Over the past decade or so, responding to either the Revolution in Military Affairs (RMA) or to the challenges and opportunities of the Internet, many countries have established cyber-warfare organisations of some sort or another. Some of them are attached to national intelligence agencies or Defence Ministries, while others function as part of military command structures. The United States has a variety, spawned by the National Security Agency (NSA), the CIA, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) in Washington. In 2000, the US Space Command was given responsibility for both Computer Network Defence (CND) and Computer Network Attack (CNA) missions. After the Space Command was merged into the US Strategic Command (USSTRATCOM) in June 2002, several new organisations were established for planning and conducting cyber-warfare, including the Joint Functional Component Command for Network Warfare (JFCC-NW), responsible for ‘deliberate planning of network warfare, which includes coordinated planning of offensive network attack’; the Joint Functional Component Command for Space and Global Strike (JFCC-SGS), which also houses the Joint Information Operations Warfare Center (JIOWC), responsible ‘for assisting combatant commands with an integrated approach to information operations’; and the Joint Task Force for Global Network Operations (JTF-GNO), which has responsibility for Department of Defense cyber-security.[60] The US Navy established a Naval Network Warfare Command (NNWC) at Norfolk in Virginia in July 2002. The US Air Force established a new Cyberspace Command at Barksdale Air Force Base in Louisiana in June 2007, ‘already home to about 25 000 military personnel involved in everything from electronic warfare to network defence’.[61] IW teams deploy with combatant commands. Interoperability with the US cyber-warfare architecture requires appropriate institutional arrangements on the part of US allies.
Asia has emerged as the ‘early proving ground’ for cyber-warfare’.[62] This is especially the case in Northeast Asia, where cyber-warfare activities have become commonplace. China has the most extensive and most tested cyber-warfare capabilities, although the technical expertise is very uneven. China began to implement an IW plan in 1995, and since 1997 has conducted several exercises in which computer viruses have been used to interrupt military communications and public broadcasting systems. In April 1997, a 100-member elite corps was established by the Central Military Commission to devise ‘ways of planting disabling computer viruses into American and other Western C2 defence systems’.[63] In 2000, China established a strategic IW unit (which US observers have called ‘Net Force’) designed to ‘wage combat through computer networks to manipulate enemy information systems spanning spare parts deliveries to fire control and guidance systems’.[64]
Chinese cyber-warfare units have been very active, although it is often very difficult to attribute activities originating in China to official agencies or private ‘netizens’. Since 1999, there have been periodic rounds of attacks against official websites in Taiwan, Japan and the United States. These have typically involved fairly basic penetrations, allowing websites to be defaced or servers to be crashed by DS programs. More sophisticated ‘Trojan horse’ programs were used in 2002 to penetrate and steal information from the Dalai Lama’s computer network.[65] ‘Trojan horse’ programs camouflaged as Word and PowerPoint documents have been inserted in computers in government offices in several countries around the world.[66] Portable, large-capacity hard disks, often used by government agencies, have been found to carry ‘Trojan horses’ which automatically upload to Beijing websites everything that the computer user saves on the hard disk.[67] Since the late 1990s, the People’s Liberation Army (PLA) has conducted more than 100 military exercises involving some aspect of IW, although the practice has generally exposed substantial shortfalls.[68]
It has recently been reported that Chinese ‘cyber-espionage’ activities have been conducted against ‘key Australian Government agencies’. According to media reports in February 2008, ‘Chinese computer hackers have launched targeted attacks on classified Australian Government computer networks’, and that China is ‘believed to be seeking information on subjects such as military secrets and the prices Australian companies will seek for resources such as coal and iron ore’. The Chinese activities have reportedly prompted an official review of IT security’.[69]
