As U.S. leaders contemplate a proper definition for “cyberwar,” their counterparts in China have been building a unit capable of fighting such a large-scale conflict.
China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force (SSF), is quietly growing at a time when the country’s sizable military is striving to excel in the digital domain.
Though the American government is widely considered to be one of the premier hacking powers — alongside Israel, Germany, Russia and the United Kingdom — China is rapidly catching up by following a drastically different model.
The SSF uniquely conducts several different missions simultaneously that in the U.S. would be happening at the National Security Agency, Army, Air Force, Department of Homeland Security, NASA, State Department and Cyber Command, among others.
If you combined all of those government entities and added companies like Intel, Boeing and Google to the mix, then you would come close to how the SSF is built to operate.
Examining the development of the SSF in relation to Cyber Command provides a view of how two of the world’s most influential countries see the future of conflict. The U.S. agency is a similarly nascent organization but with a more narrow focus and three definitive missions: to protect Defense Department networks, to launch computer network attacks in support of combatant commanders and to “ensure US/Allied freedom of action in cyberspace.” Cyber Command has yet to be elevated to a unified combatant command and as a result, remains tied at the hip to the NSA.
After two years in development, China’s SSF is now positioned to surpass its U.S. counterpart in capabilities — a position that seemed unattainable a decade ago.
National security analysts and former U.S. defense officials believe the SSF, founded in 2015, is today responsible for conducting many of Beijing’s most sensitive cyber-espionage and propaganda missions.
One former U.S. defense official who spoke to CyberScoop on condition of anonymity to broadly discuss Chinese defense investments, described the SSF as the “most pronounced” threat to America’s “superiority in cyberspace.”
Little is known about the Chinese military outfit, which combines the government’s desire to develop innovative asymmetric warfare capabilities and remotely collect intelligence stored on electronic devices.
“If successful in technological and defense innovation, the SSF could become a vital force for future military competition, as the [People’s Liberation Army of China] seeks to overtake the U.S. military in critical emerging technologies and within these strategic new domains of warfare,” said Elsa Kania, a national security analyst focused on Chinese military developments.
A recently released unclassified report by the Defense Department concerning the state of the PLA highlights the importance of the SSF in the scope of Beijing’s quest to challenge the U.S. in cyber and space weapons development.
“At this point, it’s difficult to come up with a credible estimate of the number of personnel in or budget for the SSF,” Kania said. “I would anticipate that both will be sizable — given the SSF’s apparent scope and scale, as well as the importance of these missions.”
China’s annual defense budget, including a description of resources dedicated to espionage, is kept secret. Chinese government officials have refuted claims in the past that the PLA hacks into foreign targets, although both U.S. lawmakers and private sector researchers have provided evidence to the contrary.
In September 2014, a comprehensive report authored by the Senate Armed Services Committee blamed China for a series of data breaches affecting U.S. Transportation Command contractors. The culprits were able to gain wide access to computers used by these contractors, allowing them to potentially acquire sensitive documents, flight details, credentials and passwords for encrypted emails. Then committee chairman and former Sen. Carl Levin, D-Mich., described the findings as “evidence of China’s aggressive actions in cyberspace.”
The sophisticated cyberattack on the contractors offers an example of the types of operations that would likely be undertaken by SSF personnel today, experts say.
“Historically, China has denied that they had cyber forces. The establishment of the SSF was an important public acknowledgement that they in fact did,” said Adam Segal, director of digital and cyberspace policy at the Council on Foreign Relations.
While most cybersecurity researchers say that Chinese hackers are compromising U.S. government agencies and private businesses less frequently than in years past, the SSF’s progress is noteworthy.
“Chinese leadership has described the SSF as a ‘new-type’ force and force for innovation, incubating some of the [People Liberation Army]’s most advanced capabilities, meaning it will be earmarked significant resources,” said John Costello, a senior analyst with U.S. dark web intelligence firm Flashpoint.
A ‘unique fusion’
In Beijing, the original establishment of the SSF underscored an explicit and expansive reorganization directive with the goal of better integrating and capitalizing on the PLA’s diversity of existing cyber-espionage and disruption, information and space operations, explained Amy Chang, an affiliate of the Harvard Belfer Center’s Cyber Security Project.
“The SSF reflects a broader conception of cyber operations than that assumed by U.S. armed forces,” said Segal, specifically by Cyber Command. For example, information operations, also known as psychological warfare, is aligned with China’s offensive cyber mission because of the way Chinese military officials generally understand cybersecurity.
“Whenever information is shared online it becomes data… and data [manipulation] is cyber to them,” described Chang. “It’s different for the Chinese… They don’t think about ‘cyber’ the way that Americans do.”
NSA Director and U.S. Cyber Command head Adm. Michael Rogers told lawmakers in May that Cyber Command is not “optimized” to combat information operations orchestrated by foreign powers because it’s not considered a core responsibility.
Some of the differences that exist between China’s conception of a cyberwar fighting group and the U.S.’s approach come from a difference of military doctrine, domestic rule of law and cultural norms.
