The Taiwan Strait and Future Cyberwar

What follows is the unedited first chapter from Washington Post Best Seller: There Will Be Cyberwar, published in 2015.

REPORT ON SPECIAL INVESTIGATION INTO THE TAIWAN STRAITS CONFLICT

Presented to the Armed Services Sub-Committee May 12, 2018

SUMMARY

This report was commissioned by the Armed Services Committee On The Taiwan Straits Crisis. The bi-cameral Committee, with the support of both the House Permanent Select Committee on Intelligence and the Senate Committee on Armed Services requested an examination of the causes of the first military defeat in battle since Fire Support Base Ripcord in 1970 and the most serious failure since Pearl Harbor. It is not the intent of this investigation to assign blame to individuals as that inquiry is still under way among the service branches. Rather, it is the purpose of this investigation to discover the exact means that an adversary used to surprise the Navy, overwhelm command and control communications channels, negate or redirect missile flights, commandeer the navigation systems of carrier launched fighter jets and supporting tankers, introduce the fog of war, and mislead the Intelligence Services as to intent, to gain overwhelming advantage in battle and ultimately defeat the United States Armed Forces. The shift in regional balance represented by the re-unification of Taiwan with the PRC is one of the consequences of the loss.
This report is preliminary and delivered as-is in light of the serious findings that point to multiple deficiencies in the Department of Defense’s ability to field a fighting force against technically advanced adversaries. In addition, recommendations are made for an immediate halt to all weapons systems development until the means are determined to ensure that they can be deployed to full operational ability without experiencing the vulnerabilities that this investigation has discovered. There is also immediate need for a program to remediate already deployed communications systems, target acquisition technology, radar systems, flight hardware and software, and Intelligence, Surveillance, and Reconnaissance (ISR) platforms.

In the lead up to the visit to Washington, DC, by the new President of Taiwan, Chinese officials made it clear that this overture from Taiwan would be viewed as counterproductive to ongoing talks to resolve multiple issues in the region, including the tensions arising with Japan, Viet Nam, and Taiwan over Chinese commencement of extensive oil and gas development in the South China Sea. This development, which includes the first oil rigs delivering crude oil to the refinery built on an artificial island, only added to tensions that had been building since China began harvesting rare earth minerals from the waters West of Hawaii. The bellicose language used by the newly elected President of Taiwan during his campaign, the diplomatic overtures to Japan and the sale of advanced radar systems to Taipei were also contributing factors to the tense situation. Yet US intelligence failed to report on military maneuvers, or any other sign of intent on the part of China to engage militarily with the US. There is strong indication that the NSA and others had been misled over at least 15 years as to the Chinese purpose for its widespread hacking of defense industrial base networks and US military networks. While stealing designs of advanced military systems such as the Joint Strike Fighter and other weapons platforms was evident, it was not clear that the purpose was to discover weaknesses in those systems that the People’s Liberation Army could exploit in conflict. While the knowledge that source code and configuration data was stolen was recognized by the NSA and FBI, they never surmised anything beyond industrial espionage.

Since at least 2013, the Chinese PLA had enhanced their use of encryption and embarked on a secret mission to gain advantage over the US fighting forces. It now appears that the entire scenario was planned for years and that, when the time was right, it was executed. It is outside the scope of this report to address the intelligence failure beyond these findings and to recommend a separate investigation into the IC which has focused on data gathering and mining at the expense of long term discovery of adversary intent.

Because of the loud outcry from the Chinese Communist Party and expressions of discomfort from allies in Asia, namely Japan, and Korea, the President asked the Joint Chiefs for guidance. The Joint Chiefs recommended a show of force, which included moving the 7th Fleet into the Taiwan Straits, as well as mobilizing the 4th Fleet from San Diego where it had just returned from the joint US-Korea naval exercises. Diplomatic channels were used to warn China not to move missile barrages into place across the Straits, and apprised Chinese leaders that this was a show of force, not an imminent military incursion. China acknowledged this; however, through channels, added a warning that an incursion into its territorial waters for any reason would be viewed as an act of war.

The investigators who have assembled this report were most interested in how the 7th Fleet came to encroach on China’s territory although the mission plan explicitly called for that boundary to be given a wide berth.

While the inadvertent incursion into Chinese territory is viewed widely as the trigger of the event, this investigation has found that it started days before and that the incursion was manufactured by Chinese action. Every communication channel from the office of POTUS to the Joint Chiefs to Pacific Command was compromised. Not only could the PLA intercept and decrypt those channels, it could also inject misleading information. Work is still under way to determine the implications of the false weather reports that led the commander of the Fleet to understand that weather in the target zone would be clear when in fact it was overcast with limited visibility. Recorded data from most communications during the 72-hour period of the engagement is, of course, missing since it was erased by the infected payloads received.

It now appears that the incident in northern Wisconsin involving what was thought to be a rogue terrorist cell and the death of two DISA officers who were inspecting the ELF array was connected to the events of March. Key management for the US ballistic missile fleet is archaic. While Cold War era means of cycling through encryption keys manually and only periodically sufficed in an earlier period, they evidently should be updated. The attack and loss of the key storage unit that was in the possession of the two officers now appears to have been timed to give the attackers maximum benefit of the encryption keys before they were set to expire. That expiration date, only two days after the engagement, indicates that the PLA had orchestrated the entire set of events, perhaps even inciting the rhetoric around the Taiwan election.

It also now appears that some of the delays experienced by the prime contractor for the GPS III series of satellites was also orchestrated by the PLA. Multiple cyber incursions, which were attributed at the time to DPRK, against subcontractors of critical components set back final delivery by 18 months after two years of delays that can be accounted for by nominal issues with the defense procurement process. In addition the failure of the Delta IV launch vehicle at Vandenberg in January put that launcher on hold pending the accident investigation. In light of the findings in this report it is recommended that the inquiry be expanded to include foul play on the part of foreign agents.

Without the completion of the GPS III constellation the 7th fleet relied on current GPS. The PLA used their own satellites, which had been identified as new weather and earth resource platforms to send signals that were much stronger than the US GPS satellites. These signals are the primary measure the PLA used to set their plan in motion.

As the 7th fleet approached Taiwan it launched four F-35 Lightning fighters. These fighters failed to rendezvous with their tankers. It is evident that their GPS guidance was compromised and they received the wrong coordinates for the rendezvous. At the same time the tankers that had flown from Kunsan Air Base in South Korea were also misguided. The discrepancy between courses is estimated to have been 200 nautical miles. The tankers were able to re-establish correct GPS connections shortly after they left the engagement area. None of their communications reached the 7th Fleet. Low on fuel and headed back to the carrier group the F-35 squadron were intercepted by still unidentified fighter jets. The sole survivor of the trailing F-35 reports that the sophisticated enemy identification systems on board failed to trigger any alerts. Investigations are ongoing but it now appears that the mission data set uploaded to the onboard computers during the flight preparation procedure were corrupted. The entire US Reprogramming Lab at Elgin Air Force Base, Florida, is under investigation as the most likely source of the corrupted data sets.

The loss of communication with the fighters and tankers led the Fleet Commander to believe that he was engaged in an active battle situation and he took steps to arm the Aegis missile systems. Reports from survivors indicate there were no anomalies in the behavior of the Aegis system, all readouts were nominal.

The errant GPS signals were also the cause for the fleet being out of position by 160 nautical miles, putting them well inside the air defense identification zone (ADIZ), China had declared over the East China Sea in November 2013. The overcast skies prevented the normal navigational sightings that may have warned the officers of a problem with the GPS navigation system. Television broadcasts from an island north of Taiwan provided visual confirmation of the fleet being well within China territorial waters. It now appears that the fleet was expected and that the cameras had been positioned specifically to support China’s claims of legal authority to strike. Satcoms and imagery did not give warning and may have also been tampered with. The low ceiling and false weather reports contributed to the confusion as Fleet Command tried to regain situational awareness, as they were in a state of disarray trying to ascertain what had happened to the fighter squadron.

When the first Chinese J8 fighters flew a reconnaissance pass it was discovered that the targeting radar systems would not lock on to them. When the torpedo-armed bombers approached, the Commander ordered the launch of Aegis surface-to-air-missiles. These missiles also failed to obtain a lock in-flight and never corrected course. It now appears that the media reports, gathered from the survivors recounting what they had seen, were incorrect. The Chinese aircraft did not have a new stealth technology that made them invisible to radar, but in fact used electronic countermeasures that triggered a previously unknown bug in the radar control systems that caused them to disable the Aegis guidance system.

Coincident with the beginnings of hostilities the USS Minnesota (SSN-783) received an unauthorized command via ELF to surface immediately for further instructions. Its mission had been to cover the 7th Fleet and provide support should it be needed. It surfaced well within the radius of effects caused by the upper atmosphere EMP device detonated over the area. Those effects were the first indication that PACCOM had that a major military engagement was under way.

