July 16, 2012

New US Paper on China's NSA (aka PLA GSD Third Department)


MAP - Global Security gives directions to the HQ of China's NSA (the PLA ("3rd Department") or one could call it PLA-IT) "...covertly located. Situated on the road between the Summer Palace and Xiangshan [Fragrant Hills], it is far from downtown and there is no plate or signboard at the gate."
-
The Washington thinktank knowns as the Project 2049 Institute, drawing on the experience of US  Defense intelligence alumni and declassified information, has produced a detailed paper on China's Defence Sigint and Infosec Service. The paper's full title is The Chinese People's Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure, of November 11, 2011 by Mark A. Stokes, Jenny Lin and L.C. Russell Hsiao. Its full string is here https://project2049.net/2011/11/11/the-chinese-peoples-liberation-army-signals-intelligence-and-cyber-reconnaissance-infrastructure/

Here are some excerpts (some I've bolded) on each page reflecting some of the more interesting details:

Summary/Abstract

By: Mark Stokes, Jenny Lin, and Russell Hsiao |
This study offers a tentative baseline for assessing the GSD Third Department, affiliated Technical Reconnaissance Bureaus (TRBs), and supporting research and development organizations. An examination of this organization, its role and function would provide a mosaic with which to better evaluate China‘s signal intelligence and cyber-infrastructure. The data points assembled by this monograph points to an expansive yet stovepiped organization responsible for various facets of technical reconnaissance, including collection of wireless line of sight communications, satellite communications, cyber surveillance, network traffic analysis, network security, encryption and decryption, translation, and political, military, and economic analysis
 
p.2 "This overview offers a preliminary examination of the PLA [General Staff Department] GSD Third Department, China‘s premier cryptologic service. The CCP owes its success during the Chinese Civil War to signals intelligence (SIGINT) derived from interception and decoding of telegrams and radio communications. With modest origins in the 1930s, the Third Department was previously known as the Central Military Commission (CMC) Second Bureau and consisted of three entities responsible for collection, translation, and deciphering/encryption.

Today, the GSD Third Department and its counterparts within the PLA‘s Military Regions (MRs), Air Force, Navy, and Second Artillery oversee a vast infrastructure for monitoring communications traffic from collection sites inside China, possibly from embassies and other facilities abroad, and perhaps from space-based assets in the future. Its network of assets are able — assuming sufficient interest and barring sophisticated encryption — to monitor almost any radio communication or phone call within line of sight of Third Department SIGINT...
 
p. 3 "...On the other hand, faced with increasing challenges to its communication systems and computer networks, the Third Department also has assumed the responsibility for assuring the security of PLA computer systems in order to prevent foreign adversaries from gaining access to sensitive national security information. These functions are encompassed under the concept of technical reconnaissance which is the foundation of ―informatized warfare.

Like its American counterpart, the National Security Agency (NSA), the GSD Third Department appears to be diversifying its traditional SIGINT mission. Cyber surveillance, or computer network exploitation (CNE) in the U.S. lexicon, represents the cutting edge of SIGINT and the Third Department may serve as the national executive agent for CNE. The GSD Third Department stands as a reasonable choice to act as the national PRC authority over cyber surveillance because of its traditional core competency in SIGINT, its high performance computing and encryption/decryption technical capabilities, and status as China‘s largest employer of well trained linguists. Computer network operations (CNO) in China often are referred to as network attack and defense, based on the premise that without understanding how to attack, one will not know how to defend. In the U.S. lexicon, CNO includes computer network attack (CNA), CNE, and computer network defense (CND)."
 
p.4 "...the GSD Third Department manages a vast communications intercept infrastructure and cyber surveillance system targeting foreign diplomatic communications, military activity, economic entities, public education institutions, and individuals of interest....One unconfirmed report credits the Third Department with as many as 130,000 personnel working in general headquarters staff positions, 12 operational bureaus, and three research institutes.

Major General Meng Xuezheng is reported to be serving as the Third Department Director. Meng appears to have replaced Lieutenant General Wu Guohua [Director 2005 - December 2010]...One Western report claims that Wu Guohua was transferred out due to unauthorized cyber operations..

p.5 "...According to one U.S. study, Chinese analysts believe that the United States is already carrying out extensive CNE activities against Chinese servers. Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime. ..."

p.7 "...In addition to a liaison office in Shanghai, the Third Department manages a Hong Kong and Macao Liaison Bureau"

p.8 "The Second Bureau appears to function as the Third Department‘s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence."

p.9 [possibly covering Taiwan and South Asia is the Sixth Bureau] headquartered in Wuhan‘s Wuchang District.

p.15 [Paper's] Conclusion

"If information is power, then the GSD Third Department represents one of the most powerful bureaucracies in China today. Among its sources of strength is the country‘s largest pool of well trained linguists specialized in niche areas, such as banking and financial transactions, military activities, energy, and diplomatic exchanges.

The combination of SIGINT and CNE, for example, fusing transcripts of phone conversations with intercepted email exchanges, would enable a powerful understanding of plans, capabilities, and activities of an organization or individual in near real time. Key word and voice recognition technology and large data bases permit greater efficiency in collection directed against specific targets. Advanced computing facilitates breaking of all but the most sophisticated encryption and passwords. The linkage between CNO and PLA psychological warfare training units appears reasonable. Monitoring of communications, email accounts, websites, and internal networks could support sophisticated perception management operations."

p.16 "Beyond its traditional SIGINT mission, the Third Department serves as the national authority for CND and most likely CNE. "

p.17 "...If monitoring of the cybersphere and intrusion of foreign computer networks is an extension of SIGINT, then one could assume the Third Department prefers to operate surreptitiously. Alerting defenders of vulnerabilities within communications and computer networks seems to contradict a basic cryptologic principle. Third Department resources dedicated toward high performance computing – the best in China – and its large arsenal of competent linguists could constitute China‘s cryptologic A-Team.

One possibility is that a capable yet overt B Team operates independently at the MR or Military District level. However, given its oversight of the cybersphere in China, alongside domestic law enforcement, Third Department authorities, at a minimum, are likely aware of CNE activities directed against foreign targets from Chinese soil. Regardless, if the B Team in China has been the main source of cyber surveillance, one should wonder what a GSD Third Department A Team could achieve when operating in a clandestine fashion.


As a final note, the linkage between psychological warfare and CNO indicates a broader perspective than that adopted in the United States. Rather than a narrow technical concern over hostile computer network attacks, Chinese authorities may also seek to counter the introduction of ideas and concepts deemed harmful to the CCP‘s monopoly on state power. A priority of CNE operations may be identification of friends and foes in Washington [and in Australia?] through social network analysis.

Unsubstantiated rumors regarding the transfer of Third Department Director Wu Guohua for his inability to control CNE operations are interesting. If true, it appears that senior civilian leaders could have some understanding of the political damage caused by overt, hostile network penetration. The PRC government has legitimate information security concerns. However, aggressive and overt cyber surveillance directed against foreign targets does little to engender sympathy. The inability of the GSD Third Department to control intrusive cyber activities directed against foreign entities may indicate a profound weakness in the governance of China‘s sprawling cyber-infrastructure."
-

Pete