Category Archives: cyberwar

US v. China: The Slow and Sure Conquest of Internet Infrastructure


A new front has opened in the battle between the U.S. and China over control of global networks that deliver the internet. This one is beneath the ocean. While the U.S. wages a high-profile campaign to exclude China’s Huawei Technologies Co. from next-generation mobile networks over fears of espionage, the company is embedding itself into undersea cable networks that ferry nearly all of the world’s internet data.

About 380 active submarine cables—bundles of fiber-optic lines that travel oceans on the seabed—carry about 95% of intercontinental voice and data traffic, making them critical for the economies and national security of most countries. 

The Huawei Marine’s Undersea Cable Network majority owned by Huawei Technologies, has worked on some 90 projects to build or upgrade submarine cables around the world…US o fficials say the company’s knowledge of and access to undersea cables could allow China to attach devices that divert or monitor data traffic—or, in a conflict, to sever links to entire nations.  Such interference could be done remotely, via Huawei network management software and other equipment at coastal landing stations, where submarine cables join land-based networks, these officials say.

Huawei Marine said in an email that no customer, industry player or government has directly raised security concerns about its products and operations.Joe Kelly, a Huawei spokesman, said the company is privately owned and has never been asked by any government to do anything that would jeopardize its customers or business. “If asked to do so,” he said, “we would refuse.”

The U.S. has sought to block Huawei from its own telecom infrastructure, including undersea cables, since at least 2012. American concerns about subsea links have since deepened—and spread to allies—as China moves to erode U.S. dominance of the world’s internet infrastructure…..Undersea cables are owned mainly by telecom operators and, in recent years, by such content providers as Facebook and Google. Smaller players rent bandwidth.Most users can’t control which cable systems carry their data between continents. A handful of switches typically route traffic along the path considered best, based on available capacity and agreements between cable operators.

In June 2017, Nick Warner, then head of Australia’s Secret Intelligence Service, traveled to the Solomon Islands, a strategically located South Pacific archipelago. His mission, according to people familiar with the visit, was to block a 2016 deal with Huawei Marine to build a 2,500-mile cable connecting Sydney to the Solomons.  Mr. Warner told the Solomons’ prime minister the deal would give China a connection to Australia’s internet grid through a Sydney landing point, creating a cyber risk, these people said. Australia later announced it would finance the cable link and steered the contract to an Australian company.  In another recent clash, the U.S., Australia and Japan tried unsuccessfully in September 2018 to quash an undersea-cable deal between Huawei Marine and Papua New Guinea.

U.S. and allied officials point to China’s record of cyber intrusions, growing Communist Party influence inside Chinese firms and a recent Chinese law requiring companies to assist intelligence operations. Landing stations are more exposed in poorer countries where cyber defenses tend to be weakest, U.S. and allied officials said. And network management systems are generally operated using computer servers at risk of cyber intrusion. Undersea cables are vulnerable, officials said, because large segments lie in international waters, where physical tampering can go undetected. At least one U.S. submarine can hack into seabed cables, defense experts said. In 2013, former National Security Agency contractor Edward Snowden alleged that Britain and the U.S. monitored submarine cable data. The U.S. and its allies now fear such tactics could be used against them. American and British military commanders warned recently that Russian submarines were operating near undersea cables. In 2018, the U.S. sanctioned a Russian company for supplying Russian spies with diving equipment to help tap seabed cables.


The Ionian Sea Submarine Cable Project (Greece) 

China seeks to build a Digital Silk Road, including undersea cables, terrestrial and satellite links, as part of its Belt and Road plan to finance a new global infrastructure network. Chinese government strategy papers on the Digital Silk Road cite the importance of undersea cables, as well as Huawei’s role in them. A research institute attached to China’s Ministry of Industry and Information Technology, in a paper published in September, praised Huawei’s technical prowess in undersea cable transmission and said China was poised to become “one of the world’s most important international submarine cable communication centers within a decade or two.” China’s foreign and technology ministries didn’t respond to requests for comment…

Huawei Marine Networks

Bjarni Thorvardarson, then chief executive of the cable’s Ireland-based operator, said U.S. authorities raised no objections until 2012, when a congressional report declared Huawei Technologies a national security threat. Mr. Thorvardarson wasn’t convinced. “It was camouflaged as a security risk, but it was mostly about a preference for using U.S. technology,” he said. Under pressure, Mr. Thorvardarson dropped Huawei Marine from Project Express in 2013. The older cable network continued to use Huawei equipment.

