China a minimal cyber security threat: Paper

Despite having an Information warfare strategy since the mid '90s China's offensive cyber-warfare capabilities are “fairly rudimentary”

Despite growing concern about China’s cyber-warfare capabilities, Australia and other Western nations have little to worry about when it comes to their national security.

That’s the view of Desmond Ball, a professor in the Strategic and Defence Studies Centre at the Australian National University, who in a recent journal paper argues China's offensive capabilities are limited and its own Internet security has notable deficiencies and vulnerabilities.

According to Ball, China had carried out a number of high-profile and successful hacks, denial of service attacks and website defacements in recent years. However, its offensive cyber-warfare capabilities were “fairly rudimentary.”

“[China has] evinced little proficiency with more sophisticated hacking techniques,” the paper reads. “The viruses and Trojan Horses they have used have been fairly easy to detect and remove before any damage has been done or data stolen. There is no evidence that China’s cyber-warriors can penetrate highly secure networks or covertly steal or falsify critical data.

“They would be unable to systematically cripple selected command and control, air defence and intelligence networks and databases of advanced adversaries, or to conduct deception operations by secretly manipulating the data in these networks.”

According to Ball, the capability gap in anti-virus and network security applications between China and other nations was immense.

“China’s cyber-warfare authorities must despair at the breadth and depth of modern digital information and communications systems and technical expertise available to their adversaries,” the paper reads.

In Ball’s view, and despite having an information warfare (IW) plan since 1995 and conducting cyber exercises since 1997, China’s cyber-warfare capability was not expected to better rivals for several decades.

“At best, [China] can employ asymmetric strategies designed to exploit the (perhaps relatively greater) dependence on IT by their potential adversaries…” the paper reads.

“China’s cyber-warfare capabilities are very destructive, but could not compete in extended scenarios of sophisticated IW operations. In other words, they function best when used pre-emptively, as the PLA now practices in its exercises. In sum, the extensive Chinese IW capabilities, and the possibilities for asymmetric strategies, are only potent if employed first.”

In the Australian Security and Intelligence Organisation’s (ASIO) 2010-11 Annual Report, the agency noted that espionage by cyber means was emerging as a serious and widespread concern.

“ASIO is seeing increasingly both foreign state and non-state actors taking advantage of the access, relative anonymity and global reach of the internet,” the report reads. “From the comfort of wherever their computer terminal may be, they probe Australian information systems and data holdings for vulnerabilities and mine for valuable commercial, diplomatic and military intelligence — sometimes with success.

“Despite the rise of espionage through cyber means, ASIO has not seen any reduction in the intensity of other, more traditional forms of espionage — human spies are still being recruited and run and foreign intelligence agencies are still interfering covertly in the Australian community. Indeed, effective coordination between traditional, human-based espionage and computer network operations represents a potent threat to our most sensitive data and networks that are not connected to the Internet."

In July 2010, ASIO established a Cyber Espionage Branch to provide advice to government and business on the threat of cyber-espionage and to investigate increasingly sophisticated and frequent cyber-intrusions into computer networks.

For its part, Australia has worked during the past year to raise cyber security as a foreign policy issue on the international agenda and has moved to better secure its cyber borders.

In the Department of Foreign Affairs and Trade’s (DFAT) 2010/11 Annual Report, the department said it had worked with the Department of the Prime Minister and Cabinet and other agencies on a framework for Australia’s international engagement on cyber.

“The department took the lead for Australia in contributing to the development of international cyber norms by under taking work on messaging, principles to underpin norms, and mapping international activity,” the report reads.

“The department also worked with the Department of Defence to strengthen cooperation with the US and the United Kingdom on cyber in AUSMIN and AUKMIN consultations and contributed to planning for the United Kingdom’s London conference on international cyber norms, scheduled for November 2011."

In a sign of the growing government acceptance of cyber-attacks as genuine threats to national security, the Australian government said it June that it would develop its first Cyber White Paper.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycyberwarfareChinacyber-warfarecyber

More about ASIODepartment of DefenceDepartment of Foreign Affairs and TradeWoolworths

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Lohman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts