The U.S.-China Cyber Warfare in the 21st Century: Implications for International Security.

• Author: Khan, Sarmad Ali

China-U.S. Strategic Competition in the Cyber Domain

The strategic competition between Washington and Beijing continues to shape the international security environment and subsequently pull the strings of regional and sub-regional security structures in the 21st century. The contemporary global security landscape finds its roots in the traditional patterns of operations but is driven by non-traditional components of security. This is because the dawn of the 21st century coincided with technological revolutions that not only affected the international civil standard operating procedures but also revamped the approach of militaries. Being at the crossroads of conventional and unconventional aspects, cyberspace strategic competition between the United States (U.S.) and China also started in the last decade of the 20th century when the two countries neither confronted each other formally labeled cyberspace as a war-worthy domain. However, recognizing each other's cyberspace capabilities, as well as those of other countries, they started formalizing cyberspace warfare strategies and policy guidelines. It was in the early 2000s when China and the U.S. highlighted the shift in their military postures and doctrinal changes in which cyberspace emerged as a zone of competition along with other military domains. Initially, cyberspace capabilities were used by existing military structures as force multipliers and to support traditional military campaigns. As technology progressed and cyber warfare capabilities matured, cyber warfare capabilities evolved into independent and joint components for military operations. After both countries recognized cyberspace as the 5th warfighting domain, cyber warfare's importance enhanced multifold. With security situations around the world becoming more volatile, controlling the escalation ladder becoming difficult and complexities increasing day by day, cyber warfare became the ideal weapon of choice with many advantages such as anonymity, non-use of kinetic options, no confrontation, and so on. The establishment of dedicated cyber warfare wings, the development of cyber weapons, and the militarization of cyberspace by Beijing and Washington spurred a cyber arms race between the two countries as emerging superpowers. It also elicited the concept of a balance of power in cyberspace for either of the one to dominate and gain strategic cyber warfare leverage over the other.

U.S. Cyber Warfare Capabilities: Structures and Functions

Over the last three decades, the strategic posture of the U.S. has transformed vis-a-vis its security policies. The U.S. has actively developed and incorporated cutting-edge and disruptive technologies in its military doctrines and has also manifested them practically in various military operations. The American military has invested heavily in developing capabilities in the cyberspace domain, particularly to weaponized it. This, in turn, has led to spillover effects on conventional military capabilities and operations. (1) The establishment of the U.S. Cyber Command (USCYBERCOM) in 2009 highlighted the importance of cyber warfare for the country. (2) USCYBERCOM was initially tasked to "direct, synchronize and coordinate cyberspace planning and executions" for defending the U.S. and its national interests. (3) With its establishment, USCYBERCOM emerged as a capable component based on the co-development of the 'Stuxnet' worm with Israel to disable Iranian nuclear plant centrifuges. (4)

The increased reliance on and usage of cyberspace by the American military enhanced the scope of operations for USCYBERCOM. Within a decade, USCYBERCOM evolved into a "unified combatant command" in 2018. Prior to this, the U.S. Strategic Command (USSTRATCOM) regulated USCYBERCOM. (5) The upgradation of USCYBERCOM into a distinct combatant command also resulted in the attachment of four service commands with it, namely the U.S. Fleet Cyber Command, the U.S. Army Cyber Command, the Marine Corps Forces Cyberspace Command, and the Air Force Cyberspace Command. The road map outlined by the U.S. Department of Defense (DOD) highlights that a cyber mission would be created for USCYBERCOM under which the command would maintain 6,200 personnel divided into 133 teams. (6) Moreover, these 133 teams are subdivided to conduct various tasks: 13 mission teams would defend against cyber threats; 68 teams are tasked with the cyber protection of the DOD's networks and systems against threats; 27 teams are combat mission teams designated "to conduct integrated cyberspace attacks" whereas 25 cyber support teams would provide back-end "analytic and planning support" to the aforementioned teams. (7)

Recognizing the relevance of cyberspace in a strategic context, the DOD publicized a report highlighting USCYBERCOM's road map. Complementing the 2018 U.S. National Defense Strategy, it outlined that USCYBERCOM must develop superiority over its adversaries as the armed forces have done in the physical domains. The role of American "cyber warriors" becomes crucial as some of the country's adversaries have become "near-peer competitors" and pose persistent threats to the U.S. economy and military. (8)

U.S.' Multi-Faceted Cyber Warfare

Cyberspace has been recognized as a warfighting domain by the U.S. The widespread use of communications and technology has strategic threats attached to it and has accounted for the development of new techniques of coercion. Cyber warfare has become a "new normal" for adversaries to strategically compete with the U.S. For the U.S., cyber warfare is a multi-front strategic phenomenon with a trans-regional nature. According to the U.S. Cyber Command Vision, various states and non-state actors (NSAs) continue to launch cyber warfare or cyber campaigns against Washington to destabilize it economically and militarily. (10) The development of high-end military capabilities by its adversaries, including China, North Korea, Russia, and Iran, have reduced Washington's conventional military advantage and the aforementioned countries continue to compete in cyberspace on a strategic level. In addition, NSAs, including terrorists, hacktivists, etc., continue to exploit cyberspace against the U.S. Militant organizations like al-Qaeda, the Islamic State of Iraq and Syria (ISIS) and their affiliated groups have launched cyberattacks and cyber campaigns detrimental to American interests. (11)

The Indo-Pacific Strategy Report made public by the DOD in 2019 highlighted that Chinese military modernization and its subsequent military operations have an increased reliance on complex cyber warfare and electronic warfare. (12) Similarly, it highlighted the use of cyber warfare by North Korea to steal data for generating revenue. Taking into account these challenges, the U.S. plans to invest resources in conducting defensive and offensive cyberspace operations. (13) The multi-dimensional threats of cyber warfare against the U.S. are to be addressed through tailored strategies. Admiral Mike Rogers, a former commander of USCYBERCOM, prioritized five broad goals for the command that are as follows: (14)

i. Highly trained and ready cyber force,

ii. Creation of cyberspace situational awareness for the military,

iii. Development of operational concepts and command-and-control systems to execute missions,

iv. Establishment of joint and integrated defensible network,

v. Presence of competent authorities and the right policies to conduct full-spectrum operations in the domain.

As mentioned earlier, the role of USCYBERCOM snowballed after its inception from solely defending the country's military networks from the threats posed by cyber espionage to conducting cyber offensives and supporting joint military commands. Under the Trump Administration, the elevation of US-CYBERCOM to a unified combatant command resulted in the transformation of its application trajectory as well. It was communicated by the U.S. Department of Defense that USCYBERCOM "is prepared to generate cyber effects" with decisive outcomes that demonstrate the rapid growth of the command. (15)

China's Cyber Warfare: Infrastructure and Applications

The first country to develop disruptive technologies, particularly cyber warfare capabilities, in Asia, was China. The strategic use of cyber warfare by the Chinese military started in the mid-1990s under the banner of the information warfare (IW) plan. By 1997, China had conducted multiple cyberspace exercises to interrupt, disrupt, and neutralize military communications. (16) In the same year, the Chinese Central Military Commission established a 100-member elite corps for an offensive role against the command and control systems of the U.S. and other Western countries. The 21st century increased the reliance of the Chinese military on cyber warfare capabilities and thus a strategic information warfare unit was formed. The unit's primary task was to engage with Chinese adversaries through computer networks for manipulating their fire control and guidance systems. American observers termed the IW unit as "Net Force." (17)

At the beginning of the 21st century, cyber warfare proved beneficial for the Chinese military as it supported asymmetric capabilities and simultaneously minimized the conventional disparity vis-a-vis the U.S. (18) The country also created an information-based all-inclusive master system to support its military operations by first giving rise to a joint (19) and then an integrated command and control system. (20) The People's Liberation Army (PLA) defines cyberspace as a domain "created by technology, computers, and the web." (21) The components of the domain are digital space, cyberspace, and information space, which are subject to continuous human intervention and control.

The year 2010 marked another important and crucial development when an "information protection base" was established under the General Staff Department (GSD) by the PLA. The base was given the task...