In August 1999, following a spate of cross-Strait attacks against computer networks and official websites in Taiwan, the Minister for National Defense (MND) in Taipei announced that the MND had established a Military Information Warfare Strategy Policy Committee and noted that ‘we are able to defend ourselves in an information war’.[70] In January 2000, the Director of the MND’s Communication Electronics and Information Bureau announced that the Military Information Warfare Strategy Policy Committee had ‘the ability to attack the PRC with 1,000 different computer viruses’.[71] In August 2000, Taiwan’s Hankuang 16 defence exercise included training in cyber-warfare, in which more than 2000 computer viruses were tested. Two teams of cyber-warriors used the viruses in simulated attacks on Taiwan’s computer networks.[72] In December 2000, the MND’s Military Information Warfare Strategy Policy Committee was expanded and converted into a battalion-size centre under the direct command of the General Staff Headquarters, and with responsibilities for network surveillance, defence, and countermeasures.[73] In its 2002 National Defense Report, released in July 2002, the MND for the first time included discussion of ‘electronic and information warfare units’. It proclaimed Taiwan’s commitment to the achievement of ‘superiority [over the PRC] in information and electronic warfare’, and it ranked EW and IW ahead of air and sea defence in terms of current MND focus. It specifically cited such threatening developments by the PRC as ‘Internet viruses, killer satellites, [and] electromagnetic pulses that could fry computer networks vital to Taiwan’s defence and economy’.[74]
Japan was surprisingly laggard about developing cyber-warfare capabilities. In April 1999, faced with a growing problem of cyber-crime (involving offences such as computer-based fraud, on-line sales of illegal drugs, and transmission of pornography), the National Police Agency set up a ‘special unit of cyber-sleuths … who specialise in investigating computer-related crimes and cyber-terrorism’.[75] A ‘specialised anti-hacker task force’ was set up on 21 January 2000, but it was quickly shown to be impotent. Two days later there began an intense spate of attacks on Japanese government websites, probably triggered by denials by right-wing Japanese that Japanese troops had massacred Chinese civilians when they seized Nanjing in 1937.[76]
In May 2000, Japan announced plans to establish a Research Institute and an operational unit for fighting cyber-terrorism. The announcement was prompted by further sporadic hacking attacks. Some of these involved a ‘cyber war between netizens of South Korea and Japan’ over Japanese claims to the disputed Tok-do islets.[77] It also followed revelations in March 2000 that the Aum Shinri Kyo (Supreme Truth) sect (responsible for the sarin gas attack in the Tokyo subway in March 1995) had written computer software used by police agencies, which had enabled cult members to obtain secret data on police patrol cars, as well as other software which allowed them access to data on the repairs and inspections of several nuclear power plants.[78]
In July 2000, the Japan Defense Agency (JDA)’s[79] Defense of Japan 2000 acknowledged, for the first time, the threat posed by IW. It noted that ‘there is a greater possibility that invasion and tampering with computer systems by hackers will affect our life immensely’, that ‘a new computer security base will be established’, that facilities would be developed for operational evaluation of computer security systems and techniques, and that JDA personnel would be dispatched to the United States to develop computer security expertise. It also noted that JDA officials contribute to the ‘Action Plan for Building Foundations of Information Systems Protection from Hackers and Other Cyberthreats’ by ‘studying measures against hackers and cyber-terrorism’.[80] It was reported in October 2000 that the JDA’s ‘cyber-squad’ was developing software capable of launching anti-hacking and anti-virus attacks and of destroying the computers of hackers trying to penetrate Japan’s defence networks.[81]
South Korea has evidently also moved to establish a cyber-warfare capability. The number of attacks on South Korean commercial and government websites increased markedly during 2000 (partly reflecting the ‘cyber-war’ with Japanese ‘netizens’). The South Korean MND and the National Intelligence Service (NIS) both reported during 2000 that the South Korean armed forces should ‘prepare for cyber-warfare in the future from enemy countries’ and that they should consider establishing ‘specialist units for cyber-warfare’.[82] A National Cyber Security Center attached to the NIS was functioning by 2004.[83]
