Questioning China’s CyberLegions

In the Hutong
Not a Caveman
1045 hrs.

The Open Society Institute is not an organization you would classify among China’s great supporters. But OSI Fellow Evgeny Morozov suggests in the Boston Review that our fears of “digital Pearl Harbors” and “cyber-Katrinas” launched from non-democratic countries are, at best, overblown, and at worst distract us from more worrisome threats.

Not least of those in Morozov’s mind would be the implicit threat to democratic regimes by their own governments who may curtail freedoms in the effort to secure their systems, driven by good intentions but hamepred by a misunderstanding  of the real threat.

Skynet? No…er, not YET

Morozov does an excellent job taking apart some of the misperceptions and complexities around computer security and cyber-warfare, adding some balance to a discussion normally dominated by the voices or proxies of what we might call the Cybersecurity Industrial Complex (CIC, pronounced “sick.”)

Morozov resists the temptation to turn China into a punching bag, choosing instead to take a wide-angle look at the issues, and in the process putting to rest much of the fear, uncertainty, and doubt around cyber-security.

It is a superb article, and I agree with about 90% of it, especially his contentions that the most important targets for cyber warfare will (initially at least) not be militaries or governments but enterprises and NGOs, and that much cyber-conflict will take place in the realm of the criminal rather than the martial.

What concerns me about Morozov is that in the course of his article he gently manages to sing us to sleep vis-a-vis information warfare. His offhanded dismissal of cyberwar sounds a bit like the U.S. Admirals who ridiculed General Billy Mitchell’s contention in the early 1920s that aircraft would render battleships obsolete. The Admirals were absolutely right – at the time. On December 7, 1941 and dozens of occasions afterward, however, they were 100% wrong.

History has proven that the premature dismissal of a new technology because of poor initial performance on the battlefield is as foolish as it is common.

As difficult as it might be to separate calm, rational threat assessment from alarmist hyperbolic hucksterism, it would not do to allow Morozov to shrink military-class information security threats to the point of non-existence. Computers are commonplace and a billion people are online, but  we are only beginning to understand the full security implications of a connected world.

I am a still at the stage of “student” when it comes to information warfare. My greatest accomplishment to date on that score has been to assemble a fairly intimidating body of literature on the topic that by its very presence on my bookshelves tasks me to take it on.

But it does not take an expert to discern that China’s substantial budgetary challenges, balanced with a need to build a credible and modern national defense, will drive it to choose asymmetric strategies. China will build systems to deny advantages to its adversaries rather than try to match them. Put in concrete terms, that means building lots of anti-ship missiles rather than lots of aircraft carriers, anti-satellite missiles rather than its own constellation of GPS satellites, and hacks, cracks, viruses, and botnets rather than complex C4I networks.

That there are technical, doctrinal, and practical challenges to these approaches should not make us think that they cannot constitute the pillars of a viable and potent defensive (and possibly offensive) capability.  Wisdom, not hype or hysteria, suggests that every military commander in the world begin to plumb the evolving possibilities of anti-network warfare, and by all accounts the PLA seems, wisely, to be doing so.