China believes its cyberwarfare capabilities lag behind the United States, but it’s working on closing the gap, according to the U.S. Department of Defense (DOD).
In its annual report to Congress, the Pentagon describes the cyber capabilities and cyber operations of the People’s Liberation Army (PLA), and warns that China continues to launch cyberattacks against organizations around the world, including in the United States.
The PLA sees cyberspace as one of the four critical security domains and it has taken steps to make improvements in this area, the report says.
“China believes its cyber capabilities and personnel lag behind the United States and is working to improve training and bolster domestic innovation to overcome these perceived deficiencies and advance cyberspace operations,” the Pentagon noted.
One of the steps taken by the PLA in an effort to improve its cyber capabilities is the creation of the Strategic Support Force (SSF). Believed to have been established in 2015, the SSF’s role is to centralize the military’s space, cyber and electronic warfare missions.
“The establishment of the SSF may represent the first step in developing a cyber force that creates efficiencies by combining cyber reconnaissance, attack, and defense capabilities into one organization,” the report reads. “PLA writings acknowledge the benefits of unifying leadership, centralizing cyber resource management, and combining offensive and defensive cyber capabilities in one military organization, and cite U.S. Cyber Command as accomplishing such a consolidation.”
According to the Pentagon, the Chinese military distinguishes between wartime and peacetime cyber operations. The former focuses on helping the PLA understand its enemy’s trend, plan combat operations, and “ensure victory on the battlefield.” During peacetime, the focus is on defending cyberspace and electromagnetic space.
“[PLA writings] suggest that China is prepared to use cyber operations to manage the escalation of a conflict, as they view cyber operations as a low-cost deterrent and can demonstrate capabilities and resolve to an adversary,” the DoD says.
The Chinese military’s cyber warfare strategy involves targeting an adversary’s command and control (C&C) and logistics networks in an effort to disrupt its ability to operate. The PLA noted that attacking C&C systems has the potentially to paralyze the enemy and gain superiority on the battlefield.
“Accordingly, the PLA may seek to use its cyberwarfare capabilities to collect data for intelligence and cyber attack purposes; to constrain an adversary’s actions by targeting network-based logistics, communications, and commercial activities; or to serve as a force- multiplier when coupled with kinetic attacks during times of crisis or conflict,” the report says.
Threat actors based in China continued to target computers around the world through 2017, including systems belonging to the DOD and other U.S. government agencies, with a focus on accessing networks and extracting information.
“China can use the information to benefit China’s defense high-technology industries, support China’s military modernization, provide the [Chinese Communist Party] insights into U.S. leadership perspectives, and enable diplomatic negotiations, such as those supporting China’s Belt and Road Initiative,” the DOD says in its report. “Additionally, targeted information could enable PLA cyber forces to build an operational picture of U.S. defense networks, military disposition, logistics, and related military capabilities that could be exploited prior to or during a crisis. The accesses and skills required for these intrusions are similar to those necessary to conduct cyber operations in an attempt to deter, delay, disrupt, and degrade DoD operations prior to or during a conflict.”
Related: China-Linked ‘Thrip’ Spies Target Satellite, Defense Companies
Related: China-Linked Spies Used New Malware in U.K. Government Attack
Related: China-Linked APT15 Develops New ‘MirageFox’ Malware