western energy companies . Despite the evidence, investigators were unable to confirm whether the operation, known as "Night Dragon," was sanctioned by Chinese authorities. Committee on Foreign Relations


USA
In 2009, President Barack Obama declared cyberspace a strategic national asset and requested a complete Cyberspace Policy Review. Since then several commissions and cyberwarfare institutions have been established and co-ordination vigorously re-inforced between the various relevant departments.
A primary catalyst in the formation of the government's current cybersecurity posture was a significant breach of DOD networks in November 2008 at U.S. Central Command (ForeignAffairs). The infiltration enabled an unnamed foreign intelligence agency (read China) to extract critical operational plans without detection. ( CFR)

The United States divides principal responsibility for cybersecurity between the Department of Defense (DOD) and Department of Homeland Security. For fiscal year 2012, the two agencies requested a combined $3.4 billion (FierceGovernment) in cyber-related funds. (About a third of the entire annual budget of the Kenyan government).

In 2001, a Special Committee of Inquiry established by the European parliament accused the United States of using its Echelon electronic spy network to engage in industrial espionage against European businesses.  Echelon was reportedly set up in 1971 as an electronic monitoring system during the Cold War.  European-Union member Britain helps operate the system, which includes listening posts in Canada, Australia, and New Zealand.  Echelon is described as a global spy system reportedly capable of intercepting wireless phone calls, e-mail, and fax messages made from almost any location around the world.


A mysterious worm called “Stuxnet,” reportedly created by the United States and Israel,  inflicted substantial damage on Iran's nuclear program the targeted plants being Bushehr and Nantanz . Various  stronger versions of the Stuxnet have since then emerged and an estimated 60 percent of fresh attacks by the virus continue to target facilities in Iran.


France
France allegedly has a secret program that among other things monitors its citizens in cyberspace.  Reports have surfaced that the French have their own version of Echelon .  Frenchelon, as some have called it, reportedly is used to monitor and analyze global communications.
Besides it's sophisticated Frenchelon system, France has also set up a cyberwarfare unit and enacted a rigorous cyberwarfare doctrine in its government, intelligence and military departments.


Russia
 In 2007 a three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, caused alarm across the western alliance, with NATO urgently examining the offensive and its implications.  It is alleged that there was collusion between the Russian government and trans-national cybercriminals who made their large botnets available for short-term rent.
 (CRS report)


 In August 2008 the Georgian government  accused Russia of disabling Georgian Web sites, including the site for the Ministry of Foreign Affairs. This was at the height of the Georgian conflict in which Russia swarmed Georgia with fighter jets and deployed several divisions of infantry and armored tanks into Georgia.
Internet researchers at Sophos, a computer security firm headquartered in England, noted the Russian cyber attacks and also said that the National Bank of Georgia’s Web site had been defaced at one point and replaced with images of 20th-century dictators.


In January of 2009 the world witnessed the third successful cyber attack against a country, Russia again being the alleged perpetrator. The target was the small country of Kyrgyzstan. The attackers focused on the three of the four Internet service providers in the small country with a population of 5 million. It is thought this attack was part of the coercive measures Russia was employing to force Kyrgyzstan to end the use of a former Soviet airbase in Kyrgyzstan by Americans for their operations in Afghanistan.

The IP traffic in this attack was traced back to Russian-based servers primarily known for cyber crime activity. Multiple sources have blamed the cyber attack on the Russian cyber militia and/or the Russian Business Network (RBN). RBN is thought to control the world’s largest botnet with between 150 and 180 million nodes.

It is now widely accepted that Russian Officials hired the technically capable group to carry out the attack.  The group is thought to have also played a substantial role in the Estonia Attack in 2007 and the attack on Georgia in 2008 .The commercial sourcing of the cyber attack is believed to have been done to put the Russian government at arms length from the hostile act.

Despite it's own roguish behaviour, Russia's has publicly stated in an aggressive cyberwarfare policy that it would without hesitation retaliate with nuclear strikes for cyber attacks waged against it's critical computer systems.



North Korea
 In March 2011 denial-of-service attacks against South Korea disabled several government websites, signalling  the growing threat from a North Korean cyberwarfare unit.