Even North Korea, the most backward country in East Asia in IT terms, reportedly set up a cyber-warfare unit in the late 1980s. Media reports actually refer to two different places, but these may be different elements of the one agency. An electronic communications monitoring and computer hacking group from the State Security Agency is reportedly located at the Korea Computer Centre in Pyongyang.[84] The North Korean Army created a dedicated cyber-warfare unit, called Unit 121, in 1998. Its staff is estimated to include from 500 to more than 1000 ‘hackers’. Its capabilities include ‘moderately advanced Distributed Denial of Service (DDS) capability’ and ‘moderate virus and malicious code capabilities’. In October 2007, North Korea tested a ‘logic bomb’ containing malicious code designed to be executed should certain events occur or at some pre-determined time; the test led to a UN Security Council (UNSC) resolution banning sales of mainframe computers and lap-top personal computers (PCs) to North Korea.[85] North Korea also uses cyber-space extensively for its propaganda or psychological warfare campaigns.[86]
In Southeast Asia, Singapore has both the leading IT industries and the most advanced cyber-warfare capabilities. Singapore’s defence hierarchy ‘is committed to the development of an offensive cyber-warfare capability’.[87] The Ministry of Defence and the Singapore Armed Forces initiated a Cyberspace Security Project in the mid-1990s to develop ‘countermeasures which respond automatically to attacks on their computer systems’.[88] A dedicated cyber-warfare unit is thought to have been established within the Ministry of Defence, and methods for inserting computer viruses into other countries’ computer networks have been developed.[89]
This is not the place to evaluate these regional agencies. They include many different sorts or organisations with wide-ranging responsibilities, not all of them necessarily relevant to Australia’s circumstances. They operate in secret. Little is publicly known about them, and this is suffused with misinformation and disinformation. However, they have each accumulated experiences of one sort or another, developed practical and forensic skills, acquired equipment, and undertaken operations with counterpart civilian or military authorities to a greater or lesser extent. This accrual derives from bureaucratic institutionalisation and provides a basis from which ‘asymmetric’ surprises can be launched. They can only be systematically monitored and countered in institutionalised fashion.
[60] Clay Wilson, Information Operations and Cyberwar: Capabilities and Related Policy Issues, Congressional Research Service, Library of Congress, Washington, DC, 14 September 2006, p. 8, available at <http://www.fas.org/irp/crs/RL31787.pdf>, accessed 4 March 2008.
[61] Alex Spillius, ‘America Prepares for Cyber War with China’, Telegraph (London), 15 June 2007, available at <http://www.telegraph.co.uk/news/ main.jhtml?xml=/news/2007/06/15/wcyber115.xml>, accessed 4 March 2008.
[62] Charles Bickers, ‘Cyberwar: Combat on the Web’, Far Eastern Economic Review, 16 August 2001, p. 30.
[63] Ivo Dawnay, ‘Beijing Launches Computer Virus War on the West’, Age (Melbourne), 16 June 1997, p. 8.
[64] Jason Sherman, ‘Report: China Developing Force to Tackle Information Warfare’, Defense News, 27 November 2000, pp. 1 and 19.
[65] Christopher Bodeen, ‘Mainland Asks Taiwan to Stop Interference’, Washington Times, 26 September 2002; and Doug Nairne, ‘State Hackers Spying On Us, Say Chinese Dissidents’, South China Morning Post, 18 September 2002, available at <http://www.infosyssec.com/securitynews/0209/6536.html>, accessed 4 March 2008.
[66] See, for example, ‘Outrage in Berlin Over Chinese Cyber Attacks’, 31 August 2007, available at <http://www.weeklystandard.com/weblogs/TWSFP/ 2007/08/outrage_in_berlin_over_chinese.asp>, accessed 4 March 2008.
[67] Yang Kuo-wen, Lin Ching-chuan and Rich Chang, ‘Bureau Warns on Tainted Discs’, Taipei Times, 11 November 2007, p. 2, available at <http://www.taipeitimes.com/ News/taiwan/archives/2007/11/11/2003387202>, accessed 4 March 2008.
[68] I-Ling Tseng, Chinese Information Warfare (IW): Theory Versus Practice in Military Exercises (1996–2005), MA Sub-thesis, Graduate Studies in Strategy and Defence, Strategic and Defence Studies Centre, The Australian National University, Canberra, March 2005.
[69] ‘Chinese Cyber Espionage “Routine” in Australia’, Canberra Times, 11 February 2008, p. 5.
