Overconfident: US Will Win A Cyber War With China

In 2015, the Rand Corporation published a courageous assessment of the war-fighting potential of China and the United States. It assessed that the Americans would have a clear advantage in cyber war scenarios involving Taiwan or the Spratly Islands in 2017.

The authors’ confidence was buttressed by their conclusion that out of another 16 sets of conventional military capability comparisons (such as naval and air), the United States forces enjoyed at least parity in eight and a clear advantage in another six. In other words, China loses in almost all scenarios of military confrontation.

This report is one of the best ever net assessments of US and Chinese military capabilities that is available in the public domain. The report flies in the face of the defeatism and pessimism endemic in US political discourse about threats from a rising China. The report received surprisingly little serious media coverage in the United States, and has fared only modestly in subsequent coverage by US scholars.

That said, a case can be made that the authors understated or under-estimated the degree of US military superiority. There are many ways in which this might be argued, but one stands out above all others to me. The factor that has not been accorded sufficient weight by the authors in assessing kinetic forms of military capability, such as naval or air combat, is the impact of cyber strategies and attacks on that capability.

The report follows the Rand orthodoxy that “cyber operations are primarily support operations,” mere add-ons instead of potentially transformational tools in naval and air force combat operations. The shortcomings of this position are reinforced by two questionable statements.

The first is that the “direct effects of cyber operations can be reversed relatively quickly.” This is only true if one confines one’s view to the damage done to the particular IT system. But in war, the intent of almost all cyber-attacks will be to create a military or political effect beyond the IT system. For example, in a Taiwan-related scenario, the United States would aim cyber-attacks against the forward-deployed combat platforms and the headquarters to slow down the rate of delivery of attack sorties by Chinese forces.

The military and political impact of retarding the intensity of enemy attacks even for 24 hours cannot be reversed by software repairs to the IT system. In fact, a high success rate by the United States in slowing down the intensity of Chinese air attacks in a Taiwan war scenario may be the difference between victory and defeat for China. Sure the specialist may fix the IT system but the war has been lost almost in the same time it takes them to repair the software.

And the software of Chinese weapons systems, command and control, and intelligence systems is only one possible vector of attack on cyber systems. There are seven others: the hardware, the payload, the networks, the power supply, the personnel, the policy chain, and the information ecosystem. In all eight vectors of attack, the United States would not stake everything on a single cyber assault and sit back while Chinese IT specialists found one piece of malware.

The United States would plan sustained multi-phase and multi-vector cyber-attacks, supported by a variety of non-cyber information operations, which would prevent the relatively weak Chinese cyber defenses from having the luxury of quickly reversing those particular attacks they were able to identify in a timely fashion.

The second questionable statement in the Rand study is that “cyber operations almost never involve force-on-force confrontations.” In the US military strategy, most cyber-attacks are reserved exclusively for force-on-force confrontations. Thomas Rid’s book Cyber War Will Not Take Place points us very firmly away from acceptance of this statement by the Rand authors.

The 2015 Vision Statement by the Commander of US Cyber Command, Admiral Mike Rogers, titled “Beyond the Build,” talks of the aim of providing cyber options for all phases of operations, meaning all force-on-force confrontations.

In fact, the authors appear to recognize this later in the conclusion of the relevant chapter when they say that “Cyber warfare matters only to the extent that it affects the outcome of other military operations.” The authors also recognize this in their very strong analysis of possible cyber-attacks on the logistics capability of an enemy.

The authors analyse “strategic cyber warfare” (a dubious concept anyway) and “operational cyber warfare” but they focus the latter topic narrowly around logistics. Their treatment of attacks on command and control or deployed weapons systems is more in the realm of “may or may not” have decisive effect.

The authors also note correctly that attacks on Chinese air defense and intelligence and surveillance assets “are most likely to be successful early in a conflict.” This, in fact, is the very reason why the United States would seek to maximize disabling cyber-attacks against any military cyber systems if such attacks could degrade China’s ability to achieve its war aims.

The analytical shortcoming is compounded in the report’s analysis of classic kinetic modes of warfare such as naval and air combat. It assumes for the most part that extant capability and platforms in the navies and air forces can all make it to the front line and that none of their preparedness has been in any way degraded by cyber-attacks on the platforms themselves, the command and control systems guiding them, or real time intelligence feeds on which their combat effectiveness may depend.

It is now time to focus more on the ways in which cyber military capability can transform military power in wartime. As China’s Military Strategy published in 2015 says: “Outer space and cyber space have become new commanding heights in strategic competition among all parties.”

AsiaTimes:     Three Pronged Attack: Chinese Military In Cyberwarfare Buildup:    Future War - Extremely Fast And Lethal:

 

« How Businesses Can Prevent Point-of-Sale Attacks
Could You Be A UK Cyber-Warrior? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: Learn how SOAR helps you streamline security

ON-DEMAND WEBINAR: Learn how SOAR helps you streamline security

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

ITrust

ITrust

ITrust develops breakthrough products in Cyber/Artificial Intelligence, offering its products in Europe, America and Africa through its partner network (VAR, MSSP, OEM).

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.