Fascinating read on what a cyberwar with China might look like

Hats off to my colleague Jaikumar Vijayan for his must-read take on what real cyber warfare could look like. Read it and you won't look at current attacks from China the same way again.

I'll be honest: My eyes and ears go numb when I see a lot of the online speculation about whether one attack or another is part of a big, all-encompassing cyber war.

The whole discussion on cyber wars vs. garden-variety cyber attacks has been starting to feel like a pointless exercise to me. That doesn't mean I'm right. I may very well be off my rocker. But it just seems like this discussion isn't doing anything to make cyberspace a safer place for men, women and children.

Some very smart people will disagree with that statement. Some will tell you we're already knee deep in a cyber war. Stuxnet is the example of choice, given all the reports that Israel and the U.S. cooked up that piece of malware to go after Iran's nuclear program.

When the Baltic nation of Estonia got hit with crippling attacks four years ago, the conventional wisdom was that Russia was behind it. My old friend Gadi Evron, who was brought in to help the Estonians investigate the attacks at the time, has compared it more to a cyber riot than state-sponsored cyber warfare. A bunch of hackers were unhappy about a Soviet-era statue getting moved, and they let the Estonians have it.

Some tend to see attacks from China as the same thing: The work of individual malcontents or hired hands.

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Vijayan's article is based on a hypothetical scenario described in detail in a report in the latest issue of the U.S. Air Force's Strategic Studies Quarterly (PDF document). The report is authored by Christopher Bronk, a former diplomat with the U.S. State Department and a fellow in IT policy at Rice University's Baker Institute.

Here's a snippet from the article:

It's August 2020. A powerful and rising China wants to bring the city-state of Singapore into its fold as it has with Hong Kong, Macau and Taipei.

Its first physical attacks against Singaporean assets are still weeks away. But already, China has launched a massive cyber campaign, designed largely to degrade and disrupt the communications capabilities of the U.S., Japan and other allied nations.

Members of the Chinese military's 60,000 strong cyber warfare group have deeply penetrated U.S. defense, government and corporate networks and are already manipulating and controlling them.

When the Chinese army finally launches its first attack against a Singaporean guided missile frigate in the South China Sea in September, U.S armed forces quickly find their communications capabilities severely compromised. Personal computers, radio, satellite communications capabilities and battlefield communication hardware are all but crippled.

Key military networks and servers come under crushing denial of service (DoS) attacks, hampering the military's efforts to mobilize conventional forces. Deliberately injected misinformation flows over the networks to field commanders and to ships at sea.

The conflict ends 55 days later in a standoff between the U.S and the Chinese navy, with a general war being avoided, and Singapore retaining its independence.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

While it only describes a potential scenario, it does put the whole concept of cyber warfare in sharper focus.

I think back to the Titan Rain attacks, for example, and start to really see how the information taken in that incident could someday be used. And Titan Rain was discovered years ago.

I look at a lot of the other attacks that come from China and think to myself, "What if?"

It's been said that the Chinese government and military are patient entities. That today's incidents could be part of something they don't plan to carry out for another 10 or 20 years is very plausible.

I'm a firm believer that the future is always subject to change. We're not doomed to sit back and wait for this kind of thing to play out in some other decade.

My hope is that these hypothetical portraits of things that could be will be put to use in a way that will prevent the worst-case scenarios from becoming reality.

--Bill Brenner

Copyright © 2011 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.