China's Military Cyber Operations: Has the Strategic Support Force Come of Age?

China's military cyber operations have showcased a noticeable strategic shift in the recent years. The Strategic Support Force (SSF) – the joint information warfare (IW) command of the People's Liberation Army (PLA) – is gradually finding its ground. Established in 2015 during the massive reorganisation of the PLA undertaken by Xi Jinping himself, the SSF does not often get as much of the limelight as its more aggressive foreign intelligence counterpart the Ministry of State Security (MSS).

However, with the prepositioning operations discovered in the Indian power grid during the height of the 2017 Indo-China border standoff and the unprecedented targeting of the Western critical infrastructure by Volt Typhoon disclosed in 2023, China's military cyber operations have started showcasing distinct strategic qualities and constraints. This presentation will assess the role of the SSF in shaping the balance of power in the Indo-Pacific. It will elaborate why, despite the lofty mandate of the SSF, its command-and-control (C2) remains diffused and politicised.

The SSF's emergence as a joint warfare command is subject to its integration with the five geographical Theatre Commands. By analysing the known threat activity clusters associated with the Theatre Commands and their diverging capabilities, it can be ascertained that the reorganisation of the older Military Regions into Theatre Commands and their integration with the SSF remain a work in progress. On one hand, the SSF is still affected by the inertial pre-reorganisation bureaucracies, with the Theatre Commanders retaining the vestigial power hampering integration; on the other, the absorption and doctrinal harmonisation of 3PLA, 4PLA and Base 311 within the SSF has some way to go.

The most interesting case study in this regard is the use of ShadowPad in the threat activity clusters where espionage, crime and strategic military cyber operations overlap. The Theatre Commands rely on the Technical Reconnaissance Bases, or TRB – the new avatars of the erstwhile and notorious Technical Reconnaissance Bureaus – for offensive tooling and operations. The availability of ShadowPad's advanced plugins in different TRBs of Theatre Commands remains varied. It hints at the influence which a powerful group of contractors, who also moonlight as criminals, might be carrying at a politico-strategic level where the military's C2 interacts with the Central Military Commission (CMC) controlled by Xi. All strategic military cyber operations are meant to be authorised by the CMC and blessed by Xi. However, if the threat activity clusters are denoting an overlap not just in tooling but also in infrastructure, then it hints at an unprecedented full or partial outsourcing of even strategic military cyber operations to a team of contractors. Where does that leave the SSF with its grand ambitions? There are many layers to this puzzle which need to be peeled away to understand how China will use cyber operations during a conflict and the strategic weaknesses in its C2.

This presentation is an expansion of the article which the presenter wrote for the Australian Strategic Policy Institute. It was well received by the Australian defence and intelligence community.

The views expressed in this presentation are personal and not of Pukhraj's employer

By:
Pukhraj Singh | Director, Centre for Epistemic Security

Full Abstract & Presentation Materials: