Cyberspies and Cyberspace: What the ‘Google China’ Affair Reveals About Media And

Home , Cyber ShockWave, Outline of Google

Cyberspies and Cyberspace: What the ‘Google China’ Affair Reveals About Media and

Intelligence Networks in New Media Environments

Tim Stevens, King’s College London (unpublished essay, 2010)

In January 2010, the world’s largest and most visible media company, Google, declared that it was the victim of a concerted campaign of ‘cyber attacks’ on its computer and information networks, which became known as ‘Operation Aurora’. Without openly blaming Beijing for these events, Google made it clear they believed Chinese security organisations or their proxies to be responsible for what they perceived as acts of ‘cyberespionage’, which also targeted pro- democracy human rights activists using their online services. Google threatened to withdraw from the Chinese market, or at least to end the self-censorship of its web search results, unless

Beijing addressed these issues of surveillance and intelligence-gathering. The ‘showdown’ between Google and China was an important news story in its own right, and brought to the fore possible Chinese intervention in other states’ computer networks. It also exemplified deeper concerns about the vulnerability of the US in particular to cyberespionage and other forms of computer network operations.

This paper contends that the ‘Google China’ affair is an interesting case study of how intelligence relates to the ‘new media’ environment of cyberspace. The news story itself was utilised to further political and security agendas in the West, a process which involved both media actors and intelligence services. The first section provides a brief outline of Google’s announcement and media responses to it. There follows a description of how institutional discourse in the preceding year helped foster a media environment receptive to a story involving a global media company and foreign intelligence agencies acting against the West and its commercial and security interests. Consideration is given to the sources used by Western media, many of whom

were close to intelligence agencies, and to the known or suspected activities of Chinese intelligence and allied actors. The final section suggests how the events and activities described relate to theories of global networks, and concludes that the relationships between media and intelligence are both overt and obscure.

On 12 January 2010, David Drummond, Google’s Senior Vice President for Corporate

Development and the US company’s Chief Legal Officer, issued a 765-word statement on The

Official Google Blog, which provides ‘insights from Googlers into our products, technology, and the Google culture.’1 In ‘A New Approach to China’, Drummond articulated Google’s decision to ‘review our business operations in China’ as a result of alleged breaches of Google’s computer systems, and of Gmail accounts used by human rights activists and advocates in China, the US and Europe.2 Taking the unusual step―for a large information technology company―of publicly admitting a serious cybersecurity problem, Drummond announced that Google were no longer willing to censor the results returned by its Chinese internet search service, Google.cn,3 as required by the terms of the operating agreement allowing it to launch its Chinese product in

January 2006.4 Although Drummond did not explicitly place responsibility for the ‘attacks’ on

Beijing, the tenor of the statement left few people under any allusions that the Chinese authorities were the focus of Google’s comments, and the cause of the reversal of their self- censorship policy.5

Despite the occurrence of a large earthquake in Haiti the same day, Google’s announcement also became major global news. The proximate reasons for this are not hard to fathom. By traditional

1 http://googleblog.blogspot.com/, accessed 25 February 2010. 2 Drummond (2010) 3 http://www.google.cn/, accessed 5 February 2010. 4 See: Schrage (2006) 5 Subsequent forensic analysis suggested that the Aurora attacks could be traced to two Chinese educational establishments, one associated with the People’s Liberation Army (Markoff & Barboza 2010) 2

criteria, ‘Google China’―as the slug lines would have it―was certainly newsworthy, possessing as it did elements of recency, superlativeness, relevance, and other ‘news values’.6 Negativity and consonance were also two major factors. Although Google is not a news organisation in the traditional sense, in the contemporary global media environment it is the biggest portal to, and disseminator of, news to the internet-using population.7 In part, this status was reflected in the censorship conditions agreed for its operations in China, such was the influence Beijing evidently felt such a media company could exert. News that China might be engaged in espionage against the US could not fail to be headline news either.

Initial coverage of Google’s announcement focused on the two main protagonists in the story,

Google and the Chinese government. The rhetorical hook for many of these stories was

Google’s corporate motto, ‘Don’t Be Evil’. Coined by Google engineer Paul Buchheit in 2001, the phrase was adopted by Google as a ‘core value’, expressing a corporate ethic of honest decision-making, respect for the rule of law, and, as its ‘Code of Conduct’ explains, ‘providing our users unbiased access to information’.8 The decision to enter the Chinese market in 2006 had tested the limits of this concept at the time,9 and an apparent reversal of the policy on which

Google’s Chinese operations depended gave cause for wide reconsiderations of Google’s corporate ethos. Even within one particular media outlet, The Guardian (UK), commentary tentatively supported Google’s courage in standing up to China,10 or expressed scepticism at the decision based on Google’s lack of previous ethical consistency with respect to Chinese

6 Galtung & Ruge (1965), Bell (1991), pp.156-160. 7 In 2005, Google surpassed Time Warner as the world’s largest media company by market value (BBC 2005) 8 http://investor.google.com/conduct.html, accessed 5 February 2010. On the origin of the slogan, see Battelle (2005), p.138. 9 e.g. Thompson (2006). As early as 2003, the ‘Don’t Be Evil’ ethos had been challenged by commercial imperatives (see McHugh 2003). This debate continues (e.g. Warman 2010). 10 Goldkorn (2010) 3

censorship.11 Concerns were also expressed as to what situation Google’s potential withdrawal/expulsion would bequeath Chinese internet users, including human rights activists.12

Evgeny Morozov of Georgetown University, and contributing editor of Foreign Policy magazine, opined that Google.cn was ‘sacrificed’ in a bid for positive media coverage, particularly in

Europe where Google’s activities have been the subject of privacy worries.13 Morozov reasoned that Google’s appeals to security concerns masked this aspect of their corporate tactics, adding:

All the talk about cybersecurity breaches seems epiphenomenal to this plan ... Besides,

there is no better candy for US media and politicians than the threat of an all-out cyber-

Armageddon initiated by Chinese hackers. I can assure everyone that at least half of all

discussions that Google’s move would spur would be about the need to make America

secure from cyberattacks.14

Written less than a day after Google’s announcement, Morozov’s words were prescient, and the media discourse that followed focused more on America’s vulnerability to Chinese state activities than on Google. Although, as previously noted, there were worries that the withdrawal of

Google would leave Chinese ‘netizens’ bereft of unfiltered information sources, thereby bolstering China’s internal surveillance activities and social engineering policies, Western media attention fastened on the threat China posed externally. Chinese cyberespionage was central to media reportage and commentary, and this narrative became explicitly political in the weeks that followed. It was also consistent with existing discourse about cyberwar, the vulnerability of

11 Stevens (2010a) 12 Qiang (2010) 13 Morozov (2010) 14 Ibid. 4

Western nations to cyber attacks, and the relative inaction of policymakers to combat these threats.

The ‘Google China’ affair must be contextualised within discursive developments throughout

2009, in which broadcast media played a critical role in the US and elsewhere, principally in the

UK.15 In January, the assistant director of the Federal Bureau of Investigation’s Cyber Division claimed that cyber attacks were second only to a weapon of mass destruction or a bomb in a major American city in terms of active national security threats.16 In the middle of the year, both the US and UK published national cyber security strategies which officially elevated cybersecurity to the top of national security strategies, after only terrorism and the wars already underway in

Iraq and Afghanistan.17 Launching the US Cyberspace Policy Review in May, President Barack

Obama stated that ‘this cyber threat is one of the most serious economic and national security challenges that we face as a nation’.18 By means of affirming this through organisational means, the Review called for the appointment of an Executive Branch Cybersecurity Coordinator reporting to the deputy national security advisor within the White House. This proved a difficult post to fill, and six months of Beltway wrangling and media speculation over who would become the new ‘cyber czar’ ended just before Christmas with the appointment of Howard Schmidt, an advisor to the George W. Bush administration and an information technology industry executive.19

15 Of course, ‘information warfare’ discourse has much deeper roots and a long history prior to 2009, e.g. Virilio (2000), Bendrath (2003), Curtis (2006), ch.7. 16 AFP (2009) 17 Cyberspace Policy Review (2009), Cyber Security Strategy of the United Kingdom (2009) 18 Obama (2009) 19 Phillips (2009) 5

In a CBS Sixty Minutes special in November 2009, Congressman James Langevin described the

US cybersecurity situation as the nation’s ‘pre-9/11 moment’,20 a comment he later explained:

‘Much like in the months leading up to September 11, 2001, we know the threat exists and have an opportunity to address it before real damage occurs. Now is the time to secure our networks.’21 James Lewis of the Center for Strategic and International Studies (CSIS) claimed in the CBS documentary that the US had already experienced its ‘espionage Pearl Harbor’ in 2007, when an ‘unknown foreign power’ compromised the computer systems of the Department of

Defense and Department of State, amongst others, and ‘downloaded terabytes of information’.22

Such emotive appeals to archetypical American historical events are predicated on flawed analogical reasoning but exemplify common and significant components of American public cybersecurity discourse leading up to the Google affair.23

In Britain, Security Minister Lord West warned, at the launch of the UK’s own Cyber Security

Strategy (CSS), that terrorists were developing cyber attack capabilities, and that China and Russia were already capable of operationalising theirs.24 The UK established an Office of Cyber Security

(OCS) within the Cabinet Office, responsible for co-ordinating strategic cybersecurity delivery across government.25 It also set up a Cyber Security Operations Centre (CSOC) hosted by

GCHQ at Cheltenham to coordinate the protection of critical information technology systems and the supply of real-time intelligence on cyber threats to industry and security agencies.26

Ahead of the Defence Green Paper and a promised post-election Strategic Defence Review,

Whitehall and the military engaged in extensive consultations throughout the second half of 2009

20 CBS (2009) 21 Nesi (2009) 22 Although Lewis claimed not to know the source of the attacks, others did explicitly blame China (e.g. McGregor & Sevastopulo 2007, Sevastopulo 2007) 23 Lewis later effectively disowned his use of this historical analogy (NPR 2010). See also: Fallows (2010) 24 Corera (2009) 25 http://www.cabinetoffice.gov.uk/reports/cyber_security.aspx, accessed 5 February 2010. 26 GCHQ (2009), Williams (2010) 6

and beyond, in order to determine where resources should be allocated and military cyber capabilities developed in support of national interests.27 The multi-sector approach called for in the CSS was well under way by the end of 2009, with UK government actively liaising with industry, academia, civil society and law enforcement, as well as the aforementioned military and security services.28 With a general election imminent, the opposition Conservative party was also making cybersecurity an integral component of its national security plans.29

Throughout 2009, events were reported that served to underline political imperatives to ‘do something’ about cybersecurity, and which helped to drive the discursive trajectory unfolding in media spaces. More specifically, ‘hacking’ allied to political activism was increasingly portrayed in terms of national security, rather than information or computer security.30 For example, only a few days before the appointment of Schmidt to the White House, there was an extraordinary media storm around the disruption of micro-blogging site Twitter by an entity purporting to be the ‘Iranian Cyber Army’. Although the identity of this individual or group remains unknown, it was portrayed as a pro-Iranian (perhaps even state-sponsored) ‘revenge’ attack on Twitter for its functional role in the opposition protests during the Iranian elections in summer 2009.31 The same group is alleged to have subverted China’s leading search engine Baidu a month later.32 In the absence of any substantive evidence, mainstream media reports allowed for few possibilities that the attacks (which were not even technically ‘hacking’) were not traceable somehow to the

Iranian regime. Earlier in the year, a widespread denial-of-service attack on Twitter and social networking site Facebook was thought to be the result of a targeted campaign against a single

27 Author’s observations, August 2009-present. The Defence Green Paper was published on 3 February 2010 (MoD 2010a; see also MoD 2010b, c, for defence attitudes to cyberspace) 28 West (2009) 29 A Resilient Nation (2010) 30 This is often referred to as ‘hacktivism’. See: Denning (2001), Jordan & Taylor (2004), Meikle (2009) 31 e.g. Channel 4 (2009). See also: Morozov (2009) 32 BBC (2010) 7

pro-Georgian blogger.33 Dozens of other such events became news also. In one particularly egregious example, ten days before the ‘Google China’ story broke, the Daily Telegraph ran a story in its online section headed, ‘China Will Soon Have the Power to Switch Off the Lights in the

West’.34 ‘Soon’ in this context was four decades hence, in 2050, but articles like this served only to exacerbate perceptions that the UK was but moments away from catastrophe.

The attacks on Google (dubbed ‘Operation Aurora’) were referred to by security vendor McAfee as a ‘watershed moment in cybersecurity’ due to their sophistication and breadth.35 More accurately, they were a watershed moment for cybersecurity in terms of public exposure and debate about what political steps were required to combat threats of Chinese cyberespionage and other cyber threats. For example, US Director of National Intelligence Dennis Blair called the events a ‘wake-up call’ about the vulnerability of critical computer networks.36 The timing of

Google’s announcement was serendipitous at best, coming as it did a week after a meeting between Google executives and Secretary of State Hillary Clinton, and a week before a speech by

Clinton on internet freedom.37 It is hard to escape the impression of mild complicity between

Google and the US government as to the timing of the announcement. Whether by accident or design, by the end of 2009 public, commercial and political sensitivities to ‘cyber’ were substantially heightened relative to the beginning of the year. This was more the case in the US than elsewhere but by the time the Google story broke on 12 January, Western media providers and consumers were primed, so to speak, to recognise, relate and respond to a big story involving ‘cyber’.38 ‘Google China’ satisfied this latent demand, and exposed publics to details of

33 BBC (2009a) 34 Coughlin (2010) 35 Wauters (2010) 36 AFP (2010) 37 Clinton (2010), Fenby (2010) 38 See Castells (2009), pp.155-165, on ‘agenda-setting, priming, and framing’, in the relationship between media and people. 8

Chinese cyberespionage of which previously they were mostly unaware. It also allows us some opportunity to discuss the relationships between media and intelligence networks.

In its original statement, Google announced that ‘[i]n mid-December [2009], we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.’39 It went on to explain that although these were worrying incidents, its decision to publicise them was due to other factors, such as the desire to promote ‘freedom of speech’.40 Google claimed that at least 20 other large businesses were targeted in the attack, and reported that it was liaising with these companies, and with the ‘relevant US authorities’.41 In a subsequent section informing readers that it had improved its security systems, it suggested that interested parties should click through to a webpage containing generic security recommendations stemming from discussions held during the US National Cyber Security Awareness Month in October 2009.42 The sentence immediately following suggested that anyone interested in learning more about similar attacks could click through to a further four links. Revealingly, anyone following the links would be transferred from a short list of generic internet security measures to one of three reports explicitly about

Chinese cyberespionage,43 or to the personal blog of a respected analyst of internet censorship practices, and author of one of the reports mentioned, Nart Villeneuve.44 These documents had been the subject of some media scrutiny on their own releases in late 2009 and they were to provide information for many subsequent news reports.

39 Drummond (2010) 40 Ibid. 41 This number has since risen to at least 34 (Zetter 2010). Other researchers estimate over 100 (Womack & Nicholas 2010) 42 Davis (2009) 43 InfoWar Monitor (2009), Krekel (2009), Report to Congress of the US-China Economic and Security Review Commission (2009) 44 http://www.nartv.org/, accessed 5 February 2010. 9

Villeneuve responded rapidly on his blog that ‘I think Google linked to my blog and the

GhostNet report because of similarities in methods, not because the two cases are linked.’45 This assessment is probably technically correct but the hyperlinking of an innocuous discussion of basic security protocols to specific reports on Chinese cyberespionage was no coincidence within the context of a document accusing Chinese actors of conducting cyberespionage against

Western assets. Villeneuve was the co-author of a report by the Information Warfare Monitor partnership which tracked and analysed the GhostNet cyberespionage network that compromised and potentially extracted data from 1300 computers in 103 countries between June

2008 and March 2009.46 Targets included embassies, news organisations and non-governmental organisations (NGOs), particularly those associated with Tibetan nationalists. The study concluded that although they could not definitively trace the perpetrators, the investigations consistently led to a server on the island of Hainan, China. The report resisted attributing blame to Beijing, and noted that it could also not evaluate the political or economic impact of data exfiltrated by the GhostNet system. The Chinese government dismissed the research as part of the Dalai Lama’s ‘media and propaganda campaign’.47

The two other reports to which Google linked were only slightly less cautious in attributing blame to China. The first was a report to Congress by the US-China Economic and Security

Review Commission, within which Google had directed readers to a section entitled, ‘China’s

Cyber Activities that Target the United States, and the Resulting Impacts on US National

Security’.48 Citing ‘a large body of circumstantial and forensic evidence’, it concluded that the US should develop measures for deterring ‘malicious Chinese cyber activity directed at critical US

45 Villeneuve (2010) 46 InfoWar Monitor (2009) 47 Moore (2009) 48 Report to Congress (2009), pp.167-181. 10

infrastructure and US government information systems’.49 A spokesman for the Chinese embassy in Washington, DC, described the Commission’s conclusions on cyberespionage as ‘baseless, unwarranted and irresponsible’, and other elements of the report as ‘Cold War fantasy’.50 The report relied in part on written evidence submitted in the form of the second report cited by

Google, which was prepared by Northrop Grumman, a major American defence and aerospace contractor.51 This explored in some detail China’s information warfare strategy and alleged cyberespionage activities, and additionally included an analytical case study of a Chinese penetration and data exfiltration operation against the computer systems of an unnamed

American firm.52

Although these three reports were the most commonly cited in the media subsequent to the

Google affair, there is a deeper body of research on which media and institutional narratives drew. Even by the most cautious assessments, China does engage in cyberespionage for the purposes of commerce and security, although it is far from unique in doing so.53 In the last decade, China’s national security strategy has been predicated on a less introverted perspective on international relations than throughout most of its history. China remains focused on both internal disorder (nei luan) and external threat (wai huan), but it has had to re-evaluate its security responses due to the tensions of globalisation and political liberalisation, as well as the inherent

‘brittleness of centralized Leninist rule’.54 Internal stability (anquan) remains China’s principal strategic imperative, and external threats are interpreted within the framework of their effects on domestic order.55 Traditionally, China has not attempted to project its national power too far

49 Ibid., p.183. 50 BBC (2009b) 51 Krekel (2009) 52 Ibid., pp.59-66. 53 IISS (2007), Stevens (2010b). Researchers have stated that the Aurora attacks were ‘run of the mill’ (Shiels 2010). See also: Hvistendahl (2010) 54 Terrill (2003), p.25. 55 Shambaugh (2004), p.285. 11

beyond its borders and immediate neighbours―principally, Taiwan―but in recent years has begun to engage with the broader regional theatre, particularly to prevent potential adversaries’ logistical preparations in Asia and the Pacific, and through deeper engagement with multilateral political structures and organisations.56 Given the Chinese concept of national unity, it is therefore no surprise that Chinese military strategy and national strategy are closely engaged.

Central to its current strategic posture is an ideological shift from the Maoist tenet of ‘accepting the first blow’ (houfa zhiren) to one of ‘gaining the initiative by striking first’ (xianfa zhiren).57 This applies as much to commerce as it does to its political-military posture. On 10 January 2010,

President Hu Jintao declared that state and private companies should ‘attain breakthroughs in core technologies’ in the information sector in order to offset the US’ technological advantage, the same principle at the heart of the 5-year plan (2011-2015) currently being drafted by the

People’s Liberation Army (PLA) and central government.58 This is a continuation of longstanding resource-sharing between the PLA, Ministry of Public Security, and civilian companies since the 1980s,59 and a central tenet of China’s operational theory (doctrine) of ‘local war under hi-tech conditions’.60

In December 2007, the Director-General of the British Security Service (MI5) informed 300 major UK companies that they were at risk of ‘electronic espionage attack’ from ‘Chinese state organisations’.61 Only a month earlier, US Congress had been told that China was the ‘single greatest risk to the security of American technologies’.62 The inference has long been that China is bootstrapping its own technological advancement through the theft of patent data and source

56 See: Dittmer (2007) 57 Walton (2010), p.50. 58 Lam (2010) 59 See: Hachigian (2001) 60 Li (1999), Barrett (2005), Anand (2006) 61 Blakely et al (2007) 62 Report to Congress (2007), p.106. 12

code, and is therefore parasitic on foreign innovation and investment. Interestingly, MI5 once again became a media source in the aftermath of the Google affair, with the leak of a document accusing China of luring UK businessmen into ‘honeytraps’ and of ‘bugging and burgling’ their premises.63 This would seem to be a case of what Hastedt calls ‘promotional intelligence’, in which secret intelligence is deliberately leaked in the knowledge that it will be largely uncontested.64 On this occasion, the Chinese embassy in London did indeed decline to comment.65

Two weeks later, the US Department of Defense’s Cyber Crime Center revealed to Forbes magazine the extent of cyberespionage it had uncovered over a two-year period, during which 71

‘government agencies, contractors, universities and think tanks with connections to the US military had been penetrated by foreign hackers’.66 Although this article did not explicitly name

China―perhaps mindful of the delicate diplomatic situation already precipitated by the Google affair―the same journalist had three years previously reported that the Defense Department held

China responsible for at least some of an earlier suite of espionage activities and, on the anniversary of 9/11, portrayed US corporations as the ‘silent victims’ of Chinese skulduggery.67

The 2007 article relied heavily on comments by Alan Paller, director of the SANS Institute, a cybersecurity contractor in Maryland, whom one intrepid blogger calculated was the source of more cybersecurity quotes in the media than any other organisation or individual in the twelve months to the end of January 2010.68

63 Leppard (2010) 64 Hastedt (2005), p.421. 65 Leppard (2010) 66 Greenberg (2010) 67 Greenberg (2007) 68 Smith (2010) 13

Other frequent sources around this time were Mike McConnell of Booz Allen Hamilton and previously Director of National Intelligence, and the aforementioned James Lewis, once of the

US Foreign Service and Senior Executive Service. At the end of February 2010, McConnell wrote an op-ed in The Washington Post that was so hawkish it became the subject of reports by major online media outlets, which drew attention to his employment history and accused him of

‘cyberwar hype intended to destroy the open internet’.69 McConnell’s exaggerations and agenda- setting scare tactics went completely unchallenged in the mainstream media. A series of other ex- and current senior security officials at this time explicitly stated that the US and its allies were in a state of global cyberwar, with little consideration of whether this was de facto or de jure, let alone if it were true.70 Tellingly, one of the few dissenting voices was the Cybersecurity Coordinator

Howard Schmidt, who described the declaration of cyberwar as “a terrible metaphor” and “a terrible concept”.71 The UK Office of Cyber Security also indicated that its disquiet over the use of such language in ‘reactionary press reports’.72

The full story of the relationships between media and intelligence sources and practices in the

‘Google China’ case has of course yet to be told.73 So too, the exact natures of both Chinese and

Western cyberespionage, which remain obscured due to security concerns and the political vagaries of intelligence and counter-intelligence claims by all parties. However, the close association between media and intelligence is evident from this short review, and might be said to corroborate some of the findings of James Der Derian’s theorisation of what he terms the military-industrial-media-entertainment network (MIME-NET). Although there is a long history

69 McConnell (2010), Singel (2010a), Stanley (2010) 70 Evans & Whittell (2010), Loyd (2010), Nakashima (2010c) 71 Singel (2010b), Stevens (2010c) 72 Ballard (2010) 73 At the time of writing, Google’s position in the Chinese market was similarly unresolved, with sources claiming that Google was ’99.9% certain’ to close the Chinese version of its search engine (Waters & Hille 2010) 14

of collaborative development of technologies between state and civilian entities, Der Derian suggests that the MIME-NET is different:

What is qualitatively new is the power of MIME-NET to seamlessly merge the

production, representation, and execution of war. The result is not merely the copy of a

copy, or the creation of something new: It represents a convergence of the means by

which we distinguish the original and the new, the real from the reproduced.74

In this mediated environment, ‘new wars are fought in the same manner as they are represented, by military simulations and public dissimulations, by real-time surveillance and TV live-feeds.

Virtuality collapses distance, between here and there, near and far, fact and fiction.’75 In an earlier work, Der Derian defined intelligence as ‘the continuation of war by the clandestine interference of one power into the affairs of another power’,76 and this concept runs throughout his take on

Western warfare and its reliance on information technologies.77 Although the Google affair began with accusations of cyberespionage―the gathering of intelligence via the tools and networks of cyberspace―it rapidly became subsumed into a broader narrative of ‘cyberwar’ as a

‘real and present danger’ to the United States and the West. Both the media and those sources it consulted were content to foster the impression that China is the principal threat in this domain.

There is perhaps no better illustration of how media and intelligence acted together after the

‘Google China’ affair than in the ‘Cyber ShockWave’ exercise run on 18 February 2010.78 This war game simulated a cyber attack scenario on the United States by unknown foreign actors, in which the players were drawn from former White House, Cabinet and national security

74 Der Derian (2009), p.xxxvi. 75 Der Derian (2009), p.xxxiv. On the influence of (science) fiction on military planning, see Carr (2010) 76 Der Derian (1993), p.31. 77 See also: Cullather (2003) 78 http://www.bipartisanpolicy.org/events/cyber2010, accessed 18 February 2010. 15

officials.79 The exercise emphatically concluded that the US was insufficiently prepared for cyber attacks and that more administrative powers were required to control national communications networks in times of emergency.80 Although there are valid concerns about cyber attacks and national resilience, this exercise would have been largely redundant if held in private, as the results of the exercise were predictable. However, an edited version was screened by CNN on 20

February as part of its occasional ‘We Were Warned’ series, hosted by Wolf Blitzer.81 It was clearly a public relations exercise intended to elevate public concerns as a means to jolt policymakers into action. One participant commented that people would be ‘scared by the simulation but “that’s a good thing”. Only then, he said, would Congress act.’82

Although it was a political exercise, Cyber ShockWave was designed and executed by

‘securocrats’, rather than by one political party or the other. Hosted by the Bipartisan Policy

Center in Washington, DC, the cross-party collaboration suggests, in accordance with Der

Derian’s MIME-NET, that military, industrial and media entities are important political actors in shaping security agendas, and are all producers and consumers of intelligence. This is perhaps an uncontroversial assertion but as Der Derian’s thesis suggests, the boundaries between fact and fiction are far more difficult to discern when these entities act in concert to promote a particular political argument through the use of globalised media technologies. Concerns about liaisons between the media and intelligence services were deepened at the beginning of February 2010 by news that Google had entered into an information-sharing partnership with the US National

Security Agency in order to investigate cyber attacks such as Operation Aurora.83 Manuel Castells has shown how, in a global network society, the concentration of power in the hands of those

79 http://www.bipartisanpolicy.org/http%3A/%252Fbipartisanpolicy.org/events/cyber2010/participants, accessed 18 February 2010. 80 Nakashima (2010b) 81 CNN (2010) 82 Nakashima (2010b) 83 Nakashima (2010a) 16

who might control both media and political agendas (in his analysis, Silvio Berlusconi serves as an example) is hazardous to the ‘dynamism and initiative of [the network society’s] multiple sources of social structuration and social change’.84 In the current scenario, we might speculate as to the effects of mediated exercises like Cyber ShockWave on the discursive possibilities available to those excluded from decision-making in these media, intelligence and political networks.

The ubiquity of ‘new media’ has additionally complicated information production and consumption patterns. As various authors have noted, ‘new media’ have not sprung fully formed within the context of internet development, and should be understood as iterations of media as communicative forms developing over many centuries.85 Similarly, Bolter and Grusin argue that there cannot be ‘new’ media, only ‘remediations’ of older ones.86 This had led some to prefer terms such as ‘now media’, ‘digital media’, and other linguistic formulations that avoid the normative and deterministic assumptions of ‘newness’.87 Nevertheless, the category is useful as a commonly-understood term, and in the current discussion ‘new media’ generally connote interactive, ‘virtual’, ‘user-generated’ and hypertextual media exchanged by digital electronic means as part of what Castells terms an environment of mass self-communication.88 As is evident from this paper alone, the journalistic sources cited are a mixture of traditional paper- based content and digital content: so-called ‘mainstream media’ use web platforms as delivery mechanisms, and web users extract, remix and repurpose traditional media output for their own ends. The blurring of traditional boundaries has contributed to a confusion of sociological

84 Castells (2009), p.47. 85 Mattelart (2000), Manovich (2001) 86 Bolter & Grusin (1999) 87 e.g. Armstrong (2009) 88 Castells (2009), pp.63-71. 17

notions of the ‘public sphere’,89 leading to what McNair has called the ‘chaos paradigm’ of the relationship between journalism and power.90

This new media environment derives from the trends of globalisation, digitalisation, networking and deregulation, operating at increasing speed in the latter half of the 20th century.91 These processes have had similar effects on other information-reliant networks such as intelligence. In parallel with the postmodernist concept of the ‘fluidity’ of the human experience of this globalised environment,92 Rathmell proposes that intelligence as a security process may be entering its own ‘postmodern’ phase.93 Specifically, intelligence is in essence a ‘knowledge industry’ operating in a dynamic, non-linear and accelerating environment characterised by

‘absent centres and fluid borders’.94 Shorn of the geopolitical certainties, for example, of the Cold

War operational environment, one of the major contemporary challenges for intelligence agencies, as with the media, is how to discern fact from fiction if both are present, in volume, in global communications networks. Another is how to filter the vast amount of information available in those networks, in order to produce useful and actionable intelligence to consumers.

Whilst open source intelligence (OSINT) presents significant opportunities for intelligence agencies of various kinds―and we should include commercial entities in this consideration―the sheer volume of available information presents them with major practical challenges.95

The dispute between Google and China, and the security debates it both engendered and extended, illustrates that communications networks are highly contested. Arquilla and Ronfeldt

89 Habermas (1989) 90 McNair (2006) 91 Schiller (1999). It should be noted that ‘mediatisation’ can be considered a meta-process in the same terms as globalisation, etc. (Krotz 2009, Livingstone 2009) 92 e.g. Bauman (2000) 93 Rathmell (2002) 94 Ibid., p.101. 95 e.g. Clift (2003), Mercado (2004) 18

long ago observed that ‘information is emerging as a distinct dimension, if not a new domain, of power ... replete with paradoxes and ambivalences.’96 Castells is the principal theorist of how power is not just exercised through the networks, but derives from those networks also.97 Who controls access to networks (switchers), and the functioning of networks (programmers), are therefore in positions of power relative to those who do not.98 This explains why networks of commerce, military power, intelligence, and media communication, are fought over by powerful actors like Google, the US military, and China, and is the foundation of various forms of ‘cyber conflict’. The internet, for example, is ‘a global electronic agora where the diversity of human disaffection explodes in a cacophony of accents.’99 Others, like Latour, have theorised how networks of human and machine actors are inherently suited to extending themselves and the influence that they can subsequently exert.100 This is of particular relevance to intelligence and media networks, for which the maintenance of information superiority requires that these networks are constantly seeking new connections. Cyberespionage falls squarely within this paradigm, particularly as so much of it is automated.

In the absence of more extensive and structured research it would be incorrect to conclude that

Western media outlets and intelligence agencies were routinely coordinating information sharing and dissemination as regards cybersecurity, in particular the threat posed by Chinese cyberespionage. However, there are superficial indications that intelligence services leaked selectively to mainstream media, and that media were content to rely on a limited range of sources for their own stories, some of whom have close ties to national intelligence agencies. The

‘Google China’ affair was inherently newsworthy but also tapped into a steadily building

96 Arquilla & Ronfeldt (1997), pp.478-479. 97 Castells (2009, 2010) 98 Castells (2009), pp.45ff. 99 Castells (2001), p.138. 100 Latour (1993, 2005), Mackenzie (2002) 19

discourse of threat and Chinese antagonism that neatly served to fulfil the wishes of those looking for a catalyst to unlock political action in this field. Although China, in common with the

US and other major technological states, undertakes cyberespionage as a matter of course, there is some truth in concerns that as the world’s pre-eminently networked society the US has ‘more to lose’ than any other. Allusions to 9/11 and Pearl Harbor show clearly how some communities in the US in particular attempt to shape public discourse and provoke politicians into particular courses of action. Media and intelligence providers and consumers fulfil a variety of roles within this fluid assemblage of competing political, economic and communication networks.

Reference List

(Official documents are listed at the end of this appendix.)

Agence-France Presse (AFP) (2009), ‘“Cybergeddon” Fear Stalks US: FBI’, 6 January 2009. Agence-France Presse (AFP) (2010), ‘Google Attacks “Wake-Up Call” – US Intel Chief’, 2 February 2010. Anand, Vinod (2006), ‘Chinese Concepts and Capabilities of Information Warfare’, Strategic Analysis, Vol.30, No.4, pp.781-797. Armstrong, Matt (2009), ‘Social Media as Public Diplomacy’, Perspectives, Vol.1, No.2; available at http://www.layalina.tv/publications/Perspectives/MattArmstrong.html, accessed 24 February 2010. Arquilla, John, and David Ronfeldt (1997), ‘Looking Ahead: Preparing for Information-Age Conflict’, in John Arquilla and David Ronfeldt, eds., In Athena’s Camp: Preparing for Conflict in the Information Age (Santa Monica, CA: RAND Corporation), pp.439-501. Ballard, Mark (2010), ‘Government Seeks to Debunk Cyber War Myth’, Computer Weekly, 10 March 2010; available at http://www.computerweekly.com/Articles/2010/03/10/240567/Government-seeks-to- debunk-cyber-war-myth.htm, accessed 12 March 2010. Barrett, Barrington M., Jr. (2005), ‘Information Warfare: China’s Response to U.S. Technological Advantages’, International Journal of Intelligence and CounterIntelligence, Vol.18, No.4, pp.682-706. Battelle, John (2005), The Search: How Google and its Rivals Rewrote the Rules of Business and Transformed Our Culture (New York: Portfolio Hardcover) Bauman, Zygmunt (2000), Liquid Modernity (Cambridge: Polity Press) BBC (2005), ‘$80bn Google Takes Top Media Spot’, 8 June 2005; available at http://news.bbc.co.uk/1/hi/business/4072772.stm, accessed 5 February 2010. 20

BBC (2009a), ‘Web Attack ‘Aimed at One Blogger’, 7 August 2009; available at http://news.bbc.co.uk/1/hi/technology/8189162.stm, accessed 18 February 2010. BBC (2009b), ‘China “Steps up US Cyber-Spying”’, 20 November 2009; available at http://news.bbc.co.uk/1/hi/8369707.stm, accessed 5 February 2010. BBC (2010), ‘Baidu Hacked By “Iranian Cyber Army”’, 12 January 2010; available at http://news.bbc.co.uk/1/hi/technology/8453718.stm, accessed 18 February 2010. Bell, Allan (1991), The Language of News Media (Oxford and Cambridge, MA: Blackwell) Bendrath, Ralf (2003), ‘The American Cyber-Angst and the Real World―Any Link?’, in Robert Latham, ed., Bombs and Bandwidth: The Emerging Relationship Between Information Technology and Security (New York and London: The New Press), pp.49-73. Blakely, Rhys, Jonathan Richards, James Rossiter and Richard Beeston (2007), ‘MI5 Alert on China’s Cyberspace Spy Threat’, The Times, 1 December 2007. Bolter, Jay David, and Richard Grusin (1999), Remediation: Understanding New Media (Cambridge, MA: MIT Press) Carr, Matt (2010), ‘Slouching Towards Dystopia: The New Military Futurism’, Race & Class, Vol.51, No.3, pp.13-32. Castells, Manuel (2009), Communication Power (Oxford: Oxford University Press) Castells, Manuel (2010) [1996], The Rise of the Network Society, The Information Age: Economy, Society, and Culture, Vol.1, 2nd edn. with new preface (Malden, MA, and Oxford: Wiley-Blackwell) CBS (2009), ‘Sabotaging the System’, 60 Minutes, 8 November 2009; available at http://www.cbsnews.com/video/watch/?id=5578986n&tag=related;photovideo, accessed 6 February 2010. Channel 4 News (2009), ‘Twitter Hack Claimed By Iranian Group’, 18 December 2009; available at http://www.channel4.com/news/articles/science_technology/ twitter+hack+claimed+by+iranian+group/3469162, accessed 5 February 2009. Clift, A. Denis (2003), ‘Intelligence in the Internet Era’, Studies in Intelligence, Vol.47, No.3, pp.73-79. Clinton, Hillary (2010), ‘Remarks on Internet Freedom’, 21 January 2010; available at http://www.state.gov/secretary/rm/2010/01/135519.htm, accessed 18 February 2010. CNN (2010), ‘We Were Warned: Cyber Shockwave’, 20 February 2010. Corera, Gordon (2009), ‘Cyber-Security Strategy Launched’, BBC News, 25 June 2009; available at http://news.bbc.co.uk/1/hi/uk_politics/8118348.stm, accessed 5 February 2010. Coughlin, Con (2010), ‘China’s Only Aim is to Secure Its Own Interests’, Sunday Telegraph, 3 January 2010. Cullather, Nick (2003), ‘Bombing at the Speed of Thought: Intelligence in the Coming Age of Cyberwar’, Intelligence and National Security, Vol.18, No.4, pp.141-154. Curtis, Neal (2006), War and Social Theory: World, Value and Identity (Basingstoke and New York: Palgrave Macmillan)

Davis, Eric (2009), ‘Next Steps in Cyber Security Awareness’, The Official Google Blog, 2 November 2009; available at http://googleblog.blogspot.com/2009/11/next-steps-in-cyber-security-awareness.html, accessed 5 February 2010. Denning, Dorothy (2001), ‘Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool For Influencing Foreign Policy’, in John Arquilla and David Ronfeldt, eds., Networks and Netwars: The Future of Terror, Crime and Militancy (Santa Monica, CA: RAND Corporation), pp.239-288. Der Derian, James (1993), ‘Anti-Diplomacy, Intelligence Theory and Surveillance Practice’, Intelligence and National Security, Vol.8, No.3, pp.29-51. Der Derian, James (2009) [2001], Virtuous War: Mapping the Military-Industrial-Media-Entertainment Network, 2nd edn. (New York and London: Routledge) Dittmer, Lowell (2007), ‘China’s New Internationalism’, in Guoguang Wu and Helen Lansdowne, eds., China Turns to Multilateralism: Foreign Policy and Regional Security (Abingdon and New York: Routledge), pp.21-34. Drummond, David (2010), ‘A New Approach to China’, The Official Google Blog, 12 January 2010; available at http://googleblog.blogspot.com/2010/01/new-approach-to-china.html, accessed 5 February 2010. Evans, Michael and Giles Whittell (2010), ‘Cyberwar Declared as China Hunts for the West’s Intelligence Secrets’, The Times, 8 March 2010. Fallows, James (2010), ‘About Cyber-Fragility and the “Pre-9/11” Moment’, The Atlantic, 17 February 2010; available at http://jamesfallows.theatlantic.com/archives/2010/02/two_views_on_cyber- fragility_a.php, accessed 18 February 2010. Fenby, Jonathan (2010), ‘Google Blazes a Trail With China Rift’, The Guardian, 13 January 2010; available at http://www.guardian.co.uk/commentisfree/libertycentral/2010/jan/13/google-china-politics- censorship, accessed 18 February 2010. Galtung, Johan and Mari Holmboe Ruge (1965), ‘The Structure of Foreign News: The Presentation of the Congo, Cuba and Cyprus Crises in Four Norwegian Newspapers’, Journal of Peace Research, Vol.2, No.1, pp.64-91. GCHQ (2009), ‘GCHQ to Host UK Cyber Security Operations Centre’, press release, 26 June 2009; available at http://www.gchq.gov.uk/press/csoc_newsitem.html, accessed 5 February 2010. Goldkorn, Jeremy (2010), ‘Google Strikes a Blow to China’s Great Firewall’, The Guardian, 13 January 2010; available at http://www.guardian.co.uk/commentisfree/2010/jan/13/google-china- censorship-firewall, accessed 23 February 2010. Greenberg, Andy (2007), ‘Cyberspies Target Silent Victims’, Forbes, 11 September 2007; available at http://www.forbes.com/2007/09/11/cyberspies-raytheon-lockheed-tech- cx_ag_0911cyberspies.html, accessed 18 February 2010.

Greenberg, Andy (2010), ‘Dozens of Defense Contractors, Agencies Hacked’, Forbes, 17 February 2010; available at http://www.forbes.com/2010/02/17/pentagon-northrop-raytheon-technology-security- cyberspying.html, accessed 18 February 2010. Habermas, Jürgen (1989) [1962], The Structural Transformation of the Public Sphere: An Inquiry into a Category of Bourgeois Society, tr. Thomas Burger and Frederick Lawrence (Cambridge, MA: MIT Press) Hachigian, Nina (2001), ‘China’s Cyber-Strategy’, Foreign Affairs, Vol.80, No.2, pp.118-133. Hastedt, Glenn (2005), ‘Public Intelligence: Leaks as Policy Instruments―The Case of the Iraq War’, Intelligence and National Security, Vol.20, No.3, pp.419-439. Hvistendahl, Mara (2010), ‘China’s Hacker Army’, Foreign Policy, 3 March 2010; available at http://www.foreignpolicy.com/articles/2010/03/03/china_s_hacker_army, accessed 3 March 2010. InfoWar Monitor (2009), Tracking GhostNet: Investigating a Cyber Espionage Network; available at http://www.nartv.org/mirror/ghostnet.pdf, accessed 5 February 2010. International Institute for Strategic Studies (IISS) (2007), ‘China’s Cyber Attacks: Casting a Wider Intelligence Net’, Strategic Comments, Vol.13, No.7, pp.1-2. Jordan, Tim, and Paul A. Taylor (2004), Hacktivism and Cyberwars: Rebels With a Cause? (London and New York: Routledge) Krekel, Bryan (2009), Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, prepared for the US-China Economic and Security Review Commission (McLean, VA: Northrop Grumman Corporation) Krotz, Friedricj (2009), ‘Mediatization: A Concept with Which to Grasp Media and Societal Change’, in Knut Lundby, ed., Mediatization: Concept, Changes, Consequences (New York: Peter Lang), pp.21-40. Lam, Willy (2010), ‘Beijing Beefs Up Cyber-Warfare Capacity’, Asia Times, 9 February 2010; available at http://www.atimes.com/atimes/China/LB09Ad01.html, accessed 18 February 2010. Latour, Bruno (1993) [1991], We Have Never Been Modern, tr. Catherine Porter (Cambridge, MA: Harvard University Press) Latour, Bruno (2005), Reassembling the Social: An Introduction to Actor-Network Theory (Oxford: Oxford University Press) Leppard, David (2010), ‘China Bugs and Burgles Britain’, Sunday Times, 31 January 2010. Li, Nan (1999), ‘The PLA’s Evolving Campaign Doctrine and Strategies’, in James C. Mulvenon and Richard H. Yang, eds., The People’s Liberation Army in the Information Age (Santa Monica, CA: RAND Corporation), pp.146-174. Livingstone, Sonia (2009), ‘On the Mediation of Everything: ICA Presidential Address 2008’, Journal of Communication, Vol.59, No.1, pp.1-18. Loyd, Anthony (2010), ‘Army of Hackers Takes On the World’, The Times, 8 March 2010. McConnell, Mike (2010), ‘To Win the Cyber-War, Look to the Cold War’, The Washington Post, 28 February 2010.

McGregor, Richard, and Demetri Sevastopulo (2007), ‘China “Hacked” Into Pentagon Defence System’, Financial Times, 4 September 2007. McHugh, Josh (2003), ‘Google Vs. Evil’, Wired, Issue 11.01; available at http://www.wired.com/wired/archive/11.01/google.html, accessed 5 February 2010. Mackenzie, Adrian (2002), Transductions: Bodies and Machines at Speed (London and New York: Continuum) McNair, Brian (2006), Cultural Chaos: Journalism, News and Power in a Globalised World (London: Routledge) Manovich, Lev (2001), The Language of New Media (Cambridge, MA: MIT Press) Markoff, John, and David Barboza (2010), ‘Two Chinese Schools Said to Be Tied to Online Attacks’, New York Times, 19 February 2010. Mattelart, Armand (2000), Networking the World, 1794-2000, tr. Liz Corey-Libbrecht and James A. Cohen (Minneapolis, MN: University of Minnesota Press) Meikle, Graham (2009), ‘Electronic Civil Disobedience and Symbolic Power’, in Athina Karatzogianni, ed., Cyber Conflict and Global Politics (London and New York: Routledge), pp.177-187. Mercado, Stephen C. (2004), ‘Sailing the Sea of OSINT in the Information Age’, Studies in Intelligence, Vol.48, No.3, pp.45-56. Moore, Malcolm (2009), ‘Exposed: China’s Worldwide Web of Cyber-Spies’, Daily Telegraph, 30 March 2009. Morozov, Evgeny (2009), ‘How Dictators Watch Us On the Web’, Prospect, Vol.165, pp.34-39. Morozov, Evgeny (2010), ‘Doubting the Sincerity of Google’s Threat’, Foreign Policy, 13 January 2010; available at http://neteffect.foreignpolicy.com/posts/2010/01/13/doubting_the_sincerity_of_googles_threat, accessed 5 February 2010. Nakashima, Ellen (2010a), ‘Google to Enlist NSA to Ward Off Attacks’, Washington Post, 4 February 2010. Nakashima, Ellen (2010b), ‘War Game Reveals US Lacks Cyber-Crisis Skills’, Washington Post, 17 February 2010. Nakashima, Ellen (2010c), ‘FBI Director Warns of “Rapidly Expanding” Cyberterrorism Threat’, Washington Post, 4 March 2010; available at http://www.washingtonpost.com/wp- dyn/content/article/2010/03/04/AR2010030405066.html, accessed 9 March 2010. National Public Radio (NPR) (2010), ‘Assessing the Threat of Cyberterrorism: Interview with James Lewis’, Fresh Air, 10 February 2010; available at http://www.npr.org/templates/story/story.php?storyId=123531188, accessed 18 February 2010. Nesi, Ted (2009), ‘Five Questions With: US Rep. James R. Langevin’, Providence Business News, 16 November 2009; available at http://www.pbn.com/stories/46180.html, accessed 6 February 2010. Obama, Barack (2009), ‘Remarks By the President on Securing Our Nation’s Cyber Infrastructure’, 29 May 2009; available at http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on- Securing-Our-Nations-Cyber-Infrastructure/, accessed 5 February 2010.

Phillips, Macon (2009), ‘Introducing the New Cybersecurity Coordinator’, The White House Blog, 22 December 2009; available at http://www.whitehouse.gov/blog/2009/12/22/introducing-new- cybersecurity-coordinator, accessed 18 February 2010. Qiang, Xiao (2010), ‘Google Prompts Soul-Searching in China’, The Guardian, 13 January 2010; available at http://www.guardian.co.uk/commentisfree/2010/jan/13/china-google-internet-censorship, accessed 23 February 2010. Rathmell, Andrew (2002), ‘Towards Postmodern Intelligence’, Intelligence and National Security, Vol.17, No.3, pp.87-104. Schiller, Dan (1999), Digital Capitalism: Networking the Global Market System (Cambridge, MA: MIT Press) Schrage, Elliot (2006), ‘Testimony of Google, Inc. Before the Subcommittee on Asia and the Pacific, and the Subcommittee on Africa, Global Human Rights, and International Operations’, Committee on International Relations, United States House of Representatives, 15 February 2006; available at http://googleblog.blogspot.com/2006/02/testimony-internet-in-china.html, accessed 5 February 2010. Sevastopulo, Demetri (2007), ‘Virtual Invasions Spark Real Fears’, Financial Times, 4 September 2007. Shiels, Maggie (2010), ‘Security Experts Say Google Cyber-Attack Was Routine’, BBC News, 14 January 2010; available at http://news.bbc.co.uk/1/hi/8458150.stm, accessed 2 March 2010. Shambaugh, David L. (2004), Modernizing China’s Military: Progress, Problems and Prospects (Berkeley and Los Angeles, CA, and London: University of California Press) Singel, Ryan (2010a), ‘Cyberwar Hype Intended to Destroy the Open Internet’, Wired, 1 March 2010; available at http://www.wired.com/threatlevel/2010/03/cyber-war-hype/, accessed 4 March 2010. Singel, Ryan (2010b), ‘White House Cyber Czar: “There Is No Cyberwar”’, Wired, 4 March 2010; available at http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/, accessed 9 March 2010. Smith, George (2010), ‘Cult of Cyberwar―Narrow Sourcing and the King of Quote’, Dick Destiny, 19 January 2010; available at http://www.dickdestiny.com/blog/2010/01/cult-of-cyberwar-narrow- sourcing-and.html, accessed 18 February 2010. Stanley, Jay (2010), ‘US Security Agencies Begging for a Cybersecurity “Cold War”’, Huffington Post, 3 March 2010; available http://www.huffingtonpost.com/jay-stanley/us-security-agencies- begg_b_484412.html, accessed 4 March 2010. Stevens, Tim (2010a), ‘China’s Cyberwar Goes Beyond Google’, The Guardian, 13 January 2010; available at http://www.guardian.co.uk/commentisfree/libertycentral/2010/jan/13/google-china-cyber-war- security, accessed 23 February 2010. Stevens, Tim (2010b), ‘Breaching Protocol: The Threat of Cyberespionage’, Jane’s Intelligence Review, Vol.22, No.3, pp.8-13. Stevens, Tim (2010c), ‘The US is Not at Cyberwar’, The Guardian, 9 March 2010; available at http://www.guardian.co.uk/commentisfree/2010/mar/09/us-cyberwar-howard-schmidt, accessed 10 March 2010. 25

Terrill, Ross (2003), The New Chinese Empire (Sydney: University of New South Wales Press) Thompson, Clive (2006), ‘Google’s China Problem (And China’s Google Problem)’, New York Times, 23 April 2006. Villeneuve, Nart (2010), ‘Chatter ...’, Nart Villeneuve, 14 January 2010; available at http://www.nartv.org/2010/01/14/chatter/, accessed 5 February 2010. Virilio, Paul (2000), Strategy of Deception, tr. Chris Turner (London and New York: Verso) Walton, Timothy (2010), ‘Treble Spyglass, Treble Spear: China’s “Three Warfares”’, Defense Concepts, Vol.4, No.4, pp.49-65. Warman, Matt (2010), ‘Is It Good or Evil?’, Daily Telegraph, 27 February 2010. Waters, Richard and Kathrin Hille, ‘Google “99% Certain” to Shut China Engine’, Financial Times, 13 March 2010; available at http://www.ft.com/cms/s/2/dd69e680-2e06-11df-b85c- 00144feabdc0.html, accessed 16 March 2010. Wauters, Robin (2010), ‘McAfee Calls Operation Aurora a “Watershed Moment in Cybersecurity”, Offers Guidance’, Washington Post, 17 January 2010; available at http://www.washingtonpost.com/wp- dyn/content/article/2010/01/17/AR2010011700562.html, accessed 18 February 2010. West, Alan (2009), ‘A Virtual Voice’, Public Service Review: Home Affairs, Vol.20, 23 November 2009; available at http://www.publicservice.co.uk/article.asp?publication=Home%20Affairs&id=403&content_name =IT%20security&article=12965, accessed 5 February 2010. Williams, Chris (2010), ‘Cyber Attacks Will “Catastrophically” Spook Public, Warns GCHQ’, The Register, 22 February 2010; available at http://www.theregister.co.uk/2010/02/22/csoc_report/, accessed 23 February 2010. Womack, Brian, and Katrina Nicholas (2010), ‘China Attacks on Google May Have Hit 100 Companies, ISEC Says’, Bloomberg.com, 27 February 2010; available http://www.bloomberg.com/apps/news?pid=20601087&sid=aK_iubMRCUrE&pos=7, accessed 2 March 2010. Zetter, Kim (2010), ‘Google Hackers Targeted Source Code of More Than 30 Companies’, Wired, 13 January 2010; available at http://www.wired.com/threatlevel/2010/01/google-hack-attack/, accessed 23 February 2010.

Official Documents 2007 Report to Congress of the US-China Economic and Security Review Commission, November 2007 2009 Report to Congress of the US-China Economic and Security Review Commission, November 2009 A Resilient Nation: National Security Green Paper, UK Conservatives Policy Green Paper No.13, January 2010.

Cyber Security Strategy of the United Kingdom: Safety, Security and Resilience in Cyber Space, Cmd.7642, June 2009 (Norwich: The Stationery Office) Cyberspace Policy Review: Assuring a Trusted and Resilient Information Communications Infrastructure, May 2009 (Washington, DC) Ministry of Defence (MoD) (2010a), Adaptability and Partnership: Issues for the Strategic Defence Review, Cm.7794 (Norwich: The Stationery Office) Ministry of Defence (MoD) (2010b), Global Strategic Trends – Out to 2040 (Arncott: DSDA Operations Centre) Ministry of Defence (MoD) (2010c), Future Character of Conflict (Arncott: DSDA Operations Centre)