The Department of Defense has released the annual report regarding "Military and Security Developments Involving the People’s Republic of China 2012" in accordance with the National Defense Authorization Act.
The report comes on the heels of recent House subcommittee on Oversight, Investigations, and Management hearings conducted to better understand the nation's current state of cybersecurity, during which Republican Representative Michael McCaul of Texas stated that "China's cyber warfare capabilities and the espionage campaigns they have undertaken are the most prevalent of any nation state actor."
The DoD report acknowledges that China has incorporated cyber offensive strategies into their overall military doctrine.
"To support the PLA’s expanding set of roles and missions, China’s leaders in 2011 sustained investment in advanced cruise missiles, short and medium range conventional ballistic missiles, anti-ship ballistic missiles, counterspace weapons, and military cyberspace capabilities," the report states.
The report also alluded to the uptick in cyber espionage activities that many experts believe are state-backed intrusions supported by the Chinese government.
"In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China. Although some of the targeted systems were U.S. government-owned, others were commercial networks owned by private companies whose stolen data represents valuable intellectual property," the report noted.
"In the hands of overseas competitors, this information could diminish commercial and technological advantages earned through years of hard work and investment. Intrusions in 2011 occurred in key sectors, including companies that directly support U.S. defense programs."
Recently published writings by representatives of China’s People’s Liberation Army (PLA) revealed a high level of advocacy for the development of a cyber offensive capacity.
The documents demonstrate a concerted strategy by the Chinese military to develop the means to not only disrupt communications and information systems essential to the battlefield, but also for non-wartime espionage and the ability to target an enemy's critical infrastructure.
"Authoritative writings and China’s persistent cyber intrusions indicates the likelihood that Beijing is using cyber network operations (CNOs) as a tool to collect strategic intelligence," the DoD report states.
In recent meetings with Chinese counterparts, Defense Secretary Leon E. Panetta exercised extreme caution where the subject of possible Chinese cyber offensives and attribution was concerned.
"It's extremely important that we work together to develop ways to avoid any miscalculation or misperception that could lead to crisis in this area," Panetta said during a joint press conference with Chinese Defense officials.
Many security experts point out the difficulty involved in accurate attribution. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.
In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors, a fact Chinese officials are well aware of and may use as an operational advantage.
During the recent press conference with Panetta, Chinese Defense Minister Gen. Liang Guanglie strongly disagreed with assertions that any cyber attacks or offensive operations should be attributed to China.
"I can hardly agree with the proposition that the cyber attacks directed to the United States are directly coming from China. And during the meeting, Secretary Panetta also agreed on my point that we cannot attribute all the cyber attacks in the United States to China," he said.
"[However], cyber attacks are important to all countries around the world, and concern politics, the economy, the military and people's livelihood. Therefore, I believe it is correct for all the nations to place such great importance on cyber security."
As such, the Chinese have cast themselves as leading proponents of international cybersecurity reform under the auspice of the United Nations, which the DoD report acknowledges.
"In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with Russia’s efforts to promote cyber norms under a UN framework," the DoD report stated..
"In September 2011, China and Russia were the primary sponsors of an Information Security Code of Conduct that would have governments exercise sovereign authority over the flow of information in cyberspace," the report continued.
Standardizing the military's rules of engagement where electronic and information-based offense and defense are concerned has been a priority for the DoD for several years, but the process has been stymied by the complicated nature of the digital realm.
Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy, told American Forces Press Service in April that formulating a cyber operations strategy and rules of engagement in regards to the Law of Armed Conflict is still a work in progress.
“It is a challenge to have different organizations and different individuals understand [the term] ‘cyber’ in the same way. Even within the Department of Defense and around the world, it’s not clear to a lot of people what [cyber] means," Rosenbach said.
The DoD report notes that China has yet to subscribe to the notion that the Law of Armed Conflict is applicable in cyberspace.
"China has not yet accepted that existing mechanisms (such as the Law of Armed Conflict), apply in cyberspace. However, China’s thinking in this area may evolve as its own exposure increases through greater investment in global networks," the DoD report concludes.
The full DoD report can be found here: