What is the PLA Cyberspace Strategic Intelligence Research Center?

Earlier this week there was an interesting announcement on China Military Online (the online version of the official newspaper of the Chinese military):

The Cyberspace Strategic Intelligence Research Center was officially founded at an information center of the General Armaments Department (GAD) of the Chinese People’s Liberation Army (PLA) on June 26, 2014. Experts believe that the center will provide strong support in obtaining high-quality intelligence research findings and help China gain advantage in national information security.

. . . .

The center is designed to become an authoritative research resource for Internet intelligence, build a highly-efficient cyberspace dynamically-tracking research system, provide high-end services for hot and major issues, and explore approaches of intelligence analysis as well as identification and appraisal with cyberspace characteristics.

. . . .

The center will adopt the expert engagement system as the basic organization form, engaging experts from such key equipment and technology development fields as cyberspace situation awareness and fundamental research while giving attention to such key development directions as strategic policies.

Bill Gertz, with his characteristic attentiveness to these kinds of things, wrote an article about this yesterday, in which he pondered the curiosity of announcing a new “military cyber spying center” so soon after the U.S. criminal indictment of five PLA hackers. Other well-informed sources echoed this sentiment:

Michelle Van Cleave, former DNI national counterintelligence executive, a senior counterspy policymaker, said the PLA announcement is interesting for its timing.

“In May, we indict five PLA officers for cyber espionage against the U.S. and the Chinese deny the charges,” she said in an email. “Next they announce a whole new center dedicated to the same thing, only now they’re calling it research.”

But is that what is really going on here?

One thing to note is that the host institution for this new Center is the PLA’s General Armaments Department (GAD).  The GAD is one of four top-level headquarters elements for the PLA, the others being the General Staff Department (with responsibility for operations and intelligence), the General Political Department (political and ideological affairs), and the General Logistics Department (quartermaster functions other than weapons).  It is effectively a weapons R&D and procurement organization, with no direct operational responsibilities.  “Spying” per se is an operations matter that, as far as the PLA goes, would be managed by the GSD’s Third Department,¹ not by the weapons labs of the GAD.  Indeed, this appears to have been the case for the PLA hacking units operating under the cover designators “61398” and “61486”:

Last year, the private security firm Mandiant first disclosed that a Shanghai-based military group, Unit 61398, was engaged in cyber espionage.

The five PLA military hackers indicted May 1 were part of this unit.

Then last month the firm CrowdStrike revealed a second cyber espionage group, called Unit 61486, also based in Shanghai. It attacked and penetrated U.S. defense, satellite, and aerospace companies, as well as similar targets in Europe, since 2007.

Those two units are part of the PLA General Staff Department in charge of intelligence.

Admittedly, the opaque language used in the description of the new Center’s function (probably exacerbated by translation issues) doesn’t help.  But jargon in the cyber domain is still pretty fuzz-laden even in English (ask ten people what “cyber intelligence” means and you’ll get answers ranging from ordinary malware reports to “any sensitive data obtained through unauthorized network access”).  Judging from the context, my guess is that the Center is really supposed to be focused on what we used to call network security research.  The reference to “expert engagement” and “specially invited experts” suggests that the Center is a military-hosted interagency point of engagement for the various other centers of cyber expertise elsewhere in the Chinese government, such as the Academy of Military Sciences and the Chinese Academy of Sciences, neither of which report up through the GAD.

Now, this does not mean that the Center’s purpose is innocuous.  By their nature the applications for this kind of research are never limited solely to defensive matters, and that same research would doubtless be used to develop tools useful for cyber espionage and offensive mischief.  The GAD is, after all, a weapons development institution.  But actual spying activities themselves would be handled by an operational unit, and the existence of this Center does not by itself speak to the actual existence or nonexistence of operational activity.

The other caveat, of course, is that I am only interpreting the article — in other words, what the Chinese government intends to convey to the public, which may or may not reflect what is actually going on behind the scenes.  Nonetheless, it is important to understand the nature of their public rhetoric to get a picture of what they’re doing.  Similar to our own “critical infrastructure protection” initiatives over the past 15 years, the Chinese government has recently floated the idea that defensive cyber needs to be a national priority.  In that light, the announcement of this Center is neither rank hypocrisy nor an accidental confession to cyber espionage, but rather a logical extension of the Chinese government’s stated commitment to defensive cyber (and, they would argue, wholly consistent with their denial of U.S. charges regarding offensive intelligence operations).  Do I believe their denial?  No.  But this announcement doesn’t have much to do with it.

¹ I originally said the Second Department (military intelligence), but, of course, cyber belongs within the purview of the Third Department, the GSD branch traditionally responsible for SIGINT.  As the cyber order-of-battle continues to evolve, some analysts also believe that the Fourth Department (ELINT) also plays a cyber role.  More on this in a separate post.

Comments (1) | Trackback

Yankee Station, with Chinese Characteristics

Last month there was a well-publicized kerfuffle after a Dec. 5 encounter between USS Cowpens (CG 63) and several Chinese Navy ships in the South China Sea.  The PLAN had a (relatively large) task force centered on celebrity training aircraft carrier Liaoning (pennant #16), together with both of the fleet’s Type 051C (Luzhou-class) destroyers and two Type 054A (Jiangkai II-class) frigates from the North Sea Fleet.  Apparently Cowpens got too close for the PLAN’s liking, and one of the Chinese ships (interestingly, not one of the North Sea Fleet surface combatants, but rather a lightly-armed Type 072 LST accompanying the group) “aggressively” maneuvered to block the American cruiser.  Everyone called “all stop”, and after a brief bridge-to-bridge exchange between Cowpens and Liaoning‘s captain (English-speaking, British-educated Senior Captain Zhang Zheng), the parties went their separate ways.  Diplomatic back-and-forth continued for a week or two afterward (with some calling for an Incidents at Sea agreement between the U.S. and China), but the issue has since died down.  Liaoning returned to her home port on Jan. 1.  The Chinese are still coming to RIMPAC later this year.

As is fairly typical for military exercises that China wishes to publicize (almost all of them, these days), the Chinese Maritime Safety Administration did publish a notice identifying the exercise zone and warning that “no vessel is allowed to enter the designated maritime areas.”  This sort of jealous approach to their use of international waters raises the usual freedom of navigation objection, and although everybody agrees that there are legitimate concerns about self-defense, one gets the sense that this would all go easier if they were a little less brusque about the whole thing.  Blue water isn’t just about logistics and command-and-control; it is about sharing the playground.

In any event, the legal discussion is not today’s topic.  I decided to plot the exercise zone, just to get a feel for where this was.  The Chinese set aside three numbered “Maritime Areas” to the south and east of Hainan Island.  The two western boxes (Maritime Areas 1 and 2) were right up against Chinese territorial waters (in fact the edges of the boxes overlap the 12-mile limit).  The easternmost box (Maritime Area 3) is about 50 miles off the coast of Hainan.  It is not clear in which box the Cowpens encounter took place, but it seems to have occurred on the first day of the exercise.

PLAN SCS 12-2014

Looking at the chart, it struck me how close these waters are to Yankee Station, the U.S. carrier operating zone from which naval air strikes were launched against North Vietnam between 1964 and 1973 (I’ve plotted its location above).  Indeed, Yankee Station is just about 50 miles to the west of the PLAN’s Maritime Area 2.  Perhaps the Chinese, ever attentive to American military precedent, are hoping that some of the hard-won know-how developed in these waters a half-century ago will rub off.

Comments (2) | Trackback


I converted over the long table of Russian ship names last weekend, a task that, remarkably, turned out to be even more tedious than I had imagined.  Somewhere in the course of doing endless find-and-replace searches to strip out useless tags inserted by Microsoft FrontPage, I realized that managing these things would be a lot easier if only I would step out of 1998 and actually put some of this stuff into a database.  (This would also simplify updates to the air campaign tables, which currently exist as five separate hard-coded web pages.)

So, the lunacy continues: I am now learning MySQL/PHP.  Hope to have a test database up this weekend.

In more substantive news, the Chinese appear to have flown the J-20.  More interesting is the manner of the reveal:

Ma Xing and Zhang Jun may believe their obsession with all things military is just a hobby. That may be true but earlier this week, they saw something that made headlines across the world, and turned them into celebrities.

They got some of the earliest glimpses of China’s first stealth fighter plane.

In December, after word about a possible radar-evading plane circulated on the Internet, both men began monitoring a local airport widely considered the home base of such planes.

This is the PRC, mind you, where traditional attitudes toward “state secrets” are not ordinarily conducive to amateurs watching “local airports” where unannounced fifth-generation stealth fighters happen to be based.  Especially amateurs with websites:

Each time he saw something worthy of sharing, he told his friend, who passed it on to Zhang, 32, another military fan in Jiangsu Province. Zhang posted the information on fyjs.cn, a military forum he established in 2004.

On Tuesday, after Ma saw the J-20, he immediately called his friend, and Zhang did not wasted a moment before he posted the news on his website.

Domestic newspapers, such as Shanghai-based Oriental Morning Post, referred to Zhang’s website. Zhang was surprised that even the Wall Street Journal quoted his website.

“I thought the website was just a platform for interaction between military enthusiasts. I did not think that both the domestic and foreign media will be concerned about it,” Zhang said. “The military strength of China is enhancing, which enables the country to have an impact on the international stage.”

Official, unofficial, or “unofficial,” the proliferation of open sources on Chinese military modernization makes for an interesting picture.  The times, they do change.

No comments | Trackback
Powered by WordPress