War with China: Phase I Cyber War

John Sydenham

Western governments, especially in Europe, have been criminally negligent in their handling of the Internet, Communications and Electronics Industry (ICE). This mess is so bad that in every area of the ICE there are huge problems. In this article I will focus on security and the potential for catastrophic failures. Although we may shrug at any one example we should begin to be concerned when there are so many.

When I look at the poor standards prevalent in communications and Internet equipment I am amazed that so few disasters are happening. Bad actors such as terrorists could collect vulnerabilities and mount large scale attacks. Perhaps the conjunction of programmers with a deep knowledge of machine code and terrorist leanings is rare. However, the cybercrime cartel “DragonForce” is making a fortune out of the vulnerabilities. It should not be beyond the wit of governments to use AIs to rapidly assess and certify computer and communications networks - AI program analysers are available that could help certify systems.

Poor standards can lead to mundane threats such as shutting down grocery chains or airports etc. These attacks cost millions of pounds and are seriously disruptive but are nothing compared to the truly serious threats that are out there.

The greatest threats are from enemy States, especially China. The Chinese State Security Laws make it mandatory for providers of digital communications to allow access to the security services. See China Cybersecurity: No Place to Hide. We all know that Chinese-made computers and mobiles may have built-in access but China has even extended this to two types of devices used in all solar farms: inverters and solar panels (Reuters). China is deadly serious about having a global system of digital control. China would probably not use this capability except on the eve of a conflict with the West.

Just think. Our governments know that China is routinely providing access to its security services in most electronic devices that can be connected to the Internet or the mobile network. Western governments do nothing to control this and have few operational plans to counteract it.

Most stupid of all, Western armaments companies use Chinese electronic components. A famous recent case is the F-35 fighter aircraft that uses Chinese electronics (Sky News). If there are processors from China in the high security, top of the range F-35 then expect every other missile, radar etc. to be infected. There is a distinct risk that if the West were to confront China the Chinese would simply turn off the Western weapons.

The poor governance of ICE reaches further than direct warfare. Western sanctions have really upset Russia, Iran and China. Their dearest dream is to remove the dollar from its status as global reserve currency. They may achieve this dream through the use of Quantum Computing. Once the encryption used on the Internet is broken by Quantum Computers it will be possible to mount an assault on Western banking. Any such assault would obviously be blamed on criminal gangs but if it can be done before the West has countermeasures in place (before 2035-2040) it will collapse public confidence both in Internet banking and in all of banking in the West.

China expects a quantum computing breakthrough in the next few years that will imperil banking and all other Internet communications. The answer to quantum decryption of classical internet security is to introduce ‘quantum encryption’. Quantum encryption will enable the Internet to be secure because it cannot be cracked by quantum computers. However, the cost of replacing the existing Internet will be enormous.

China is already implementing quantum encryption. Most of this protection would be carried by underground optical fibres but the technology will be shared: “China aims to launch a global quantum communication service by 2027, leveraging quantum satellites to secure transmissions among BRICS nations.” (Quantum Insider)

(Image: Quantum Insider)

Expect an attack on Western banking if it remains exposed.

The solution to our exposure to Chinese cyber attack is straightforward.

Firstly and most importantly cash must not be terminated. Without access to physical cash a collapse of banking would be completely catastrophic. Banks have a strategic role in ensuring the supply of cash and this should be a legal responsibility.

The West must repatriate silicon wafer and electronics production. The USA is already working on this with a $165 billion investment by Taiwan Semiconductor Manufacturing Company in US factories.

There must be an embargo on electronic devices from China.

We need to implement a National Firewall to protect the Internet. This would only allow access to the UK Internet through certified communication nodes so that foreign sources of communication are vetted and controlled. This would prevent any attacks from outside the UK. China already seals and protects its Internet using a National Firewall and quantum encryption.

