India should take cue from FBI warning on China cyberattacks

The supreme art of war is to subdue the enemy without fighting … Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt. – Sun Tzu, The Art of War In one of the biggest hackings of the United States (US) military, Chinese hackers infiltrated the computer networks in the closest American territory to mainland China in May 2023. Located around 4,700 km from China, Guam is an island in the Western Pacific housing 20,000 US military personnel at the Naval Base and the Andersen Air Force Base. Earlier, American long-range bombers—B-52 Stratofortress, B-1 Lancers and B-2 Spirit—were stationed there for 16 years till 2020 to deter adversaries like China and North Korea. Since 2023, both China and the US have been increasingly focussing on Guam, which is expected to play a critical role in countering China in a war against Taiwan or in the Indo-Pacific. In January 2023, the United States Marine Corps officially set up Camp Blaz, its first new base on Guam in 70 years, to host 5,000 personnel. Within four months, Chinese government-sponsored hacking group Volt Typhoon used stealthy malware to attack unnamed critical infrastructure, including communications, maritime, manufacturing, utility, transportation and construction, on the Guam bases, Microsoft reported. Applying Sun’s doctrine of “All warfare is based on deception” , China broke into American servers undetected to hibernate and strike on its command, control, communications and computers (C4) to disrupt “communications infrastructure between the US and Asia during future crises” like a war with Taiwan. With the primary aim of sabotaging American military communications and stealing classified information, especially in the Indo-Pacific, China is increasingly adopting C4 and intelligence, surveillance and reconnaissance (C4ISR) network technologies. Though the US Department of Defence (DoD) and the FBI disabled the Chinese network , the hacking exposed the American military’s vulnerability in cyberspace to China. Red flags for India in FBI warning Considering the sprawling Guam cyberattack, America was alarmed. FBI director Christopher Wray warned the House Select Committee on the Chinese Communist Party on January 31 that hackers are preparing to “wreak havoc and cause real-world harm” to America. “There has been far too little public focus on the fact that PRC [People’s Republic of China] hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines and our transportation systems,” he said. Committee chairman Mike Gallagher, the GOP representative from Wisconsin, warned, “This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants … The sole purpose is to be ready to destroy American infrastructure, which would inevitably result in chaos, confusion and potentially mass casualties.” According to a survey by the American bipartisan think tank Centre for Strategic and International Studies, 46 per cent of the 224 reports of Chinese spying directed at the US from 2000 to March 2023 involved cyber espionage by State-affiliated actors. Chinese hacking is not restricted to critical US infrastructure. Hackers have targeted US defence contractors and the DoD and stolen designs of several aircraft, including those using stealth technology. In 2007, the Pentagon’s Joint Strike Fighter project was breached and F-35 data stolen. Besides, the Pentagon computer network serving the secretary of defence was shut down for more than a week after getting hacked. In 2013, hackers stole the designs of PAC-3, THAAD, Aegis, F/A-18, V-22 Osprey and Back Hawk. If the US can’t protect its computer networks, especially serving its military, from China, it’s a big warning sign for India. India should realise four things. First, China is India’s biggest threat and is far stronger and dangerous than Pakistan, which is in disarray economically and politically. Second, regular Chinese incursions along the Line of Actual Control, particularly in eastern Ladakh in 2020-21, and increasing belligerence in Arunachal Pradesh could trigger a full-blown military confrontation. Third, the PLA is permanently combat-ready to counter security threats. China’s 2013 Defence White Paper defines combat readiness as “preparations and alert activities of the armed forces for undertaking operational tasks and MOOTW (military operations other than war)”. Fourth and most important, the People’s Liberation Army (PLA) is not battle-hardened like India and fought its last war in 1979. Therefore, in a conventional war, the PLA will initially use non-conventional tactics not based on the World War II doctrine of land, sea and air attacks in the first phase of war. China will use asymmetrical tactics even before the war starts and during its course. A few days after the Galwan Valley clash in June 2020, China launched 40,300 cyberattacks on India’s information technology infrastructure and banking sector. Four months later, on October 13, a Chinese malware paralysed the Padgha (Thane, Maharashtra)-based state load dispatch centre (SLDC), triggering a power outage in Mumbai from 10 am till noon that hit trains, the Bombay Stock Exchange, offices, hospitals and commercial establishments, according to US-based Internet-tracking company Recorded Future. The report detailed “a campaign conducted by a China-linked threat activity group, RedEcho, targeting the Indian power sector”. “Ten distinct Indian power sector organisations, including