May 3 , 2011 North Korea's cyber warfare unit was back in the spotlight  after South Korean investigators blamed the North for launching an online attack that crippled computer operations at one of Seoul's biggest banks . (Yonhap)

In this attack the South Korean investigators pinpointed the North's top intelligence agency, the Reconnaissance General Bureau, as the perpetrator of the attack that paralyzed the computer system of the National Agricultural Cooperative Federation, or Nonghyup, for weeks

Intelligence officials in Seoul believe that North Korea has about 1,000 hackers in its cyber warfare unit under the command of the Reconnaissance General Bureau.

According to South Korean intelligence officials some of the North Korean hackers are based in China, particularly in Beijing, Heilongjiang and Shandong, in an apparent bid to make it difficult to definitively identify the attackers.

2011  July 4 attacks denial-of-service on Web sites in the U.S. and South Korea could have been a test by a foreign entity to see if flooding South Korean networks and the transcontinental communications between the U.S. and South Korea would disrupt the ability of the U.S. military in South Korea to communicate with military leaders in Washington, D.C., and the Pacific Command in Hawaii. North Korea cyberwarfare unit is the suspected perpetrator of the attacks.

Germany
According to statistics, in 2009 the German government recorded around 900 attacks against its systems, while in 2010  the number of such incidents was expected to reach 1,600 in the first half alone.  As expected, all throughout 2010 and 2011 Germany was plagued with frequent breaches and hundreds of cyberattacks.

A new cyber-warfare center called the Nationales Cyber-Abwehrzentrum (NCAZ, lit. “National Cyber-Defense Center”) was opened in 2011, with initial staff being transferred from the Federal Office for Information Security (BSI)

The second agency is a national cyber-security council called the Nationaler Cyber-Sicherheitsrat. The council is now part of Merkel’s chancellery and includes high-level representatives from key relevant ministries, such as the interior, defence, justice,  and finance ministries.

However, there are critics. Der Spiegel noted that the NCAZ at it's inception was slated to open with only 10 employees on the payroll (Deutsch), while prominent German cyber-security expert Klaus Jansen called the NCAZ a ”sham” due to the agency's small size.


United Kingdom
The United Kingdom already has a cyber defence force. Officially called the Cyber Security Operations Centre (CSOC), it is based at the Government Communications Headquarters (GCHQ) in Cheltenham.

A report leaked from the MI5 at the beginning of 2010 directly pointed the finger at China as a major source of cyber-attacks and threats to British computer systems.


Iran
 According to Israeli sources Tehran has embarked on an ambitious plan to boost its offensive and defensive cyber-warfare capabilities and is investing $1 billion in developing new technology and hiring new computer experts.


 In February 2011, Iranian hackers crippled the Voice of America. The alleged Iranian perpetrators strangely enough and quite out of the ordinary identified themselves as the "Iranian Cyber Army," the group took over dozens of VOA websites including the VOA's  Dari, Pashto, Somali, and Albanian-language sites.

In December 2011, the Spanish-language TV network Univision aired a documentary which included secret footage of Iranian and Venezuelan diplomats being briefed on planned cyber attacks against the United States. The documentary claimed that the diplomats, based in Mexico, were involved in planning cyber attacks against US targets, including nuclear power plants

2012's most serious act of cyberwarfare so far has been reports that indicate an  American UAV (Unmanned Aerial Vehicle), or drone, was “hijacked” and brought down by an Iranian-cyber warfare unit in late December 2011. This is the second time in two months the U.S. drone fleet had been hacked. More astoundingly the hijacked drone seemed to have been safely steered to ground and was displayed on Iranian state TV to  prove it had been salvaged in pristine condition.


Israel
Israel demonstrated its intent to conquer the new sphere of cyber warfare in the 1990s by presenting the country's legions of hackers with a choice between prison and working for the state.Thousands are said to have signed up since then and have been incorporated into the defence forces Unit 8200. One American consultancy rated Unit 8200 as the sixth biggest initiator of cyber attacks on the planet

The Stuxnet virus that downed systems at Iran's Bushehr nuclear reactor to a halt for over six months in 2010 is widely believed to have been the result of an Israeli cyber-attack, although Israel has not admitted it. It's development is alleged to have started as far back as 2006, four years before it's initial deployment, and it is credited as the most sophisticated piece of malware ever developed to date.

2007 - Duqu, a data-stealing piece of malware, was deployed at targeted sites in Iran and some of its allies, including Sudan. The source of the malware is thought to have been developed and deployed by the Israeli cyberwarfare unit.

