Designs for more than two dozen major U.S. weapons systems have been compromised by Chinese hackers, a U.S. report said on Monday, as a news report in Australia said Chinese hackers had stolen the blueprints for Australia’s new spy headquarters.
Citing a report prepared for the Defence Department by the Defence Science Board, the Washington Post reported that compromised U.S. designs included combat aircraft and ships, as well as missile defences vital for Europe, Asia and the Gulf.
The Defense Department has long ago missed the boat on China and PLA development efforts to penetrate the communications/information systems of the US and her allies. While there are some in the senior field grade and GOFO ranks who do “get it”, and comprehend the portent of the PRC’s course of action over the last dozen years, most clearly do not. This is reflected in the questionable conceptual assertion that “cyber” is somehow a “domain” of warfare akin to that of land, sea, and air. And that the US will somehow have “information dominance” over our foes. This, despite the fact that the US Navy in particular cannot provide a meaningful definition of the term. Indeed, the word “cyber” is a nebulous and ill-suited word under which DoD lumps together digital communications, information storage and integration, and processing algorithms critical to the function of a modern military, a modern economy, and a modern society.
As recently as 2010, I was treated to a senior policy maker’s foolishly optimistic opinion that there was no real proof that the People’s Republic of China had embarked upon the unrestricted warfare that had been outlined more than ten years before. He airily dismissed the document in question as little more than the musings of two PLA officers which did not represent any official PRC/PLA policy. This, despite the massive and mounting evidence even then of Chinese efforts to penetrate US military and civilian networks, and despite the fact that many of the exploits which resulted in the Reuters article had been in place a number of years before his rather curious assertions.
Another unequivocal indication of the Defense Department’s inability to grasp the import of China’s building capabilities has been how “cyber” is incorporated into scenarios of the various war games held by the service components and combatant commands. We have yet to break from the long-standing paradigm of action-reaction-counteraction which defines military operations against a hostile adversary, rather than a realistic scripting of what the effects of pre-conflict exploits would be to operating forces. Our comprehension of the tactics and capabilities of our adversaries, particularly non-state or trans-national actors, and how they use information networks to their advantage and our disadvantage, remains highly suspect. Time and again, contractors posit highly improbable, even fanciful, near-future capabilities to wow uniformed commanders, despite an almost complete lack of understanding as to how the adversary leverages the “big I” internet and the disruptive technologies available to him. Attribution, even detection, painstaking processes that often require months or years to accomplish, often are represented as near-real-time capabilities. Such assertions often go unchallenged by senior leaders who lack the technical savvy or systemic understanding to know better.
Here’s looking for some honest, rigorous consequence management exercises grounded in reality, which yield hard lessons for our operating forces whose two-plus decades of near-complete mastery of the electro-magnetic spectrum may be at an end. I would love to see meaningful exploration of how we would fight with critical capabilities denied or degraded, and an operational-strategic assessment of alternatives for network function and weapons employment in the face of disruptive actions by an adversary of China’s capabilities.
After all, of the really bad things that can be done to a military force (or anybody else) through exploiting network intrusions, simply shutting off critical systems is well down on the list.