four of the five regional load despatch centres (RLDCs) … have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included two Indian seaports,” the report read. The New York Times, which also reported the attacks, said that the incident showed how secret malware in the enemy’s electric grid or other critical infrastructure is the newest type of aggression and deterrence. The hacking of power grids continued in the next 18 months with Recorded Future reporting in April 2022 that China-backed group TAG-38 targeted SLDCs and RLDCs close to the Ladakh border. “This targeting is likely a long-term strategic priority for select Chinese state-sponsored threat actors active within India”, which continues to be a “major target of Chinese cyber espionage activity as detailed in historical Recorded Future reporting on RedDelta, RedEcho, RedFoxtrot, TAG-28 and additional client-facing research”. “The identified victimology within this latest campaign is confined to Indian targets, specifically, at least, seven SLDCs, the Indian subsidiary of a multinational logistics company, and a national emergency response system,” the report read. The National Highways Authority of India was hacked in 2020, the Serum Institute of India and Bharat Biotech in 2021 and five servers of Delhi’s All India Institute of Medical Sciences (AIIMS) in 2022. Way’s warning is also an alarm bell for India. Several China-based hacking groups are actively involved in cyberwarfare against adversaries—for example, Circle Typhoon (DEV-0322), Volt Typhoon (DEV-0391) and Mulberry Typhoon (MANGANESE). A September 2023 Microsoft report titled ‘Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness’ mentions that Circle Typhoon and Mulberry Typhoon target the US defence industrial, particularly defence contractors. Volt Typhoon, which breached the Guam computer networks, also targeted American ports, rail, energy and water treatment plants, and medical and telecommunications infrastructure. Volt Typhoon has been the primary group in “targeting US critical infrastructure across multiple sectors” since 2021. Other prominent Chinese hacking groups are STORM-0558, BackdoorDiplomacy, RedEcho, APT 41, APT 27, APT 15, Unit 61398, Unit 61726 and Unit 61786. APT 41, which usually targets the health sector, had hacked the AIIMS servers and allegedly demanded a ransom of Rs 200 crore in cryptocurrency. Between 2020 and 2022, the group stole American COVID-19 relief benefits worth tens of millions of dollars. An August 2023 report by the Health Sector Cybersecurity Coordination Centre of the US Department of Health and Human Services, APT41 conducts state-sponsored espionage and digital extortion. “APT41 has directly targeted organisations in over a dozen countries dating back to its earliest-known operations in 2007,” the report reads. Government and private organisations based in 12 countries, including India, the US and Taiwan, were hacked. India faces increasing risk from APT 41, which also targets telecommunications, software, high-tech sector, media/news, logistics, finance and digital currencies. The Indian Computer Emergency Response Team reported 19 ransomware attacks on several government organisations in 2022, 7 in 2021 and 9 in 2020. The number of cyberattacks on Indian companies increased from 111 in 2021 to 198 in 2022. How China will fight first phase of war Acquiring new rifles, submarines, copters and multirole fighter jets undoubtedly bolsters the Indian military’s capabilities and firepower. However, the character of future wars has changed with information warfare outpacing the massive development in conventional military weapons. India must realise that information was enunciated as the fifth dimension of warfare—besides land, sea, air and space—way back in 1995. Gradually, cyberattacks became the most essential part of information warfare, with the US, Israel, and China incorporating it into their military doctrines. The Chinese doctrine of using cyberwar against rivals has evolved over several years. Around four decades ago, Deng Xiaoping predicted that local wars would be more common than major conflicts. Jiang Zemin called for the PLA’s transformation to win such wars under modern technology. Jiang’s successor, Hu Jintao, invented the doctrine of winning local wars under “informationised conditions” using information deterrence, blockade, deception, disruption and malware and hacking. In the 2015 Defence White Paper , President Xi Jinping changed the doctrine to “winning informationised local wars” in an “information-based systems-of-systems” war. China views outer space and cyberspace as the most essential forms of warfare, accelerating its evolution to informationisation. “World major powers are actively adjusting their national security strategies and defence policies, and speeding up their military transformation and force restructuring,” the 2015 paper read. “As cyberspace weighs more in military security, China will expedite the development of a cyber force.” It is believed that China has around 50,000 hackers to “ensure national network and information security, and maintain national security and social stability”. China uses ‘grey zone’ tactics against adversaries both in peacetime and wartime as it is always ready for combat. According to a March 2022 RAND Corporation report titled ‘A New Framework for Understanding and Countering China’s Gray Zone Tactics’, cyber and information operations (IO) are one of the