The year 2014 was not a great one for American security interests, from the Russian invasion of Crimea to the rise of the Islamic State and China’s creeping expansionism in the South China Sea, but decades from now we may look back and say that the most significant setbacks occurred in the cyber realm. Over the past year and a half, a team of hackers infiltrated the computers of the Office of Personnel Management (OPM) and stole files on current and former federal employees and contractors going back to 1985. The latest estimate is that the breaches affected 18 to 32 million people, including not just employees and contractors themselves but also their families and other contacts listed in disclosure forms, which personnel must regularly fill out to acquire and retain security clearances. All signs point to China as the source.
While Beijing of course denies responsibility, this is only the latest in a series of Chinese hacks and real-world activities aimed at extracting secret or proprietary information from the United States. Taken in isolation, each act seems explicable on the relatively narrow grounds of corporate interest or routine state-sponsored espionage, but together, they are salvos in what high-ranking Chinese military officers 15 years ago dubbed “unrestricted warfare” against the United States. Embracing both military and non-military means, this effort is about nothing short of an attempt to compel the United States to bow to Beijing’s interests.
The 2013 Blair-Huntsman Commission on the Theft of American Intellectual Property found that China is the largest perpetrator of such theft, responsible for somewhere between 50 and 80 percent of all cases, and that the costs to American business reach hundreds of billions of dollars per year (compare this with $300 billion in annual revenue from U.S. exports to Asia). Other recent Chinese cyber exploits include Operation Aurora in 2009, which reportedly targeted tech firms including Google and Yahoo, defense contractors such as Northrop Grumman, and big banks such as Morgan Stanley, and the recent hacking of major American health insurers that has resulted in the acquisition of over 90 million people’s medical records.
In the wake of the OPM losses, Americans’ natural impulse has been to worry about identity theft and espionage. What if the victims’ Social Security numbers are released or sold to criminals? Will the real identities of U.S. intelligence agents operating under cover now be exposed? Will Chinese agents use personal data from the files to blackmail Americans or their foreign contacts into divulging secrets? These are reasonable and legitimate concerns, but they are only part of the picture. From China’s perspective, the OPM data have implications far beyond the black market or even the spy-vs.-spy competition. They could be used to cripple the U.S. government, paralyze American military forces, and ensure that the Chinese Communist-party (CCP) regime prevails in what it calls the “international competition for the redistribution of power, rights, and interests.”
As a few experts have pointed out, the OPM information will save China many man-years of intelligence spadework. According to the blog of retired American intelligence officer and former Green Beret W. Patrick Lang, Chinese analysts could use the security-clearance forms to try “to construct an accurate and detailed model of the vast national security structure of the U.S. G[overnment].” How might such a model be useful? It could show how our national-security infrastructure has changed in response to specific events and threats in the past, making it easier for a foreign power to influence it in the future. And it could provide China with “a roadmap for finding people with access to the government’s most highly classified secrets,” as the Daily Beast reported on the basis of interviews with three former U.S. intelligence officials. Finally, the former National Security Agency (NSA) analyst and counterintelligence specialist John Schindler has noted:
The real pros engage in offensive counterintelligence, which aims at recruiting spies inside the enemy camp, particularly inside the opposing intelligence service. That’s how you gain control of the enemy’s central nervous system: You know what he knows about you; hence you can deceive him at a strategic level.
The OPM hack, combined with other information-extraction schemes, may thus facilitate Chinese strategic deception of its main rival, the United States, while providing a model or roadmap of the highest-value targets across the U.S. national-security establishment.
Why should we worry about this prospect? While many Americans see China primarily as an important trade partner, Chinese political and military elites view the United States as China’s main rival for global influence. According to Chinese military texts, Beijing perceives the United States as “the powerful enemy” or “hegemon,” and the United States is a key target of the ongoing buildup of China’s People’s Liberation Army (PLA) forces.
From Beijing’s perspective, the American political system represents a threatening alternative to the Chinese Communist party’s rule, and the CCP’s highest-ranking cadres believe that the goal of the United States’ China policy is to remove the CCP from power. The differences between the two regimes are stark. While anyone can, in theory, become an American, belonging in China depends on ethnicity, and wealth and power accrue only to those who toe the Communist party’s line. The United States practices the rule of law at home and defends freedom of navigation and free trade abroad; China’s rule-of-men political system denies individual rights to citizens and seeks to use economic leverage and the threat of force to achieve Beijing’s foreign-policy goals.
This matters in the context of the OPM breach because the same authoritative military sources that depict the United States as China’s most capable adversary argue that information is the future of warfare. As any careful reader of Sun Tzu knows, Chinese strategy has traditionally stressed intelligence — knowing the enemy and oneself in order to win a hundred battles. But today there is a particular premium on information and intelligence within PLA circles. When Director of National Intelligence James Clapper said last month that he “kind of salutes” the Chinese for their exploit, the military imagery surely captured attention in Beijing. A few weeks before the OPM thefts were disclosed, China issued its first National Strategy White Paper, which indicated that Beijing has updated the PLA’s guidance on the likeliest kind of conflict it will face and the one for which it should prepare.
The new formulation gives greater emphasis to global rather than local missions, particularly in the maritime domain, and explicitly acknowledges the existence of cyber warriors as part of the PLA’s “integrated combat forces” tasked with executing “information dominance, precision strikes, and joint operations.”
The emphasis on “informatization” and acknowledgment of offensive cyber capabilities in the National Strategy White Paper was consistent with other Chinese military publications over the past decade, including the 2013 edition of Science of Military Strategy, a textbook for mid-career PLA officers at Chinese-military graduate schools. With nuclear weapons and the much greater effectiveness of conventional fighting enabled by information technology, full-scale war between major powers would now be unthinkably destructive to both sides, so future conflicts will revolve around highly targeted attacks.
Today’s Chinese strategists believe that they can win without fighting, or at least with a minimum of fighting, by targeting the indispensable nodes in the adversary’s political-military-economic apparatus. One PLA term for this is “non-contact warfare,” which entails long-range precision strikes aimed not so much at an adversary’s military forces as at the leadership, economic resources, communications systems, and infrastructure backbone on which those forces depend.
By definition, such attacks, which are designed to wipe out the adversary’s will and ability to fight in a single blow (or series of blows), require exquisite insight into the adversary’s most important vulnerabilities. China’s recent cyber feats may have provided the CCP and the PLA with just that kind of information about their most important rival, the United States. It’s now up to the United States to demonstrate that our national-security establishment is more resilient and resolute than it currently seems.
– Jacqueline Deal is president and CEO of the Long Term Strategy Group, a Washington, D.C.–based defense consultancy.