January 19, 2019 Ten offensive scenarios

Cyberspace undermines the sovereignty of nation-states while, at the same time, giving them powers they never had before. This article examines whether or not Australia could outplay China in cyberspace. 

Cyberspace undermines the sovereignty of nation-states while, at the same time, giving them powers they never had before. This seeming contradiction has had unintended consequences, and although most have been confined to cyberspace, a growing number are materializing in the real world. The balance of power on the international stage is undergoing rapid tectonic changes as former supporting players China, India, and Russia take over the eroding castle of Pax Americana. 
With this as our backdrop, we are gearing up for intense speculation as to whether or not Australia could outplay China in cyberspace. CyberStash acknowledges the political inappropriateness of referring explicitly to real-world entities in war-game scenarios. CyberStash kindly asks the reader not to be offended by this. Our intention is not to threaten any entity or country, but to facilitate cybersecurity awareness, vigorous debate and development of knowledge.

The key theme within these ten scenarios is to gain dominance over national cyberspace and in more concrete, tactical terms speculate on capabilities to “project force”, that is, to destroy the target. We acknowledge that we have not considered what the repercussions of China’s defensive or even offensive retaliatory strategies would be; however, we can “safely” assume that they will be catastrophic to Australia’s interests!

#1: De-nationalization and De-patriation of Baidu

Baidu, the Chinese equivalent of Google, is an easy target. The search engine serves as a national symbol of state power in cyberspace. Any humiliation or loss of control of that symbol would undermine the sovereignty of Chinese identity in cyberspace. In fact, Baidu is already out of Beijing’s control, serving foreign interests and could be weaponized in a day for the benefit of Australia and its allies.

The company currently depends on a US-oriented domain name and US/Canadian registrars for exposing many of its services; thus leaving it vulnerable to US influence and dominance. Moreover, Baidu has been active in establishing and managing the new generic domain-naming scheme (gTLD), another tactical asset for anyone aiming to cause damage to the sovereignty of Chinese identity in cyberspace.

#2: Tightening grip of Taiwan and Hong Kong

Australia has a specific advantage when it comes to projecting force over China: its unique relationship with the United Kingdom, a country with practical experience of subduing China in its colonial past. We can find friends still loyal to the British Empire—trusted “insiders” who can be leveraged to help the offensive. While the mainland and Beijing still see these “separatist allies” as a challenge in a geopolitical sense, the distinction also applies in cyberspace. These allies have a significant position serving the mainland economy, specifically when it comes to exports.

For Australia and its allies, the natural first step to achieving dominance over China would be to gain greater influence of Hong Kong and Taiwan. An increase in pro-Australian cyberspace in these regions would directly damage the interests, intelligence, trade and logistics of mainland China. We can well imagine the outcome of such events by studying the effect of the current US– China trade war, where analysts have suggested that Taiwanese businesses may move their operations out of mainland China if the dispute gets any worse.

A multi-tactical approach could prove challenging for Australian strategists considering offensive capabilities because, historically, the country has limited experience of manipulating other governments and nations. On the contrary, Australia has devoted itself to the strengths of coherence, uniformity and liberalism and—dare we say—a certain post-Christian purity. This can significantly weaken its offensive capabilities in cyberspace, to the possible extent of elevating China to an ideological position of strength. And for this very reason, Australia would do well to strengthen its relationship with its existing allies, both in the real world and in cyberspace, as it can use them to do its dirty work while keeping its squeaky-clean reputation intact.

If Australia managed to adopt this modern post-territorial, post-national and indeed post-Christian attitude, it would then be in a position to challenge the Dragon.

#3: Exploit, unhook and weaponize the periphery

China has a particular weakness when it comes to ensuring the defence of its sovereignty in cyberspace: geography. The sheer size, diversity and number of neighbours make its telecom infrastructure, the foundation of cyberspace, difficult to defend, leaving it vulnerable to various cyberattacks. With the goal of bridging the digital divide among regions, China is progressively relaxing its control over its Telecommunication infrastructure. It now depends on private and foreign investors to build infrastructure for achieving connectivity in rural areas, and, as a result, China’s attack surface has naturally increased, exposing it to be infiltrated and destroyed.

It is important to appreciate that although its strength is seemingly concentrated around centres of trade, China also has the benefit of a large “backyard”. For modern China, national cyberspace is an important asset in ensuring and maintaining that dependence on its rural population and territories. Australia and its allies have a de-facto superiority in cyberspace and thus could target that dependency. Projecting force in cyberspace, combined with US led targeted kinetic force, would cut that critical lifeline of dependency and supply—if not for the whole country, at least for part—and thus achieve “a victory without a fight”.

#4: Disrupt exported IT services and products

India has been publicly noted as a remarkable target of Chinese exports, particularly when it comes to the telecom industry and IT. While China also has many other trade partners, this particular relationship has specific offensive potential because of common strategic alliances.

Despite its lack of physical borders and territories, cyberspace has seen the formation of specific cyber-inspired national identities. And for China as well, this kind of “Network Sovereignty” in cyberspace has been a publicly stated strategic objective. At the same time, as “The Great Game” lives on in cyberspace, targeted attacks on “foreign soil” have become increasingly common.

Dependence on the supply of Chinese services, products and devices also has important implications when considering force projection against Chinese network sovereignty. Attacking this relationship may disrupt trade relations as well as economic and domestic intelligence capabilities. Indian cyberspace can act as fertile and ideal “foreign soil”, as an integral partner for the Australian interests and mature relationship with the target regime.

