Experts Talk US-China Security Issues, Part 2

Several weeks ago I attended an outstanding one day conference by the Jamestown Foundation titled China Defense & Security 2011. The conference consisted of a series of speakers discussing various aspects of US-China national defense and security.

Only one speaker concentrated on digital (or "cyber," love that word) items. The rest dealt with a wide range of topics.

I took several pages of notes that I thought my benefit those not in attendance. I did not take notes on the one session that was considered "off the record."

In this post I will summarize my second page of notes.

Please see Experts Talk US-China Security Issues, Part 1 if you want to see what I discussed prior to this post.


  • Tai Ming Chung discussed Chinese innovation, specifically the nation's maturation from "imitation to innovation," specifically "architectural defense innovations." He described three models present in China:

    • Techno-nationalist "strategic mobilization," such as the Chinese lunar landing program

    • "Shanzhai," or "guerilla innovation," in the form of pirating/copying and reverse engineering

    • "Collaborative modularity," meaning the "absorption" and integration of foreign technology in joint ventures with the West



  • James Mulvenon was the resident digital security expert. I knew him from another China-centric forum I try to attend. He is really sharp and was incidentally the most entertaining speaker. Mr Mulvenon noted the Chinese and Russians are comfortable using digital means to exploit US weaknesses, while relying on plausible deniability to shield their activities. In contrast, the US can't even begin to have a public conversation about offensive digital activities.

    The Chinese see digital attacks differently than US planners. Chinese military planners saw one of the weaknesses of Saddam Hussein's "defense" of Iraq in the first Gulf War as his reluctance to strike US forces during their six month build-up in the desert. Chinese planners instead plan to deny and degrade US capabilities by attacking logistics trains prior to actual physical combat. Chinese planners also see "cyber" as a "bolt out of the blue" attack, on its own, and not as a "force multiplier" as US planners do.

    The Chinese sometimes launch attacks with hop points within the US so as to confuse US incident responders and to rely on US law to frustrate investigations.

    Mr Mulvenon advised attendees (some of whom wore uniforms of US and allied countries) to "look beyond the intrusion set." He said to play the Chinese "long game," which focuses on attacks against the US supply chain. Assume the adversary is already in our "core networks" and plans to stay. Disregard promises by Chinese vendors to allow inspection of their hardware. The Chinese will "ship clean" and then introduce malicious software via upgrades, maintenance, and other post-buy actions.

    Beyond the supply chain problem, Mr Mulvenon described a "longer game" whereby the Chinese seek to minimize US influence over Internet governance. They want to shift decision making from largely private bodies to government-controlled ones, i.e., from ICANN to the UN ITU. The Chinese want to remove inputs from non-governmental players and transition to a state-centric influence model where China excels at buying national votes.

    Unlike the US, China is executing a "coordinated national strategy" to achieve its ends.

    I found this comment very interesting: There is a huge disconnect between cleared and uncleared data sources on the Chinese military. In other words, if you're on the "outside," you're likely in the dark! This is dangerous for policymakers who rely on uncleared advisors.

  • Dean Cheng explained China's goal to become a "full space power." He started by discussing the Chinese idea of deterrence, which is not just disuasion (the US view) but also coercion by imposing a cost-benefit decision upon the adversary. China recognizes that information dominance requires space dominance, and it must hold at risk what the US values while challenging the US' ability to operate as it sees fit.

    Mr Cheng wondered how well the PLA executes on its strategy compared to its writings, especially since the Chinese military hasn't fought a shooting war since 1979.

    Mr Cheng noted the Chinese are becoming more vulnerable in space (like the US) as the transition from regional power projection to expeditionary and global power projection. James Mulvenon interjected that he doesn't think the Chinese recognize how vulnerable they are becoming.

  • Kurt Campbell explained how the US hosted Chinese military visitors in the 1996-1998 timeframe. US officials took a "Texas approach," basically showing how powerful the US military was. Initially the Chinese reacted with shock and awe, then as they finished each visit the US delegates could sense the Chinese had decided to respond by growing their own might. In other words, by saying "look how powerful we are; don't mess with us," the US had convinced the Chinese it was time to strengthen the PLA.

    China tends to rely more on hiding its strengths and shielding capabilities, following an "unpredictability" strategy. The PLA says "you don't know how strong we are" until they feel ready to provide a show of force, like destroying a satellite or testing a stealth fighter. Mr Campbell emphasized the need for "agreed areas of predictability" rather than "trust-building."

  • Dennis Blasko discussed the PLA. He described how "20-30%" of PLA training time is occupied by "political education." Crucially, 40% of a recruit's training time is spent listening to political education! (What a waste; good for us, bad for them.) In a nod to the Soviet model, Chinese units have two commanders; a military leader, and a "political commissar." The PLA also hosts a "uniformed civilian cadre" that sounds like a cross between US reservists and government civilians.

  • Ken Allen described the PLA Air Force. They operate decent technology but their people, culture, training, and operations are weak. For example, they rely on O-6s and O-5s to serve as air traffic controllers -- jobs done by enlisted people in the US. The PLAAF operates over 100 "air force academies." ("But none so fair that they can compare to the Air Academy." Sorry, my brainwashing came through. Yes, I know it's a stolen Army jody.)


A few other people spoke, but the notes I summarized here and in my previous post captured the most compelling comments I heard.

Comments

Anonymous said…
Do not underestimate "political commissars".
It is the strength and weakness of crazy, a crazy fanatical army has its strengths and weaknesses. Hatred and blindness.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics