China’s Information Warfare Strategy and its implications for India

“If you know your enemy and know yourself, you need not fear the result of a hundred battles “

– Sun Tzu

Introduction

Since ages, information is considered the key to success in any operation or war by Great Generals and Strategists. The information has resulted in the fall or rise of many empires. It is very much evident from the book named, Art of War by General Sun Tzu, where he articulates that, vital information of the enemies will let us assess his strengths, weakness and opportunities and will eventually give us a strategic advantage and victories in the battles which were being fought. It also cautions that the protection of information is a must to win a war.

The advent of the Internet has resulted in a paradigm shift in information warfare (IW). It has led to a new dimension, were cyberspace has been used to conduct virtual information operations to gain sensitive information. The concept of Information Warfare involves information as the target and the information as the tool to carry out the Information operation. Information Operations are broadly classified, into two, namely defensive and offensive.

The information has been playing an indispensable role in every aspect of Society & human relations. Hence is used as an art of warfare, where information collected through intelligence and cyber espionage, are assessed and manipulated via disinformation campaign, propaganda, fake news and influences the targeted adversaries to the advantage or the will of the state. In the present world, International relations contested geostrategic issues and power competitions between the states, the rivalling states, compel each other to indulge in Information warfare, to utilise the vital information of the rival nation. Information warfare is a part of the Three Warfare Strategy and Assassin mace strategy.

China’s IW Strategy

The ultimate aim of the Chinese Information Warfare (Xinxi Zhanzheng) Strategy is Information Dominance (Zhixinxiquan).^[4]The Chinese IW strategy is uniquely referred to as Integrated Network Electronic Warfare (EINW), mainly due to the composition of various elements of electronic warfare and network-centric warfare techniques. The basic concept of Chinese IW strategy is to deter & disrupt the adversaries capability to use data by targeting its critical information system and decision-making process, which will eventually affect the adversary will or ability to fight. And to gather sensitive information from the adversary by conducting cyber espionage and psychological operations.

The Chinese IW strategy is, strategically implemented by carrying out Information Operations (IO) across the global cyberspace. The Information operations can be further classified, into two types expressly, Offensive information Operations (OIO) and Defensive information operations.

The offensive information operations include methods and techniques to disrupt an enemies information structure and cyber espionage. Whereas the Defensive information operations were, aimed at ensuring information security, i.e. protection critical information system from incoming enemy attempts to disruption. There are five core components of Chinese IW strategy namely,

Substantive Destruction: Destruction of targets command and control (C2) setup using military power.
Electronic Warfare (EW): The application of advanced electronic equipment to disrupt the communication system.
Military Deception: Use of illusions, simulators and other shields to outsmart the adversaries intelligence system.
Operational Secrecy: Ensuring the secrecy of the operational plan using counter-intelligence measures.
Psychological Warfare: Application of Psychological factors such as propaganda, disinformation, media, social platforms to change the psychology of the enemy.

In any Information operation, these components are prerequisites for the accomplishing the objective and attaining victory. The strategy articulates on, deep strike (Zongshen Zuozhan) – the ability to make severe impacts on the adversaries, Seamless Operation (Feixianxing Zuzhan) – smooth and perfection in carrying out attacks on the target and other techniques used in psychological warfare to change the psychological setup of the target. ^[2]

The PLA and its PLA Strategic Support Force (PLASSF) Networks Systems Department has been indulging in information operations for quite a long time. They have their dedicated units as well as civilians support in carrying out Information operations.

The so-called unit 61398, headquartered in Pudong district of China’s Shanghai province, is considered as one of the core units which carry out concealed information operations against the nations in the global cyberspace such as, the US, India, Russia, and Australia.

Other units such as APT41 (Advanced Persistent Threat group 41), Chinese state-sponsored espionage activities are carried out by these groups. Honker Union, Hidden Lynx and other militia groups are, backed by the PLA and its forces.

Target areas of Chinese Information Operation

The Chinese leadership firmly, believes that a joint offensive IW will be a significant factor for victory in operation. The Chinese Information Warfare are predominantly targeted, on

Critical Information Storage Systems,
C4ISR (Command, Control, Communication, Computers, Intelligence, Surveillance, Reconnaissance) & logistical systems,
Decision support and fire control systems,
Navigation and guidance systems of platforms,
Social media platforms,
Public web domains, and
Other Internet of Things (IoT) of the adversaries.
They search for a weak spot, to penetrate the adversaries cyberspace. To gain root access to their servers or to compromise a vulnerable computer system, which can lead them to the main computer networks. ^[3]

Implications for India

According to the Cert-In reports, there has been an array of critical cyber-attacks associated with Information Operations carried out by the Chinese on India, targeted on both government and public domain. The nation has been witnessing Chinese Cyber-attacks since the first recorded cyber-attack on India was on the computers of BARC (Bhabha Atomic Research Centre) in June 1998.

Some of the significant Chinese information operations and their implications are namely,

In 2010, China used the Stuxnet worm to compromise Indian communication satellite, led to the loss of TV signals for many. The government created the National Critical Information Infrastructure Protection Centre (NCIIPC) as a measure, to predict and prevent information breaches in the future.
In 2012, Chinese malware-infected computers in the campus of Indian Eastern Naval Command. [4] The incident had a significant impact, as the command was responsible for the security of Indias Eastern border and other strategic assets. In response to it, the Indian Navy issued an advisory to the officers regarding usage of, computers and other IoTs within the establishments.
Likewise, in 2013, computers in the DRDO had been compromised by the Chinese and a large number of electronic files were stolen and diverted to a server located in Guangdong Province in China.^[5]
Moreover, Information operations are carried out not only on targeting Defence & Security domains. Incidents were related to, Information operations also reported in Indian Space Research Organisation (ISRO), BSNL other Public sector undertakings. They also targeted other fields such as Banking & Finance, Public Healthcare, Industries, consumer domains.
Disinformation and hate propaganda and other instruments of Psychological operations, such as media campaign, virtual deceptions were used by the Chinese, via posts in the Social media platforms such as Facebook, Instagram and Twitter.

Additionally, the number of cyberattacks tend to increase after any Major events in India. For Instance, after demonetisation of banknotes, 80,000 cyber-attacks have reported & in the post-Galwan clash, more than 40,300 attacks were reported, in Indian cyberspace. A 200 per cent rise in Chinses cyberattacks in a month after the Galwan Clash, mainly motivated to steal sensitive information. ^[6]

Conclusion

In India, Defence Information Assurance and Research Agency (DIARA), (earlier known as the Defence Information Warfare Agency (DIWA), under the Defence Intelligence Agency, is responsible for dealing with all matters on Information warfare.^[7]The Indian Army has recently created a dedicated post of Director General of Information Warfare (DGIW), under the Deputy Chief of Army Staff, Strategy.^[8] The Cert-In (Indian Computer Emergency Response Team) under the Ministry of Electronics and Information Technology (MeitY), has also played its vital role by creating proactive measures. As a positive response, India banned more than 150 apps, including Tik Tok, PUBG and other utility apps.

Some of the major takeaways:

India has to strengthen its existing information security and cryptography technologies, should develop a firewall, like the Chinese Great Firewall, to stop the incoming cyber-attacks disinformation campaign and other cyber information operations.
India should take proactive measures to indigenously develop softwares and other hardware components for Defence and Security establishment.
Must enhance Information security through robust security structure and monitoring system to monitor disinformation circulating in the social media platforms..
Should take necessary measure to minimise vulnerable entry points in the cyberspace.

Moreover, India needs a whole-of-nation approach, i.e. the civilians support, to prevent, neutralise and protect the cyberspace. A well designed and robust information security framework for maintain a secure cyberspace and to deter information threats and challenges emanating from the rivals.

End-Notes: