A look at China’s cyberwar planning 

China has an extensive cyber war/espionage system

Jason Lee / Reuters

China’s cyberwar preparations are secret. But here’s some of what’s known, as detailed in the report “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” written by three information security analysts at Northrop Grumman. Here we take a look at some of the facts from that report.

Kevin Zhao / Reuters

Historically, the People’s Republic of China (PRC) and its military, the People’s Liberation Army (PLA), first established what it calls its “Integrated Network Electronic Warfare (INEW)” strategy in 2002 as basic policy.

Jason Lee / Reuters

In 2010, PLA’s General Staff Directorate organized what’s known as the “Information Assurance Base” to centralize command of network operations for defensive and possibly offensive electronic warfare.


Among several PLA joint exercises, “Mission Action 2010”, a 30,000 troop- multi-region exercise held from Oct. 10 to Nov. 3 involved large-scale joint operations featured attacks on participant command and control systems by computer network operations units.


Among military efforts funded at dozens of universities, Shanghai Jiao Tong University’s Department of Computer Science and Engineering has developed a simulation module for “network warfare countermeasures” to test high-volume denial-of-service attacks.

Claro Cortes / Reuters

Responsibility for computer network exploitation and network defense appears to belong to the “Third Department” in the PLA’s 4-part General Staff Department.

Petar Kujundzic / Reuters

The “Third Department” maintains ground stations for long-range intelligence collection from ships, tactical mobile ground systems and airborne. It’s believed to also have as many as 130,000 trained linguists, technicians, academic specialists and defense industry analysts.

Joe Chan / Reuters

Also believed to be part of the “Third Department,” the PLA maintains “Technical Reconnaissance Bureaus” with probable SIGINT collection missions located in the Lanzhou, Jinan, Chengdu, Guangzhou and Beijing military regions.

Jason Lee / Reuters

The “Third Department” is also believed to maintain a security testing, evaluation and certification center, which certifies all PLA secrecy protection products, a function performed through the PRC State Secrecy Bureau.

Jason Lee / Reuters

PLA’s GSD “Fourth Department,” the signals intelligence collector, is traditionally responsible for electronic warfare and has assumed responsibility for computer network attack.

China Daily China Daily Information Corp - CDIC / Reuters

The “Fourth Department” oversees electronic counter-measures which are largely integrated with group army command structures in regions of China.  It supports include satellite, radar and GPS jamming, plus attacks with computer network attack tools.


A “cross-service Information Warfare Leadership Group” and a “Military Information Network Protection Bureau” were established within the PLA’s Communications Department as early as 2010. Last June, the “Communications Department” was re-organized under the name “Informationization Department."

Stringer China / Reuters

Informationization is a term to encourage modernization of the military by making sure recruits have skills in high-tech areas for purposes of information warfare.

By 2005, the Chengdu military region had created over 290 separate electronic warfare, network warfare and psychological warfare units as the result of integrating staff from local information technology companies, according to official PLA media. Here is a shot of a meeting to Establish the Yongning County Information Warfare Militia, Northop said.


Another government agency, the Ministry of Public Security, certifies commercial sector products for use in PRC government systems and also funds university research in hardware and software.

Stringer Shanghai / Reuters

The state supervises Chinese defense industries through the Ministry of Industry and Information Technology created in 2008, which consolidated several national-defense-oriented departments.

Here is a diagram of the data exfiltration operation attributed to a sophisticated — possibly state sponsored — intrusion into a U.S. commercial network.