China's military has developed cyberwarfare first-strike capabilities that include units charged with developing viruses to attack enemy computer networks, a US Department of Defence (DoD) report has warned.

"The PLA [People's Liberation Army] has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks," the Pentagon's annual report to Congress on China's military power said. "In 2005, the PLA began to incorporate offensive CNO [computer network operations] into its exercises, primarily in first strikes against enemy networks."

The Chinese were a lot more concerned about our viruses because they were using off-the-shelf [Western] software . . . Now there's no mention of that, and much more of the discussion is about first-strike capabilities

Andrew Macpherson — University of New Hampshire

This newest report shows how the Chinese military's thinking on information warfare has changed in recent years, said Andrew Macpherson, director of the technical analysis group at the US University of New Hampshire's Justiceworks and a research assistant professor of Justice Studies. Macpherson, a cybercrime and cyberwar researcher whose group debuted a Cyber Threat Calculator in January at a US DoD cybercrime conference, noted that as recently as two years ago, other editions of the report stressed China's investments in defensive measures.

"The Chinese were a lot more concerned about our viruses because they were using off-the-shelf [Western] software," Macpherson said. "Now there's no mention of that, and much more of the discussion is about first-strike capabilities."

Even though the report's short section on information warfare is necessarily vague, "it's a good window into what our government is seeing from China", Macpherson said. "It's the highest level of unclassified American thought on China's capabilities and how they would use them. These annual reports are helpful [because] they show how China continues to develop its information warfare strategy."

And that development, Macpherson said, includes thinking about using viruses and other cyberwarfare tactics in a first strike. "A lot of [the PLA's] weapons systems are first-strike capable, to give them an advantage in any conflict. They're actively thinking about it. They know they will never catch up [to US military technology], so they need these leapfrog technologies," such as an integrated information warfare capability, he added.

Using cyberwarfare in a first strike, however, is another matter, and as in other military-political decisions, rests on whether China's leaders believed that they had an answer to some sort of political question. Most analysts have pointed to Taiwan, the island nation that the People's Republic of China (PRC) views as a rogue province, as the location of any possible first strike by the PLA, cyberwarfare or otherwise. "Taiwan is their primary national security issue," Macpherson noted.

The DoD report put it into perspective. "A limited military campaign could include computer network attacks against Taiwan's political, military, and economic infrastructure to undermine the Taiwan population's confidence in its leadership."

China's work with viruses dates back at least to the late 1990s, when a PLA exercise featured both network attacks and virus-killing software, said Timothy Thomas, of the Foreign Military Studies Office at Fort Leavenworth, in a paper written in 2000. In that paper, Thomas also spelled out how the information revolution had given new life to Mao Zedong's 70-year-old theories of a people's war.

"China clearly has the people to conduct 'take home battle', a reference to battle conducted with laptops at home that allow thousands of citizens to hack foreign computer systems when needed," Thomas said. He pointed to a 1999 "network battle" fought between Chinese and American hackers after the US bombed the Chinese embassy in Belgrade as an example. After the back-and-forth of site defacings and distributed denial-of-service (DDoS) attacks, the PLA's official newspaper, the Liberation Army Daily, called for training a large number of "network fighters" and using civilian computer hackers to take part in any future information war.

If the circumstances were right, Macpherson said, China might strike, viruses and all. "Maybe they would be willing to unplug from the Internet if they saw the advantage to their side was great" by attacking the Web as a whole, he said.

But although Macpherson noted that China's strategy relies on "how the inferior can challenge the superior", the Communist country needn't strike first to have an impact. "Long-term attacks can work too," he said. "They can get access to intellectual property, and publish it. Or taint data so that [one] couldn't be sure that backups were reliable."

The PRC's Foreign Ministry blasted the DoD report, but the spokeswoman did not mention cyberwarfare specifically. The US said Jiang Yu in a statement posted to the Ministry of Foreign Affairs' Web site, "continues to spread myth of the 'China Threat' by exaggerating China's military strength and expenses out of ulterior motives.

"As a peace-loving country, China steadfastly follows a road of peaceful development, adopting a national defence policy that is defensive in nature," she added.

Jiang also reiterated China's policy on Taiwan. "We will never tolerate the 'Taiwan Independence' or any attempt by anyone to separate Taiwan from China by whatever means," Jiang said and called on the US to stop arms sales to Taiwan and end military ties with the island.