Details

Poor Standards

Technical reviews of Internet connected devices locate tens of thousands of vulnerabilities (See Here, Here and Here for instance). Many of the vulnerabilities are simply due to poor quality control. For example several important communications devices in one study could be controlled in (SSH) terminal mode by using a user id of “guest” and a blank password!

China has been allowed to control access to almost all western electronic equipment. The banks have been encouraged to become Internet based so that the whole economy would crash if a malicious actor had access to communications equipment. AI based applications are being freely inserted into social media and search engines to mislead and ‘friend’ users. Applications now widely depend on GPS applications that can be ‘spoofed’ so that users may be misled or endangered. Quantum computers are being developed to decrypt all Internet communications, including those stored over the past 20 years.

Consider how this astonishing negligence might cause problems.

Suppose there were a conflict with China. Chinese made equipment occurs in almost all communications and electronic systems. These devices are mostly made in China and can be redesigned to incorporate ‘Hardware Trojans’. Hardware Trojans are electronic circuits inside computer chips that can provide access to an electronic device. A well designed Harware Trojan is much worse than a software virus because it is almost undetectable and cannot be removed. (See Hardware Trojans – Prevention, Detection, Countermeasures).

China will be able to provide a small demonstration of its power by, say, shutting down banking applications in Europe for an hour. The West will back off and allow China to have its way. China might also point out that it can disable all advanced, Western military aircraft and demand capitulation.

China already has ready access to UK domestic Internet systems through TikTok. AliBaba, Temu e-commerce app and We Chat/Weixin. Western users have actually been encouraged to use these systems. Most users will not have taken care to limit access to their home internet by these systems. If you are a nurse using TikTok and then logging on to your NHS system you might expose the whole NHS to China, the same applies to bankers, soldiers etc.

Preventing access to low earth orbit Internet satellites is relatively easy. Russia is already jamming (interfering with) transmissions from Starlink satellites (IEEE).

Quantum Computing

The HTTPS security protocol relies on finding prime numbers and Quantum computers will soon be able to do this very rapidly . In fact Quantum computing was initially funded to allow rapid decryption. The consequences of this are dire for Internet banking etc. Even if two factor security is used, the transfer of all phones to VoIP (Internet phones) in the UK makes them extremely vulnerable. AI systems can rapidly work out the VoIP providers and number identification being used and spoof the two factor identification. In a war the phones might be disabled.

The most likely early adopters of Quantum Computers for a cyber attack are states such as China, Russian and Iran. If less expensive Quantum Computers ‘on a chip’ become available then organised crime groups will launch attacks. China has designated the city of Hefei as the centre of Quantum Computing development.

The USA is well aware of the risks but the necessary changes to infrastructure and equipment to avoid risks are unlikely to be completed before 2035-40.

The UK is governed by a band of Internationalists who are detached from the world and probably would not care if China became a global hegemon.

Comments

[Jim McNeill🇬🇧SDP]

Valiant attempt, but you’re way outside your skills area here. I’m a recently retired cybersecurity analyst, so here’s my tuppence worth.

You’ve concentrated on hardware, at which China is the main threat. Chinese network kit has already been removed from government systems, and the low level chips involved in avionics have Western specifications and have been tested. It is unlikely they can even be shut down remotely.

Quantum computing is even further away than nuclear fusion, that is its unlikely to be realised any time in the next 20 years. If it gets closer, defences can be developed, meanwhile let the Chinese waste whatever resources on it they like, similar to us leaving US corporations to blow trillions trying to achieve Advanced General Intelligence using Large Language Models. Neither is happening.

Retaining cash - yes that’s a good idea. Also control every connection coming into the UK, although we don’t know to what extent that’s already happening. GCHQ is far better equipped than most people realise.

Last point, even the daft NHS is unlikely to allow nurses’ phones to join their networks.

The bigger cyber threats come from Russia and North Korea. This war has already started, and civilian onlookers have no idea how it is being waged.