As Google prepares itself for a possible withdrawal from Chinese cyberspace, citing “malicious cyber activities” against its systems, how worried should we be about China's capacity for cyberwarfare?
Despite its “don't be evil” motto, Google's decision is unlikely to have been much influenced by ethical concerns, or it should not have entered into a censorship agreement in 2006 as a precondition for operations in China. Its plea on behalf of human rights activists sounds somewhat hollow after years of barring search access to “Falun Gong” and “free Tibet”.
But charitable observers might nonetheless conclude that Google no longer wants to be associated with censorship. When it entered China in 2006, it believed that the benefits of information access outweighed the negative consequences of censorship. Perhaps Google thought, as is often the case in the west, that internet access automatically leads to increased democracy – a utopian falsehood amply disproved by analyses of events in Iran and elsewhere.
Perhaps it reckoned too without the sheer willpower and reach of the Chinese state. Google has not cited China's government in its statement about the prolonged campaign against it, but it is difficult to see how it can fail to have contributed to the decision. China's Golden Shield has long been a byword for internet censorship. Although easily circumvented, its main purpose is to encourage citizens' self-censorship, a large-scale social engineering project of some success. China has also been proactive in its development and sponsorship of offensive cyber-capabilities, and it is here that Google may have been feeling the heft of Chinese state power.
The Chinese military has been developing capabilities to spy on, infiltrate and compromise adversaries' computer networks for years. “Informatised war” is an integral component of its “three warfares” (san zhong zhanfa) strategic concept, and the achievement of information superiority is viewed as a requirement for battlefield supremacy. Psychological and media warfare are essential to this, and cyberspace is a natural environment in which to wage these campaigns. Although these are principally designed for times of war, there are strong indications that China undertakes routine and targeted operations against its people, allies and strategic foes.
It is much harder to justify offensive actions in peace time and China manages to deny involvement in part by outsourcing its activities to its citizens. Groups such as the Red Hacker Alliance are alleged to have been engaged by security agencies to attack foreign governments and to gather information from their networks. Although money may have changed hands, China generally views its citizens as national security assets, and there are many willing volunteers. China is not alone – dozens of other states are active in this field. A new study reports that over $8bn spent on cyberwar systems last year, most of which involved the US.
Should we worry about Chinese cyberwar? Western militaries and security agencies do, and strategic planners are actively considering their options. Although worst-case scenarios of power grids collapsing and planes falling out of the sky grab the headlines, governments are most concerned about espionage. Incidents such as the theft of Joint Strike Fighter data in April last year really spooked governments, and they want to ensure no state, China or otherwise, gains potential advantage in this way in future. The average western citizen should not lose any sleep, though – far better we concern ourselves with China's real internal policies than with speculative scenarios about cyberwar.
Author: Tim Stevens