While the U.S. military is guided by the Constitution to answer to the American public, the PLA fundamentally supports the ruling party — generals and other top Chinese defense officials are recognized party members. The SSF is, as a result, an extension of The Communist Party of China; targeting dissidents, local hackers and anyone else viewed as a domestic threat is as much a part of its mission as is international espionage.
Private companies in China can be compelled and otherwise pressured to comply with a government mandate, but the same cannot be said in the U.S. — where strict legal boundaries make it at least more difficult for Washington to force action on the part of a business.
“You can think of the SSF as this unique fusion of different Chinese military and commercial organizations,” Dean Cheng, a Chinese political and security affairs expert with Washington, D.C.-based think tank The Heritage Foundation, told CyberScoop. “Everything is sort of mixed together to accomplish whatever mission the state throws at it.”
The distinction is significant when it comes to intelligence gathering missions that focus on the internet, which is largely owned and operated by private corporations, and via personal computer networks. U.S. intelligence agencies are still working to repair their relationships with Silicon Valley’s tech corridor after the Edward Snowden revelations, causing many private technology firms to be hesitant about cooperation.
“There’s really nothing like [the SSF] in America,” said Cheng.”And that’s probably for a good reason.”
Segments of the country’s 3PLA, China’s version of the NSA, and 4PLA, a clandestine unit responsible for electronic warfare and information operations, were consolidated into the SSF two years ago. As a result, known Chinese military-linked hacking groups — including APT12 and the infamous APT1, which had been previously exposed by U.S. cybersecurity firms like FireEye — are likely now a part of the support force.
“China is not reinventing the wheel, it’s not creating whole new organizations. It has built the SSF with bricks, not clay, pulling and consolidating the force from previous existing organizations and renaming them,” said Costello, a former congressional innovation fellow with the House Committee on Oversight and Government Reform.
The recent consolidation of China’s cyber talent isn’t necessarily surprising either.
“The PLA previously did something similar with the Second Artillery Corps, the predecessor to the PLA Rocket Force,” explained Costello. “They elevated their nuclear research and testing arm of the Army directly under leadership control in a similar way to the SSF. The decades that followed saw significant progress in nuclear mobile missiles and strategic missile technology.”
He added, “Through the SSF, the Chinese military appears to be trying to apply that same success to cyber.”
A U.S. response
The maturation of the SSF was closely monitored by the Defense Department during the Obama administration, according to Eric Rosenbach, former chief of staff to Obama-era Defense Secretary Ashton Carter, and represents the culmination of China’s decades-long effort to build a streamlined force capable of effectively leveraging space, cyber, electronic and other information warfare techniques.
Under Carter’s leadership, the Defense Department pursued the development of what it called its “Third Offset Strategy,” a subtly defined effort to acquire “next generation technologies and concepts to assure U.S. military superiority,” a significant part of which included digital warfare and cyber-espionage technologies.
Originally revealed in the final year of the Obama administration, one of the primary inspirations for launching the strategy was China’s decision to launch the SSF.
“Our Third Offset strategy was in part motivated by China’s advancements, by the SSF’s standup,” Rosenbach told CyberScoop. “We saw what [China] was doing, with the reorganization and that they were focusing on cyber and obviously we took it seriously.”
Recent reports in The New York Times and Washington Post, have cast doubt on Cyber Command’s ability to effectively “drop cyber bombs” on the so-called Islamic State, prompting questions about their current capacity to support and provide value to soldiers in the battlefield. The organization is expected to receive a significant boost in funding over the next several years.
Competing with China on research and development breakthroughs involving not just cyber defense and offense, but also related to artificial intelligence and quantum computing, has become a key element of the U.S.’ boundless national security strategy.
“I can assure you that there are people at the DoD right now that understand how important the SSF is in relation to U.S. [national] security,” said Rosenbach.
“It’s probably similar to the U.S. from a labor standpoint,” Rosenbach said of the SSF’s workforce, “but it’s hard to say for sure. We probably have greater technical capability … [although] China is working to change that.”
Former NSA Director Keith Alexander recently complained that the U.S. government’s own cybersecurity efforts were too “stovepiped.” Alexander asked Congress to consider restructuring the way the government handles computer-based threats.
“When we talk to the agencies they don’t understand their roles and responsibilities,” Alexander previously said. “Yes, I do think it should be brought together … I believe there is a way to get around this lack of a strategy by setting up a [new] framework.”
According to a December analysis by global consulting firm Booz Allen Hamilton, Chinese cyber-espionage against American companies and government properties is predicted to increase during President Trump’s first year in office.
Director of National Intelligence Dan Coats recently told lawmakers that Chinese hacking against U.S. targets is ongoing but “at volumes significantly lower” than in 2015.
“We assess that Beijing will continue actively targeting the U.S. government, its allies, and U.S. companies for cyber espionage,” Coats said in his written testimony. “Beijing has … selectively used offensive cyber operations against foreign targets that it probably believes threaten Chinese domestic stability or regime legitimacy.”