The loss of the USS Reagan aircraft carrier and the flanking destroyers was accomplished with Chinese air launched torpedoes. Witnesses from the tenders and other locally-based boats that eventually fled the area report that the carrier and destroyers did not take evasive maneuvers or launch any type of defense. Most of the surface fleet reported loss of radar, ship-to-shore comms, and that onboard systems crashed and were re-booting even as the torpedoes struck. The EMP blast finished what the onboard failures had started, the complete disarming of the 7th Fleet.

There is still no evidence that China launched the nuclear EMP device from the land or sea. It is now apparent that one and possible more of China’s satellites were armed with nuclear warheads capable of being launched with precision and guided to an exact upper atmosphere location for detonation. The committee views this capability as destabilizing and counter measures should be developed while ongoing diplomatic pressure brought to bear to stop the militarization of space.

In less than 45 minutes since the fighter squadron launched within China territorial waters, the 7th fleet was disabled, and the USS Minnesota was rendered inoperable, which apparently was calculated on the part of China to ensure that no deterrent force was left to interfere with the Chinese ultimate goal: the re- unification of Taiwan. That process was facilitated by the complete power and communication grid failure across Taiwan, leaving them in a state of turmoil as China immediately gained control of the air and sea domain around Taiwan. Once it was evident to Chinese leaders that the 7th Fleet was effectively destroyed the Taiwanese President had no option but to surrender. His fate, upon returning to Taipei, as well as that of his cabinet, are still unknown.

The capitulation of Taiwan and subsequent reunification marks the greatest setback for the United States in the region since the loss of South Viet Nam. The economic impact could be much greater because the future of trade with Taiwan, let alone China, is in doubt. The repercussions throughout the Pacific Rim will be long lasting. The peaceful overtures to China from Japan, Korea, and even Australia’s new labor government marks the end of the Obama initiated pivot to Asia.

The committee convened to investigate this military defeat can point to several underlying causes.

1. The most important factor was the misreading of China’s intentions. The West in general and the US in particular had moved ahead with economic development and normalization with the Communist-led state based on incorrect assumptions about the inevitability of advanced nations moving towards liberal democracy. Despite many researchers and China experts’ warnings about China’s long-term, even 100 year goals, warnings were dismissed. From the perspective of a liberal democracy where long-term planning rarely surpasses the next election cycle, execution of a strategy over more than 20 years is hard to comprehend. Yet, that strategy was well documented in Chinese academic and military writings, especially the use of cyber attack to gain asymmetric advantage in battle.

2. The DoD, while investing heavily in network defenses and its own cyber attack capabilities, led by the 2010 formation of US Cyber Command, completely overlooked the vulnerability of its own platforms for communication, precision targeting, guidance and navigation, and ISR.

3. The NSA had used network intrusions against the Defense Industrial Base to further its own buildup of cyber capacity but never reported all of its findings to Congress. In particular, the concerted effort of PLA cyber teams to find and exfiltrate the source code and technical configurations of radar, sensing platforms, targeting platforms, and encryption key distribution methods was omitted from reports. This targeting, if properly reported, would have been the first indicator of China’s intentions for future war fighting.

4. The billions of dollars invested in cyber defense since 2008 were primarily applied to operational networking and email systems. No thought was given to hardening weapons platforms against cyber attacks.

The investigation committee recommends:

1. All weapons development programs be halted immediately and a software and vulnerability review be instituted across all logistics, re-supply, aircraft, ships, and combat gear that has the ability to network or receive instructions via any electromagnetic means.
2. A supply chain review should be made of all components. A process should be implemented to detect tampering and installation of back doors, particularly those manufactured in China. Logistics controls should be developed and applied to protect any critical gear from interdiction.

2. Every device and piece of communications gear that encrypts data should be re-keyed immediately.

3. A key distribution and management system that is not highly centralized must be developed and deployed as soon as possible.

4. Strong means of authenticating GPS signals must be developed and deployed as soon as possible.

5. The placement of nuclear devices in orbit by China is being taken to the UN Security Council. In the meantime effective means of anti-satellite defenses must be developed to prevent a future occurrence of space delivered nuclear weapons with guided, hypersonic re-entry vehicles.

6. The DoD should undergo a top down review of its command structure, procurement processes, and ability to project force in the face of a new reality.