[70] ‘MND Sets Up Information Warfare Committee’, ADJ News Roundup, August 1999, p. 14.
[71] Francis Markus, ‘Taiwan’s Computer Virus Arsenal’, BBC News, 10 January 2000, available at <http://news.bbc.co.uk/1/hi/world/asia-pacific/597087.stm>, accessed 4 March 2008; and Wendell Minnick, ‘Taiwan Upgrades Cyber Warfare’, Jane’s Defence Weekly, 20 December 2000, p. 12.
[72] ‘Taiwan to Conduct Cyber Warfare Drills’, Jane’s Defence Weekly, 16 August 2000, p. 10; Minnick, ‘Taiwan Upgrades Cyber Warfare’, p. 12; and Damon Bristow, ‘Asia: Grasping Information Warfare?’, Jane’s Intelligence Review, December 2000, p. 34.
[73] Minnick, ‘Taiwan Upgrades Cyber Warfare’, p. 12.; and Darren Lake, ‘Taiwan Sets Up IW Command’, Jane’s Defence Weekly, 10 January 2001, p. 17.
[74] Ministry of National Defense, Republic of China, 2002 National Defense Report, Ministry of National Defense, Taipei, July 2002. See also ‘Taiwan Prepares for Cyber Warfare’, CNN.Com, 29 July 2002; and ‘Taiwan Report Finds Cyberthreat From China’, International Herald Tribune, 30 July 2002.
[75] Chester Dawson, ‘Cyber Attack’, Far Eastern Economic Review, 10 February 2000, p. 21.
[76] Dawson, ‘Cyber Attack’; and ‘Japan/Crime: Cyber-terror Task Force Established’, Bangkok Post, 27 January 2000, p. 6.
[77] ‘Tokyo’s Claim to Tok-do Escalates Korea-Japan Cyber War’, Korea Times, 14 May 2000.
[78] Elaine Lies, ‘Doomsday Cult Casts Shadow Over Japan’, Canberra Times, 20 March 2000, p. 7.
[79] On January 2007, the Japan Defense Agency was upgraded to a Cabinet-level ministry, and is now known as the Japanese Ministry of Defense.
[80] Japan Defense Agency, Defense of Japan 2000, Japan Defense Agency, Tokyo, 2000, chapter 3, section 3(ii), and chapter 4, section 5(3). See also Damon Bristow, ‘Asia: Grasping Information Warfare?’, pp. 34–35.
[81] Juliet Hindell, ‘Japan Wages “Cyber War” Against Hackers’, 24 October 2000, Internet Security News, available at <http://www.landfield.com/isn/mail-archive/2000/Oct/0116.html>, accessed 4 March 2008.
[82] Bristow, ‘Asia: Grasping Information Warfare?’, p. 35.
[83] ‘North Korea Ready to Launch Cyber War: Report’, Computer Crime Research Center, 4 October 2004, available at <http://www.crime-research.org/news/04.10.2004/ North_Korea_ready_to_launch_cyber_war/>, accessed 4 March 2008.
[84] John Larkin, ‘Preparing for Cyberwar’, Far Eastern Economic Review, 25 October 2001, p. 64.
[85] Kevin Coleman, ‘Inside DPRK’s Unit 121’, DefenseTech.org. 24 December 2007, available at <http://www.defensetech.org/archives/003920.html>, accessed 4 March 2008. See also ‘North Korea Operating Computer-hacking Unit’, Korea Herald, 28 May 2004, available at <http://www.asiamedia.ucla.edu/article-eastasia.asp?parentid+11559>, accessed 4 March 2008.
[86] ‘North Korea’s Information Technology Advances and Asymmetric Warfare’, WMD Insights, April 2006, available at <http://www.wmdinsights.org/ I4/EA1_NorthKoreaInfoTech.htm>, accessed 4 March 2008.
[87] Bristow, ‘Asia: Grasping Information Warfare?’, p. 36.
[88] Tim Huxley, Defending the Lion City: The Armed Forces of Singapore, Allen & Unwin, Sydney, 2000, p. 91.
[89] Bristow, ‘Asia: Grasping Information Warfare?’, p. 36.