As the Pentagon's annual report to Congress, released last week, makes abundantly clear, China is on something of a long march in cyberspace. While most attention is being drawn to the report's assertions about Chinese snooping into sensitive classified areas and theft of intellectual property from leading American firms -- and others around the world -- there is some intriguing analysis of Beijing's broader aims as well. Indeed, the Pentagon sees a clear progression in Chinese strategic thought that, viewed as a whole, begins to elaborate what might be seen as an emerging military doctrine enabled by advanced information technologies. Just as the radio made skillful coordination of tanks and planes possible, introducing World War II-era blitzkrieg, so today the computer may be opening new vistas for cruise missiles, precision-guided munitions, and other smart weapons.
What's coming from Beijing is, in a word, "bitskrieg." The Pentagon report describes this as a three-phase process. First, there is a "focus on exfiltrating data" so as to gain vital information needed about military command and control systems as well as the points in our critical infrastructure that are vulnerable to disruption by means of cyberattack. It is believed that the Chinese have been engaging in this sort of intelligence gathering for many years -- intrusions that Washington first openly acknowledged 10 years ago, giving them the code name "Titan Rain." It has been raining steadily for the past decade.
With all these data in hand, the second step -- per the Pentagon report -- is to use the same intrusive means that mapped our defense information systems to disrupt them with worms, viruses, and an assortment of other attack tools. The goal at this point is to slow the U.S. military's ability to respond to a burgeoning crisis or an ongoing conflict. Think of what might happen, say, on the Korean Peninsula, if our small contingent there -- a little over 25,000 troops -- were to lose its connectivity at the outset of a North Korean invasion by its million-man army. Without the ability to operate more nimbly than the attacker, these forces would be hard-pressed from the outset. Cyberattacks on mostly automated force-deployment and air-tasking systems could also slow the sending of reinforcements and greatly impede air interdiction operations. In the first Korean War, the Chinese intervened with massive numbers of troops. In the second one, they might only have to send electrons.
The real payoff for Beijing, though, is in what the Pentagon report describes as China's envisioned third phase of cyber-operations. This is the point at which the information advantage -- that is, the ability to coordinate one's own field operations while the adversary's have been completely disrupted -- is translated into material results in battle. The Pentagon describes cyberattack at this point as amounting to a major "force multiplier." Gaining such advantage means winning campaigns and battles with fewer casualties relative to those inflicted upon the enemy. In this respect, computer-driven "bitskrieg" could, it is thought, generate results like those attained by mechanized blitzkriegs -- which also aimed at disrupting communications. In the Battle of France in 1940, for example, where the Germans had fewer troops and tanks, the Allies lost more than four times the number of soldiers as the Wehrmacht.
When my long-time research partner David Ronfeldt and I introduced our concept of cyberwar 20 years ago, the second and third phases of cyberattack that the Pentagon report describes are what we had in mind. In our view, striking at an enemy's ability to maintain information flows, while keeping one's own communications secure, would be the key to gaining a war-winning advantage in conflicts to come. But this would only hold true, we affirmed, if senior leaders recognized that cyberwar poses "broad issues of military organization and doctrine."
The point being that technology alone doesn't create or sustain the advantage. In the case of blitzkrieg it was concentrating tanks in panzer divisions and closely linking them with attack aircraft that made the difference. To succeed at cyberwar, it will be necessary both to scale down large units into small ones and "scale them out" across the battlespace rather than mass them together. In this fashion -- spread out but completely linked and able to act as one -- the sweeping maneuvers of blitzkrieg will be supplanted by the swarming attacks of bitskrieg, characterized by the ability to mount simultaneous strikes from many directions. The guiding organizational concept for this new approach flows closely from technologist David Weinberger's thoughtful description of online networks: "small pieces, loosely joined."
Thus should the Pentagon annual report to Congress be delved into more deeply -- for the document reflects a clear awareness of, and takes a subtle, layered approach to thinking about, the Chinese cyber threat. One can only hope that the U.S. military analysis of Beijing's looming capacity for bitskrieg is mirrored by introspective views and similarly nuanced considerations of American capacities for waging cyberwar. For the three phases described in the Pentagon report -- so consistent with the original vision Ronfeldt and I described two decades ago -- reflect the kind of conflict that is coming.
The militaries of most advanced countries think of cyberwar as a new form of strategic attack on power grids and such. The Chinese view differs, seeing this mode of conflict as much less about turning off the lights for a while in some other country and much more about defeating an opposing military grown dependent upon sustained, secure, and ubiquitous flows of information. Lights can always be turned back on. Soldiers' lives lost amid the battlefield chaos caused by a bitskrieg can never be reclaimed. Thoughtful reading of the Pentagon report should affirm this -- and appropriate action, along the lines of scaling down and "scaling out" our forces, and encouraging them to "swarm," must follow.