 When Israel attacked a suspected Syrian reactor in In 2007,  it is alleged the Israeli military may have used an " off switch" buried in the Syrian radar system to allow its aircraft to travel undetected.
 As a pastime the Israeli cyberwarfare unit alongside Zionist sympathizers routinely hack and bring down Palestinian websites, websites of groups such as Hamas as well as  other sites put up by suspected terrorist groups. With the souring relations with Turkey in recent years there have been tit-for-tat cyberattacks between Israel and Turkey, with the prime targets being those of government websites and high profile companies in both countries.

The IDF in 2011 re-organized the units that deal with cyber-warfare, establishing offensive capabilities and operations within Military Intelligence’s Unit 8200 and defensive operations within a new division within the C4I Directorate.
The new division within the C4I Directorate is run by a colonel who took up his post in mid-2011. The officer is the former commander of Matzov, the unit that is responsible for protecting the IDF networks and a Hebrew acronym for “Center for Encryption and Information Security.
Matzov writes the codes that encrypt IDF, Shin Bet (Israel Security Agency) and Mossad networks, as well as mainframes in national corporations, such as the Israel Electrical Corp., Mekorot, the national water company, and Bezeq.

{Kenya, my home country has not been left behind -- the military urged Kenyans to join it in, yes tweeting and chatting with Al Shaabab on the social platforms to dissuade it's members from their terrorist activities. It is a curious request given that 99 percent of Somalia has no electricity and about eighty percent of Somalis are illeterate but Kenya's youthful IT literati (of which am a member) have been trying their best, despite insurmountable odds --  odds such as utter boredom with the idea and a grim lack of interest. The active elements online purporting to be Al Shaabab are known to be mostly sympathizers or young Somalis in the diaspora, particularly in the West. }

                                              ***

From the above accounts it is saliently evident that cyberwarfare is already a daily reality. Amidst the scramble for preponderance in cyberspace, the new dimension for universal human activity, traditional conflicts and enmities have made a natural leap therein. If these activities are translated to their prosaic equivalents amongst individuals China would be gouging out the eyes and ripping the hair from the head of America, while a drunk Israel would be throwing bottles and glasses in a crowded bar with the random hope of hitting a fleeing Iran when she emerges again from the toilet.

In this environment of cut-throat competition,  at first glance a technologically third rate country as recently as a decade ago, China should be struggling to be barely keeping up with the more technologically advanced countries. Yet China is right at the forefront in cyberwarfare and through it's alleged exploits (and therefore demonstration of its capabilities) it has literally dwarfed every other country with the exception of America. 

Worse yet through its aggressive forward policy, it has in  cyberwarfare terms practically clobbered and harassed technologically superior countries such as Germany into desperation. Forcing them to radically upgrade their cyberwarfare capabilities. Even the US has not been spared the brunt of the might of the Chinese hacker hordes. Virtually every single critical and high priority system of the Americans has been probed and in varying degrees violated and it is thought that the exponential growth of the frequency of attacks is far from peaking.  Things are going to get a lot more uglier in the future.

The Russians who at the initial phase provided the Chinese with the training and technical expertise in this field,  have been eclipsed by their proteges. It is telling that most of the attacks that serve the political interests of Russia are carried out by contracted Russian IT mercenaries and cyber criminals. The clearest sign yet of diminished or stagnated potency in cyber capabilities within the Russian state apparatus.

Going back to 1990 and keeping all things equal, the Chinese should be about the same level and at best only slightly better than the Indians in the field of cyberwarfare. So what is it about the Chinese that made them to put up such gargantuan efforts and so early on towards achieving unrivalled preponderance in this medium. What enabled them to readily embrace the hostile use of cyberspace when no one else could see the advantage of such a policy and more importantly, what do they intend to do with their growing might?
Well that is where the teachings of Sun Tzu come in.

In a nutshell Art of War focusses on counteracting the imbalance of engaging a more powerful foe through asymmetrical warfare, primarily through deception whereby commanders are exhorted to unabashedly avail themselves the advantages to be found in the faculties or expediencies of scoundrels.  {Sun Tzu:  All warfare is based on deception}.
According to Sun Tzu in matters military, a good strategist/leader needs only be insightful and prudent with his decisions. But to be trully great and to stand head and shoulder above peers, a general's greatest merit should be a highly developed aptitude for treachery. His ability for deviousness and imaginative use of all resources  and opportunities at his disposal should only be surpassed by his unwavering quest for discipline and ruthless efficiency. 

Perfidy and imaginative use of deceit with regard to an enemy is an all essential commodity which cannot be dispensed with. In strategic terms a superior mind is one that never ceases to come up with schemes that are anchored around cheating, lying and stealing with the underhand aim of cheaply achieving objectives at the expense of enemies or rivals.
It is from this grounding that Chinese leaders remain unfettered and will keep on blatantly lying and prevaricating about their country's cyberwarfare capabilities and activities, even when there is a growing mountain of facts to the contrary.


Juxtaposed militarily with the west, a priori the Chinese take the inferior position -- a  scenario in which asymmetric strategies such as those espoused by Sun Tzu would seem to be perfectly suited. Though it is inconceivable that China could develop it's conventional military capabilities to be at par or at a fair footing with those of America in the near term, the Chinese leaders are sparing no effort to bridge that gap. Military spending has been increasing with double digit rates in China for the last twenty years and is now the second biggest in the world behind America's. The Chinese claim to be spending about 90 billion dollars per annum on their army against America's 700 billion, the true figure is thought to be about 150 - 180 billion dollars, which nonetheless is still less than a fifth of a diminishing budget for the American military.

With such an overwhelming disparity, the possession of nuclear weapons can hardly provide the Chinese with even a slither of assurance that they could effectively protect or pursue their interests militarily against those of America. A good case in point is the island of Taiwan which in a manner of speaking is just spitting distance from mainland China. Taiwan was once a relatively insignificant Chinese island district or county. The long and short of it is that it was occupied by the nationalist Kuomitang government of Chiang Kai Shek after they were militarily routed out of mainland China by the communist rebels led by Mao Zedong in 1949. 

Protected by America Taiwan has been governed since then as an independent state although technically and legally it is still fully part of China. This situation would not be in existence if China had sufficient military wherewithal to simply take back control in what is already internationally recognized as the Chinese jurisdiction of Taiwan.
{It is like the Kibaki administration being made to flee by a Mungiki led uprising to Migingo Island and thereafter successive authorities in Migingo to declare themselves a different state under the protection of Uganda}.

It is this keen sense of inequality vis-a-vis the West that has pushed China to fully and aggressively exploit the advantages that cyberwarfare could avail NOW, with the caveat and understanding that during an open conflict cyberwarfare capabilities would in actuality be useless or provide exceedingly marginal advantage. (It also gives the Chinese leaders no small amount of satisfaction that from time to time they can pull down the pants of the mightiest military force on the planet by means of successful cyber exploits.)

What good is a dangerous but dormant computer virus, if your enemy is not only capable but would already be dropping precision bombs on your laptop, your house and your entire neighbourhood as well and right at the moment when you intend to use it? (The first thing anybody would be thinking of is to throw the damn laptop into a river and set the attacker's grandmother's house on fire in retaliation -- that is one of the few places he would probably not be expecting you to go!) This is the underlying logic that reflects the Chinese actions in taking pro-actively hostile measures against the West even though there is no open conflict or policy statement to such effect. From the view of Sun Tzu it is utterly reckless and  stupid not to use a gimmick or opportunity at your disposal when it is most effective.

For senior military commanders peace time and war time are civil jargon that would normally have little bearing on strategic decisions. At any rate either situation should never be used as a pretext for not taking the appropriate action when it matters the most. This does not mean goading a superior force into an unnecessary open confrontation. As equally  important neither does it mean one should accept being cowed into slothful inaction for the sake of peace. {Sun Tzu: Therefore the clever combatant imposes his will on the enemy, but does not allow the enemy's will to be imposed on him}

Cyberwarfare capabilities for the Chinese unlike for the West is not meant for wartime use or even for deterrence measures, it is primarily designed to be actively used in peace time and the resources thus obtained or compromised would be used as multipliers to leverage conventional means in case of open conflict.
{Sun Tzu: -to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting
              -Therefore the skillful leader subdues the enemy's troops without any fighting; he captures their cities without laying siege to them; he overthrows their kingdom without lengthy operations in the field}

 For example the technology stolen, developed etc in the process or by means of cyber attacks,  could be used in various ways by the army. Information gathered would be used for more effective targeting. Stronger Chinese companies ( many being parastatals -- are occasionally aided in their contract bidding with stolen information) increase national wealth apart from being important organs in foreign countries that provide effective cover for traditional methods of intelligence gathering etc.