#5: Distribution of narcotics and the establishment of black markets

Nothing should prevent a British coalition from deploying tricks that they’ve used before, one of them the love-child of the Western powers: narcotics. With reputed links to cyberspace, seemingly black and “free” markets can and already have been used to effectively spread narcotics into areas of specific interest to an oppressor. The dependence that comes as part of the package is a powerful “hedge” for the attacker, and it is no accident that people like Philippines President Duterte have launched anti-narcotics campaigns with the primary aim of denigrating their political opponents.

This line of attack harks back to the British Empire’s historic dealings in the opium trade and their various consequences for China, manifested in the form of civil disobedience, social disorder, the opening up of so-called “treaty ports” to foreign merchants, and the ceding of Hong Kong Island tothe British. Repercussions of these times continue to resonate throughout cyberspace— in the— in the pseudo-anonymity of the “dark web”, for example.

#6: Take over related TLD’s and deploy homoglyphs

China has been particularly active in establishing new top-level domains (TLDs). The use of these new domains remains comparatively low, which makes this a potentially interesting attack vector. As the general public and many organizations may yet be unaware of this vulnerability, the level of protective measures deployed to control related risks is relatively low. New TLD’s therefore provide an extremely encouraging vector for attacks related to deception, cyber-presence, takeover and denial of service. Remarkable differences between China and Australia in languages, traditions and typing-scripts make this attack vector particularly promising in this context.

The whole range of Unicode characters provides a uniform set that combines different and incompatible concepts as one. This is an inherently dangerous thing to do. Rogue DNS registrations have routinely been used in malware campaigns, and certification authorities have also been compromised in nation-state sponsored cyberattacks before. In the scenario of Australia vs China, where the gap between languages and traditions is extremely wide, the vector carries a particularly high degree of potential.

De facto control over registrars will be an increasingly crucial capability, not only between Australia and China.

#7: Weaponize bitcoin miners and cryptocurrency networks

Chinese cyberspace is known to host a large share of the Bitcoin processing network, and many “de-dollarization” efforts have led people to migrate into using cryptocurrencies. Similar to opium users, many communities have adopted cryptocurrencies for practical reasons, leaving themselves and their information assets vulnerable to future attacks and dependency. Many people have “invested” in crypto markets in order to “get rich quick”, but while doing so, they have failed to protect their computing systems and crypto wallets.

Australian and Chinese society are remarkably different from one another. The question is not so much about the technical capability of cyber-resilience but more to do with socio-political maturity and agility. In this, China has a clear social advantage, yet the careless adoption of cryptocurrencies can easily open up a specific window of attack. And Australia has the technical and political position of strength, motivation and opportunity to exploit this large attack surface in China.

#8: Mask yourself Chinese, infiltrate and sabotage low-level (destroy mass loyalty)

Cyberwar is a process of forming modern post-territorial identities. In this respect, Beijing is strong and Australia weak. Why? Because, in Australia, power structures and much of the national identity were formed in a process that could well be described as a euphoria of nationalism. Beijing, however, is the core of a sphere of influence.

Cyber warfare is not only about the balance between existing entities; it’s also about modern identities, regimes and ideologies. In this game, Australia cannot defeat China, because the concept of China is not equal to that of Australia. To beat China in cyberspace, one would need to become like China. In this kaleidoscopic capability, Australia has the technical advantage, yet China’s legacy of intelligence, surveillance and deception is on a scale and depth that cannot be outplayed by cheap technical tricks.

Key to the infiltration and invasion of Chinese cyberspace is to develop an agile capability to “blend in” en-masse from below.

#9: Deny the existence of national identity in cyberspace

One way to deny the nationalization of Chinese cyberspace is to exclude and destroy its structures and presence outside China. This is easier and wiser than attempting to influence the centre of power or the national identity within the country. Yet, the destructive power could be remarkable, at least in the area of national identity.

Disrupting Chinese identity in cyberspace could be achieved with the aid of the “alliance” that more or less still resembles the origins of cyberspace and thus also the major players on the international stage, post-WW2 states that are now undergoing their own process of re-legitimation. The elimination of national identities from the Internet already has strong support among certain circles today, and in conjunction with a fertile political environment between the US and China, the act of eliminating the Chinese identity from cyberspace could be achieved through proxy by Australia leveraging its strong US relationship.

#10: Weaponize ASEAN, invite China into a trap

International organizations are a vital asset in post-nationalization efforts. It is not unheard of for such organizations to have been used for political imperialism and—in the case being considered here—in a struggle between two nations, it could very well be appropriate and beneficial to use some of these organizations rather than embarking on a purely bi-lateral campaign. Indeed, when it comes to ASEAN, there is already a strong Western influence in the organization that could be used as a vehicle to gain dominance and superiority in Chinese cyberspace.

An international trade coalition like ASEAN can have a remarkable influence on the socio-political situation. International organizations can facilitate the projection of force onto an economic and political system—more to the point, they can influence the administration and regulation of cyberspace. Relying on these potential powers in one organization, Australia could be “on top” in cyberspace even with the more mature and powerful China, at least when it comes to policy development.

Winning without a fight

Many modern Western military strategy schools take Sun Tzu’s famous notions as those of a modern Clausewitz, a misconception they embrace throughout their entire career. This must be amusing to some Chinese scholars, in that it allows China to hold its position and let others make all the bad moves. In this article, we have tried to introduce a modern, even radical interpretation of both Sino-Australian and, by implication, Sino-American relations. Ongoing cyberwar and various parallel kinetic theatres, we claim, are integral parts of this development of the post-Marshallian order.

Recent Blogs