The company is now the fourth-biggest player in an industry long dominated by U.S.-based SubCom and Finnish-owned Alcatel Submarine Networks. Japan’s NEC Corp is in third place.Huawei Marine is expected to complete 28 cables between 2015 and 2020—nearly a quarter of all those built globally—and it has upgraded many more, according to TeleGeography, a research company.

Excerpts from America’s Undersea Battle With China for Control of the Global Internet Grid , WSJ, Mar. 12, 2019

The Space Rat Race

India, Japan and other space-faring countries are waking up to a harsh reality: Earth’s orbit is becoming a more dangerous place as the U.S., China and Russia compete for control of the final frontier…New Delhi is nervous because China has made no secret of its desire for influence in the Indian Ocean. China set up a naval base in Djibouti, a gateway to the ocean at the Horn of Africa. It secured a 99-year lease to the port of Hambantota in Sri Lanka. It is deeply involved in development projects in Maldives.

India has established itself as a player in the budget satellite business. It even put a probe into orbit around Mars in 2014, in a U.S.-assisted project that cost just $76 million. But it is scurrying to enhance its ability to monitor China’s activities, and the partnership with Japan is part of this.  Another sign that space is becoming a defense focus for India came on Dec. 19, when the country launched its third military communications satellite, the GSAT-7A. The satellite will connect with ground-based radar, bases and military aircraft, along with drone control networks.

China’s success in landing a craft on the far side of the moon on Jan. 3, 2019 came as a fresh reminder of its growing prowess. In late December, China also achieved global coverage with its BeiDou Navigation Satellite System. Only the U.S., Russia and the European Union had that capability.China aims to launch a Mars explorer in 2020 and complete its own Earth-orbiting space station around 2022.  In the back of Indian and Japanese officials’ minds is likely a stunning test China conducted in 2007. Beijing successfully destroyed one of its own weather satellites with a weapon, becoming only the third nation to pull off such a feat, after the Soviet Union and the U.S.

In December 2018, President Donald Trump ordered the Department of Defense to create a Space Command, widely seen as a precursor to a full-fledged Space Force.  There were 1,957 active satellites orbiting Earth as of Nov. 30, 2018 according to the Union of Concerned Scientists, a nonprofit U.S. advocacy group. America had the most by far, with 849, or 43% of the total. China was No. 2, with 284, followed by Russia with 152.  Japan and India had a combined 132 — 75 for the former and 57 for the latter.

Excerpts fromNUPUR SHAW India and Japan awaken to risks of superpower space race, Nikkei Asian Review, Jan. 8, 2019

Devil’s Idea for Tokyo’s End: Fukushima

By late March 2011… after tsunami struck the Fukushima Daiichi plant—it was far from obvious that the accident was under control and the worst was over. Chief Cabinet Secretary Yukio Edano feared that radioactive material releases from the Fukushima Daiichi plant and its sister plant (Fukushima Daini) located some 12 km south could threaten the entire population of eastern Japan: “That was the devil’s scenario that was on my mind. Common sense dictated that, if that came to pass, then it was the end of Tokyo.”

Prime Minister Naoto Kan asked Dr. Shunsuke Kondo, then-chairman of the Japanese Atomic Energy Commission, to prepare a report on worst-case scenarios from the accidenta .  Dr. Kondo led a 3-day study involving other Japanese experts and submitted his report (Kondo, 2011) to the prime minister on March 25, 2011. The existence of the report was initially kept secret because of the frightening nature of the scenarios it described. An article in the Japan Times quoted a senior government official as saying, “The content [of the report] was so shocking that we decided to treat it as if it didn’t exist.” …

One of the scenarios involved a self-sustaining zirconium cladding fire in the Unit 4 spent fuel pool. Radioactive material releases from the fire were estimated to cause extensive contamination of a 50- to 70-km region around the Fukushima Daiichi plant with hotspots significant enough to require evacuations up to 110 km from the plant. Voluntary evacuations were envisioned out to 200 km because of elevated dose levels. If release from other spent fuel pools occurred, then contamination could extend as far as Tokyo,…There was particular concern that the zirconium cladding fire could produce enough heat to melt the stored fuel, allowing it to flow to the bottom of the pool, melt through the pool liner and concrete bottom, and flow into the reactor building.

Lessons Learned from the Fukushima Daiichi Accident for Spent Fuel Storage: The U.S. nuclear industry and its regulator should give additional attention to improving the ability of plant operators to measure real-time conditions in spent fuel pools and maintain adequate cooling of stored spent fuel during severe accidents and terrorist attacks. These improvements should include hardened and redundant physical surveillance systems (e.g., cameras), radiation monitors, pool temperature monitors, pool water-level monitors, and means to deliver pool makeup water or sprays even when physical access to the pools is limited by facility damage or high radiation levels….

[At nuclear power plants there must be…adequate separation of plant safety and  security systems so that security systems can continue to function independently if safety systems are damaged. In particular, security systems need to have independent, redundant, and protected power sources…]

Excerpts from Lessons Learned from the Fukushima Accident for Improving
Safety and Security of U.S. Nuclear Plants: Phase 2, US National Academies, 2016

Overly Militarized Military: United States

Gray zone security challenges…that fall between the traditional war and peace duality, are characterized by ambiguity about the nature of the conflict, opacity of the parties involved, or uncertainty about the relevant policy and legal frameworks….

The U.S. already possesses the right mix of tools to prevail in the gray zone, but it must think, organize and act differently. Gray zone challenges are not new. Monikers such as irregular warfare, low-intensity conflict, asymmetric warfare, military operations other than war and small wars were employed to describe this phenomenon in the past. …

America spends roughly $600 billion every year on defense, and it is the dominant global power by every objective measure. Yet state and non-state actors (e.g., Russia and Daesh) are increasingly undeterred from acting in ways inimical to the global common good.
State actors like Russia and China reasonably believe we will not use nuclear or conventional military force to thwart their ambitions if they craft their aggressive actions to avoid clear-cut military triggers. Despite their inherent ambiguity, the United States should not be  frustrated by gray zone challenges. Rather, we should aim to achieve favorable outcomes by taking some practical steps to improve our ability to address them.

Our responses to gray zone challenges display several clear deficiencies. As separate U.S. government agencies strive to achieve their individual organizational goals, they seldom act in integrated ways to support wider government objectives….We also need to grow our non-military capabilities. Our gray zone actions are often overly militarized because the Department of Defense has the most capability and resources, and thus is often the default U.S. government answer…. Our counter-Daesh campaign is a perfect example. Thousands of airstrikes helped to check their rapid expansion, but the decisive effort against them will require discrediting their narrative and connecting the people to legitimate governing structures — areas where DoD should not have primacy.

Root Causes: Prudent strategies recognize root causes and address them. Daesh, for example, is merely symptomatic of the much larger problems of massive populations of disaffected Sunnis estranged from legitimate governance and a breakdown in the social order across much of Africa and the Middle East, which will worsen in coming years by economic and demographic trends. Daesh is also a prime example of gray zone challenges, since the legal and policy framework of how to attack a proto-state is highly ambiguous. Coalition aircraft started bombing Daesh in August of 2014, although the authorization for use of military force is still under debate a year later, highlighting the confusion on how to proceed.

[Develop and Nurture Surrogates to Fight China]

For example, China is both antagonistically asserting its questionable claims to specific islands  and atolls in the South China Sea while simultaneously expanding its import of raw materials from Africa. Instead of confronting China in the South China Sea directly, surrogates could, theoretically, be used to hold China’s African interests at risk in order to compel a more  favorable outcome of South China Sea disputes. Thus, the point of action (e.g., Africa) might be far removed from the point of effect (e.g., Asia), but the intent would be to alter the decision-making calculus regardless of geography. To be credible, such an approach requires  prep work every bit as important as the infrastructure behind our nuclear and conventional capabilities. Capable and trustworthy surrogates are the result of years of purposeful relationship nurturing,and the vast majority of the work should take place pre-crisis….

Changing our vocabulary could help yield better decisions in the gray zone. Adopting a business vocabulary and a “SWOT” model (strength, weakness, opportunity and threat) would open other opportunities not available in military decision-making models. Similar to the way businesses decide how to allocate capital, we would necessarily distinguish between opportunities and threats and have at least an estimate of our expected return on investment. Talking and thinking differently about national security in the gray zone would help us measure the oft-ignored opportunity costs and come up with some metric, however imperfect initially, to measure our expected return on investment for defense dollars.

Cost should be a significant up front consideration. For example, we famously refused to provide a cost estimate for Operation Iraqi Freedom, other than to know that $200 billion was ar too high. Assuming we established $200 billion as the top end to “invest” in
Iraq, it would at least force us to review our actions and evaluate our return on investment as we blew through initial estimates on our way to spending in excess of $2 trillion.

Excerpts from the Gray Zone, Special Warfare, Oct-Dec. 2015, Volume 28, Issue 4

The Right Way to Steal

Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare — including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials.   The breaches occurred in January and February  2018, the officials said… The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry.

Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library…This fact raises concerns about the Navy’s ability to oversee contractors tasked with developing ­cutting-edge weapons.

For years, Chinese government hackers have siphoned information on the U.S. military, underscoring the challenge the Pentagon faces in safeguarding details of its technological advances. Over the years, the Chinese have snatched designs for the F-35 Joint Strike Fighter; the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense; and the Navy’s new Littoral Combat Ship, a small surface vessel designed for near-shore operations, according to previous reports prepared for the Pentagon.  In some cases, suspected Chinese breaches appear to have resulted in copycat technologies…

Investigators say the hack was carried out by the Chinese Ministry of State Security, a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security. The hackers operated out of an MSS division in the province of Guangdong, which houses a major foreign hacking department….

In September 2015, in a bid to avert economic sanctions, Chinese President Xi Jinping pledged to President Barack Obama that China would refrain from conducting commercial cyberespionage against the United States. …Both China and the United States consider spying on military technology to fall outside the pact.

Excerpts from Ellen Nakashima and Paul Sonne, China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare, Washington Post, June 8, 2018

Mosaic Warfare: how to fight like a network

DARPA’s Strategic Technology Office (STO) on August 4, 2017 unveiled its updated approach to winning or deterring future conflicts. The foundation of STO’s new strategy rests on the recognition that traditional U.S. asymmetric technology advantage—such as highly advanced satellites, stealth aircraft, or precision munitions—today offer a reduced strategic value because of growing global access to comparable high-tech systems and components, many of which are now commercially available. Additionally, the high cost and sometimes decades-long development timelines for new military systems can’t compete with the fast refresh rate of electronics component technology on the commercial market, which can make new military systems obsolete before they’re delivered.

STO’s updated strategy seeks a new asymmetric advantage—one that imposes complexity on adversaries by harnessing the power of dynamic, coordinated, and highly autonomous composable systems.

“We’ve developed a technology-based vision that would enable highly complex, strategic moves by composing multiple contributing systems to enable what might be thought of as ‘mosaic warfare,’ in which individual components can respond to needs in real time to create desired outcomes,” said Tom Burns, director of STO. “The goal is to fight as a network to create a chain of effects—or, more accurately because these effects are not linear, ‘effects webs’—to deter and defeat adversaries across multiple scales of conflict intensity. This could be anything from conventional force-on-force battles to more nebulous ‘Gray Zone’ conflicts, which don’t reach the threshold of traditional military engagements but can be equally disruptive and subversive.”

U.S. military power has traditionally relied upon monolithic military systems where one type of aircraft, for example, is designed to provide a single end-to-end capability tailored to a very specific warfighting context—and be a significant loss if shot down. In contrast, the composable effects webs concept seeks a mosaic-like flexibility in designing effects for any threat scenario. By using less expensive systems brought together on demand as the conflict unfolds, these effects webs would enable diverse, agile applications—from a kinetic engagement in a remote desert setting, to multiple small strike teams operating in a bustling megacity, or an information operation to counter an adversary spreading false information in a population threatening friendly forces and strategic objectives. Mosiacs can rapidly be tailored to accommodate available resources, adapt to dynamic threats, and be resilient to losses and attrition.

This means that even if an adversary can neutralize a number of pieces of the mosaic, the collective can instantly respond as needed to still achieve the desired, overall effect.”…The mosaic strategy is also anticipated to change the way the military thinks about designing and buying future systems. Instead of spending years or even decades building exquisite, monolithic systems to rigid requirements, future acquisition programs would be able to buy mosaic “tiles” at a rapid, continuous pace. The true power of the new capabilities will come from the composite mosaic effects.

The approach will draw in part on a number of existing DARPA programs that are developing enabling technologies to achieve the challenging mosaic warfare architecture, including: The Complex Adaptive System Composition And Design Environment (CASCADE) program is addressing composition of existing and new systems; the System of Systems Integration Technology and Experimentation (SoSITE) program is focused on integrating the various systems to work together; Distributed Battle Management (DBM) and Resilient Synchronized Planning and Assessment for the Contested Environment (RSPACE) are addressing battle management command and control; and Communications in Contested Environments (C2E) and Dynamic Network Adaptation for Mission Optimization (DyNAMO) are focused on seamless, adaptable communications and networking.

Excerpts from Strategic Technology Office Outlines Vision for “Mosaic Warfare”, DARPA Press Release, Aug. 4, 2017

The Brutal Kangaroos

On June 22nd 2017, WikiLeaks published documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives…

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as “primary host”) and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

Excerpts from Brutal Kangaroo Press Release Wikileaks, June 22, 2017