most significant aspects of such methods, which also include “coercive Chinese government geopolitical, economic and military activities”. Such coercive actions don’t amount to an armed conflict but are “beyond normal diplomatic, economic and other activities”. China is increasingly using such methods “to advance its domestic, economic, foreign policy and security objectives, particularly in the Indo-Pacific”. In the last decade, China employed around 80 grey zone tactics against Taiwan, Japan, Vietnam, India and the Philippines. The PLA Strategic Support Force (PLASSF), established by Xi as part of his 2015 sweeping military reforms, will lead in future wars. The PLASSF is the PLA’s fifth branch dealing in space, cyber, political and electronic warfare. One of its main objectives is electronic and cyberwarfare to help China gain the upper hand in “informationised conflicts”. In the first and most crucial phase, China’s asymmetrical warfare will include cyberattacks—hacking and phishing—and its advancement in artificial intelligence and machine learning against the enemy’s civilian and military infrastructures to dominate the information domain. The increasing number of Chinese cyberattacks against Indian civilian infrastructure is the gravest warning of how an India-China war will unfold. Targeting military infrastructure will ensure controlling operational targets before and during the war. No country can afford chaos and confusion in its cities during a war—and that’s what China intends to do. In that scenario, China’s adversary will fight a two-front war: one to restore order in its chaos-ravaged cities and the other to counter Beijing in the battlefield. For example, a missile launched by China and its interception by the enemy will depend on the latter’s command and control systems, which will gather and transmit data from satellites, ground and sea sensors, radars and combat systems. The enemy will use the data to monitor, detect and track the missile. The process of intercepting a missile is a combined operation. If China hacks its enemy’s command and control systems by inserting a Trojan Horse, the process will be disrupted and the missile will neither be detected nor intercepted. The malware will lie buried in the command and control systems and get activated when required. The goal is to breach the enemy’s defences and incapacitate its information and decision-making control before it can strike. China will follow it with supersonic and hypersonic missile strikes. The RAND report mentions the same danger China’s enemy will face in the first phase—non-kinetic warfare. “Combining multiple geopolitical, economic, military and cyber/IO activities means that China no longer has to rely on significant escalation in any single domain and, if needed, can sequence actions to apply pressure in nonmilitary domains before resorting to use of military activity.” Former Army officer Pravin Sawhney, the editor of FORCE magazine and a visiting fellow at the Royal United Services Institute for Defence and Security Studies, United Kingdom, explains the Chinese threat and tactics in his book The Last War: How AI Will Shape India’s Final Showdown with China. In an India-China war, the PLA “will move suddenly across the war and combat zones, much like the 2020 Ladakh stand-off, and hit India with typhonic ferocity”. The PLA’s “cyberwar will grind civilian life to a halt; delay, disrupt, and disorient the IAF and Indian Army’s mobilisation; activate malware viruses and worms in military supply chains and weapons’ kill chains; and snap communications of various headquarters, leading to limited communication between field formations and political and military authorities in New Delhi”. Sawhney, who had written the book Dragon On Our Doorstep: Managing China Through Military Power, further writes: “Depending on the criticality and importance of the targets, the PLA will have collected enough data for cyberwar by cyber reconnaissance and battle damage assessments over time.” China will “fight a multi-dimensional and multi-domain campaign where it will control the speed and tempo of war with round-the-clock situation awareness”. According to him, the “PLA will use autonomous robots, LAWs [Lethal Autonomous Weapons], and IoMT [Internet of Military Things] mission sets without worrying about adversarial learning. Since the PLA will be conversant with all aspects of the enemy’s war, it will have no need to write algorithms on the move for autonomous systems. The IoMT mission sets for various mission and roles will be prepared, war-gamed, exercised, and kept ready for combat”. “The PLA’s winning strategy will be to control information in and out of the battlespace by domination of the EMS [electromagnetic spectrum],” he writes. Therefore, it is high time India realises this threat, understands Chinese cyberwar capabilities and its own vulnerabilities and develops a counteroffensive strategy. The danger has increased with the increasing digitisation of public services and the use of Chinese phones. The writer is a freelance journalist with two decades of experience and comments primarily on foreign affairs. Views expressed in the above piece are personal and solely those of the writer. They do not necessarily reflect Firstpost’s views. Read all the  Latest News ,  Trending News ,  Cricket News ,  Bollywood News , India News  and  Entertainment News  here. Follow us on  Facebook ,  Twitter  and  Instagram .