Larry M. Wortzel, a military strategist and China specialist, told the House Foreign Affairs Committee on March 10 that it should be concerned because "Chinese researchers at the Institute of Systems Engineering of Dalian University of Technology published a paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S."If you've been following the China cyberwar hype, you need to read the article referenced above. It offers some deep insight into how the hype-meisters spin the "facts" to increase the apparent magnitude of the threats. If you want to read some of the "fully spun" material, you should read Northrop Grumman's paper entitled: "Capability of the People's Republic of China to Conduct Cyberwarfare and Computer Network Exploitation". As a pretty serious amateur military historian, I'm fascinated by such documents because they illustrate the bizarre gyrations of the military/industrial complex's group-think. They seem so - rational - when you read them, but when you ask yourself "what does this mean?" you realize that it's an attempt to justify insanity. "One of the chief strategies driving the process of informatization in the PLA is the coordinated use of CNO, electronic warfare (EW) and kinetic strikes designed to strike an enemy's networked information systems, creating "blind spots" that various PLA forces could exploit at predetermined times or as the tactical situation warranted."
Got that? Strip away the DoD-ese and they are saying that we should be worried that the Chinese are ready to blow up ("kinetic strikes") our networks because they may decide it's time to get into a shooting war with their biggest trade partner and debtor. This is how militarists think, and it's exactly why we need to keep their hands away from the steering wheel. I have news for all the aeron-chair commandos out there: a shooting war with China is not on anyone's "to do" list. Not theirs, anyway. The problem with the militarist mind-set is that they create self-fulfilling threats. Why is Iran so desperate to get nuclear weapons? Because they have seen that the U.S. will trump up a cockamamie story and attempt regime change against smaller non-nuclear powers but we are willing to pay North Korea because they have a credible deterrent. Militarism causes proliferation - in the name of non-proliferation. That's why this cyberwar hype is so important. You can be sure it has the Chinese scratching their heads and wondering if we're maybe projecting a bit of our own plans to "coordinate the use of EW and kinetic weapons." The militarist mind-set does not think reciprocally because it's mired in infantile nationalist perspective. If you actually start flipping some of the problems around and looking at it from the other guy's poing of view, things look very different. Imagine this scenario:
The Chinese Government publicly discloses that they have arranged with all the major wireless telephone companies in China to collect citizen's traffic, particularly targeting citizens that call outside of the country. The Chinese Government publicly passes laws requiring that major email service providers be able to hand over to the secret police, at any time, information about who sent email to whom, as well as contents. And, last but not least, public hearings are held in which Chinese cyberwar experts brag on television about how they could crash the entire Internet in 30 minutes. Finally, the Chinese have a massive industry surrounding finding exploitable flaws in commercial software, including a lively market in which such information is developed and sold to the highest bidder. The government sponsors annual conferences at which these attack-tool generators exchange tips and techniques. A massive training institution, of which the Chinese Government is a major customer, teaches the next generation of cyberwarriors how to "pen test" target networks, how malware works, and how to evade intrusion detection systems.Got all that? Of course I'm not talking about China. I'm talking about the U.S. It's the U.S. Government that made deals under the table to get access to its citizens' phone call data, then rewrote the laws to indemnify the companies and agencies involved. It's the U.S. Government that requires ISPs to maintain email logs and turn them over with a flimsy warrant presented in a secret court. It's the U.S. Government that has televised congressional hearings on CSPAN, where Mudge famously claims pwn0rship of the Internet. It's companies in the U.S. that primarily develop tools like Core Impact and Metasploit. DEFCON is held in Las Vegas, Nevada, and always has a significant government recruiting effort. SANS teaches "pen testing" - attack techniques - with a sly wink and a nudge, saying "don't try this at home, kids..." Get the point? We have met the enemy, and they are indistinguishable from us. As a student of The Cold War, I had a field day when a lot of the 1960s-era Soviet material was finally declassified and released. What did we discover from it? That the Soviets were pretty sure that we were preparing a first strike, that we were commanded by dangerous crazies like Gen Curtis LeMay, and that the Cuban Missile Crisis was an attempt by the Soviets to restore a balance of terror after the U.S. stationed secret medium-range ballistic nukes in Turkey. If you read the history of The Cold War you'll realize that the militarist idiots on our side of the fence were constantly tweaking the militarist idiots on their side of the fence, in some bizarre kind of "tit for tat" playground antics. There were just billions of lives in the balance. Now, go back to the paragraph from the Northrop Grumman report and think hard about what they mean by "kinetic strikes" and be afraid when you hear beltway bandits hyping cyberwar as "WMD-like capability." It would be bitterly ironic but not particularly surprising if, 50 years from now, we find that China first began preparing for cyberwar when they saw Mudge on CSPAN.