The Chinese are not preparing or arming themselves for cyberwarfare, they are already actively engaged in one -- albeit not in the sense the rest of the world has sought to package the understanding of this phenomenon. While the west is busy defining and demarcating what cyberwar is, and stockpiling arsenals of their own --  China is suffering no such scruples about the risks, contextualization, responsibility and purpose of cyberwar. In fact Sun Tzu tells us that the weaker your enemy is and if there is some place he is particularly vulnerable that is when and where you should kick him the hardest.

{Sun Tzu: -Attack him where he is unprepared, appear where you are not expected
              -So in war, the way is to avoid what is strong and to strike at what is weak}
Anybody still thinking the Chinese are going to wait for the rest of the world to catch up and shore up defenses before it unleashes it's cyber-blows is utterly crazy.

Reading the congressional reports and material by the leading security experts in the West, it is apparent that they are inventing a rule book for a kind of war that according to most of them has never even occured --  dubious rules that are not known if in any case  they would be adhered to by parties to such a war .
{ Quote >> Chia Lin says: "Victory is the only thing that matters, and this cannot be achieved by adhering to conventional canons."...
L. Giles: ...Napoleon, as we know, according to the veterans of the old school whom he defeated, won his battles by violating every accepted canon of warfare.}

The Chinese are also more than content to let the rest of the field expend  energy and money by putting up imaginary boundaries as they themselves brazenly loot the fields of cyberspace of whatever trinkets they can get when they still can.

In Sun Tzu's view there is no greater feat of ingenuity, military or otherwise than to lead the opposing side to believe it is only being threatened by exploratory gambits (therefore lulling the foe to invest efforts into ill placed and laborious defensive preparations) while in actuality they are already under full scale attack. China's activities in cyberspace are actually facets of a well orchestrated and vicious, frontal attack which has been cunningly veiled to look like preparations for a hypothesized 'real' attack.

It seems either by accident or by design the Chinese have manoeuvred the US and her allies into a state, in which they seem to believe China's activities are only symptoms of it's growing cyberwarfare capability i.e. it is only flexing it's muscles --  while in reality China is slashing and stabbing with all it's might. Perhaps the west is stabbing back, but only an incompetent fool of an assassin would be oblivious of how and where he is most vulnerable to retaliatory strike-backs. In fact a prudent aggressor (such as China) would prepare herself beforehand, factoring in counter-attacks as certain reaction to be expected of the foe rather than pegging hopes on whimsical calculations of probable  and favourable outcomes.

Cyberwarfare unlike other forms of warfare ( air, land and sea)  hasn't yet been developed to purposely inflict human casualties, that is, it has not yet gotten to the point that it is a matter of life and death, but not for long. Furthermore it is relatively cheap, it has unique benefits such as problems in attribution of sources of attacks and there is no single country that has supreme preponderance in cyberspace and cyberwarfare capabilities. Also it can be done remotely, it exploits system weaknesses and vulnerabilities that are virtually impossible to completely eliminate and is well suited for asymmetric warfare. That is, weaker states and entities can inflict disproportionately greater losses on the stronger ones. Though lacking in strategic value i.e.  cyberwarfare is not perceived as  effective as conventional bombs if used for coercive purposes (would Saddam or Gaddafi been forced out of power even if the West somehow managed to crash all the computers in those countries with viruses?), it can be used as an effective medium for creating diversions, for reconnaissance and intelligence gathering.

M. Wycliff,
Nairobi.


Though this is not meant to be an academic treatise the following reads would be useful for those who would wish to have more authoritative material. They are all easily available online and they are all good starting points with respect to cyberwarfare in general. Lionel Giles' translation of the Art of War is surely the best out there especially with all the notes and background information he provides -- it is simply a must read and is available free of charge in pdf format online under the auspices of the Gutenburg project.


Books/ Reports:
  1. Art of War by Sun Tzu ( Project Gutenburg eBook: Translator Lionel Giles)
  2. CRS Report for Congress (order code RL32114)
Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress  (by Clay Wilson)
3. Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation (by NorthropGrumman)Prepared for: The US-China Economic and Security Review Commission  
4. Cyberterrence and Cyberwar by Martin  C. Libcki
(RAND project: Prepared for US Airforce)
5. CRS Report for Congress (order code RL 30735)
 Cyberwarfare (by Steven A. Hildreth)