What a cyberwar with China might look like

Former U.S. diplomat describes hypothetical scenario

It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei.

Its first physical attacks against Singaporean assets are still weeks away. But already, China has launched a massive cyber campaign, designed largely to degrade and disrupt the communications capabilities of the U.S., Japan and other allied nations.

Members of the Chinese military's 60,000 strong cyber warfare group have deeply penetrated U.S. defense, government and corporate networks and are already manipulating and controlling them.

When the Chinese army finally launches its first attack against a Singaporean guided missile frigate in the South China Sea in September, U.S armed forces quickly find their communications capabilities severely compromised. Personal computers, radio, satellite communications capabilities and battlefield communication hardware are all but crippled.

Key military networks and servers come under crushing denial of service (DoS) attacks, hampering the military's efforts to mobilize conventional forces. Deliberately injected misinformation flows over the networks to field commanders and to ships at sea.

The conflict ends 55 days later in a standoff between the U.S and the Chinese navy, with a general war being avoided, and Singapore retaining its independence.

But it's the first truly full scale cyberwar launched against the U.S by China, and it's very different from what many had assumed it would look like .

The hypothetical scenario is described in detail in a report in the latest issue of the U.S. Air Force's Strategic Studies Quarterly (PDF document) . The report is authored by Christopher Bronk, a former diplomat with the U.S. State Department and a fellow in IT policy at Rice University's Baker Institute.

The scenario depicts just one way in which a real life cyberwar could unfold and is designed to highlight how such conflicts are very unlikely to be a bolt from the blue.

"Most likely, cyber conflict will be an 'always on' engagement, even if international policy is enacted to forbid it," Bronk writes in the article. "The only certainty in cyber conflict is that conflict there will not unfold in the ways we may expect."

Speaking with Computerworld this week, Bronk downplayed popular perceptions of a cyber Pearl Harbor, in which critical infrastructure targets such as the electrical grid are attacked and taken out.

Such attacks cannot be ruled out entirely but it's unlikely that a nation state would launch one because of the catastrophic response it would trigger.

"I did not try to make the case that it would be some sort of an apocalyptic event. I did not make the case that it would occur in isolation," he said. Instead, a cyberwar will most likely always be part of a broader war, or broader campaign as they were in Georgia and Estonia, he said.

In such a war, cyber attacks will be designed to degrade and disrupt communications and will be terribly hard to purge, Bronk said. The goal will be not so much to completely disable an opponent's networks but to own as much of it as possible in order to control it during a conflict, he said.

The effort will be "to get inside the other guy's decision process rather than shutting it off entirely," Bronk said. "You don't want your adversaries to abandon their information technology."

In Bronk's hypothetical scenario, for instance, China's cyber offensive is noisy and highly visible but also extremely disruptive. The attacks are not targeted just at America's highly-secure and classified networks.

Instead, China's cyber army has deeply penetrated many of the unclassified networks used by the government and the military for relatively low-level internal communications and for tasks such as routing supply information.

"Although unclassified, when aggregated, the information passing across these networks provided highly useful intelligence to the Chinese on U.S. dispositions and strategy," Bronk writes in his report. The information gleaned from such networks can provide adversaries with detailed information on troop movements, cargo operations, demand for fuel and other basic supplies.

Long before the conflict, China's cyber warriors have already penetrated the networks of U.S. corporations based in China, and now they are using information from these networks to add to the chaos.

False information is being deliberately injected into these systems. Companies such as Fedex and UPS are forced to halt operations because their systems are routing packages everywhere except to the correct destinations.

"For defense planners at the Pentagon, it was hard enough to know what U.S. forces were doing, let alone the enemy," he writes. "Ships at sea in the Pacific encountered all manner of navigation and datalink issues."

Bronk says his scenario is just one way a cyberwar is likely to play out. But one thing he is relatively sure of is that such a war, if it happens, will not necessarily involve power grids being knocked offline and planes falling from the sky.

To counter the attacks, the U.S. will have to muster all available resources from the NSA, DHS, DISA, CIA, State Department, the Department of Justice and other agencies. Also roped would be top theoretical staff, engineers and even linguists from academia, as well as from the private sector.

And even then it would several weeks to disassemble the Chinese attacks, mount a defense against them and to reestablish trust in U.S. networks and systems.

"I don't see these cascading set of attacks, where by the end of Day Three we are all sitting in darkness eating beans and heading out into the mountains with our guns," he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackinggovernmentGovernment/Industries

More about Department of JusticeDISANSARice UniversityTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place