Loading summary
Tommy Wren
Hello everyone, this is Tommy Wren. I'm here with the Gruk for another between two nerds discussion. G' day Grok, how are you?
Grok
G', day Tom. I'm fine, and yourself?
Tommy Wren
I'm well. This week's edition is brought to you by thinkst, makers of the thinxt canaries and other honeypot like tokens that are much loved around the world. So this month, Gruk, there was a paper published by this outfit called Margin Research and it's titled the Growing Role of Cyber Militias in China's Network Warfare Structure. So the author Kieran Green has just taken a look at some of the changes in. He's calling them the cyber militia and how China is trying to make it more relevant to the pla. So it's. He says within China, cyber militias are paramilitary units composed of civilian volunteers operating under the dual leadership of local governments and the pla. These units are organized by civilian work units such as state owned enterprises, universities and the commercial technology sector, and are principally tasked with supporting the defence of critical network infrastructure, logistics systems and communications platforms. While historically the militias have been largely auxiliary in nature, they increasingly function as a regular reserve force that trains alongside active duty PLA units. So there's an executive summary, he's got some sort of bold top line points and we thought we'd just examine them and say does this make sense and does it make sense for anyone else other than China? So it's possible that what they're doing makes no sense even for China. But. Right, let's kick off. The first point is the party states ongoing reforms to China's cyber militia system have greatly increased PLA network warfare resiliency and surge capacity.
Grok
So just briefly, when they say network warfare, what would that mean?
Tommy Wren
Yeah, I was wondering that myself. So at least according to, according to Google, it involves integrating various capabilities like cyber warfare, electronic warfare and space warfare to disrupt enemy command and control, sensor networks and information systems.
Grok
It's like all of the above kind of thing. Like just every. Everything that's not a bomb.
Tommy Wren
Yeah, yeah. I think of it as kind of a bit bigger than precision munitions where the US and allies talk about network centric warfare, where everything's networked and they're able to deliver kinetic force to particular points right at particular times. This seems like a sort of a meta thinking about this. Like we want that plus we want information and disruption as well. That's my take on it.
Grok
It sounds reasonable enough. I mean the point is, I guess it's sort of, it's not just cyber like it's yes, Cyber plus.
Tommy Wren
Yeah, Cyber plus. And also I guess the difficulty with interpreting it is that we've never seen it demonstrated by the pla. So of course they've talked about it. But what does it actually mean in practice? We'll have to wait and see. Hopefully we don't get to see.
Grok
Well, hopefully we won't.
Tommy Wren
Yeah, exactly.
Grok
So, okay, like this makes a lot of sense to me is that if you have a huge amount of civilian talent, you want to be able to tap that when necessary. Right. I just, I think everyone talks about this all the time. Like you see papers coming out of the UK and the US of like, how can we set up a reserve force or a site cyber, you know, auxiliary civilian militia, some sort of, we have all of these people, we can't pay them $20,000 a year to be a, you know, low level officer in the army. But we, if we have a war and we want them to do something that's beneficial to the state, we want to be able to do that. Like, we want a formal structure that we can bring them in and beforehand we'd like to train them a bit so that we can, you know, integrate them easily. So this makes total sense to me. I think that if anything, China's just ahead of the curve on this one.
Tommy Wren
I've heard of reservists in the state in the US who like might work for Microsoft or something, for example, and so they've got high level technical skills and then they'll go and do be cyber reserves in the U.S. army. And that also makes sense. It seems that there's more of an ecosystem in China that's more accepting of just regular people doing hacking stuff.
Grok
And so I think there's also like working for the state is less of a weird thing. Like joining the army is one particular career path. And it sort of, in a lot of cases in the US it suggests either a particular socioeconomic background or coming from a certain, like a military family or whatever. It's unusual for just regular people to be like, I'm learning computer science and therefore I've joined the military as well, like that. Whereas I think in China it's a lot more normal to be like, and I have a government job, right? Or like a part time government job, like that. Just it seems less unusual.
Tommy Wren
So, so that is a yes, this will work for China because a, it's more socially acceptable to work for the state. There's less of a culture of secrecy around cyber operations, so it's much easier to integrate people there's a bigger pool of people to choose from. So we want to be able to harness that.
Grok
So I think you touched on something interesting, which is that the secrecy angle. And I think that, that, that might be one of the big issues that the west would face if they tried to do this in the same way. Right. And that us, uk, Australia, everyone, they sort of, it's not just their, the way that they do their operations and the tools that they use, it's the fact that they do operations at all is kind of secret. Right. Like they just, they don't want that information out there. Whereas it seems in China they're a lot more open to just saying, all right, you know everyone, here's an exchange. O day, we're hacking everything that we can go at it.
Tommy Wren
Right.
Grok
That's not a thing that happens in the West. And it couldn't because it goes against every fiber of the intelligence community of just like saying, here's a secret tool, everyone go out and collect things and then tell us secrets. And it's, you know.
Tommy Wren
Yeah. So the, the other thing that occurs is that there isn't the same overcapacity. Not over capacity, but huge number of people. So like just the number of people involved in the field, it seems like that everyone in the US or Australia who is in the field and might be willing to contribute already has a full time job. Whereas the impression you get from looking at some of the hacks and leaks from Chinese cyber espionage companies is they may already have a job, but they wouldn't mind having more money as well.
Grok
Unlike the West. I mean, you know how those communists are always after a dollar.
Tommy Wren
So one of the other points under here is select militia units can pivot from rear echelon support roles to frontline operational functions with little latency. And now the justification for that statement, if I'm reading it right, is that because they've got a lot of trained high level personnel who do a lot of hacking, they can do both support roles and operational roles. But I don't think that's quite right. Like, it strikes me you're talking about things like back end and rear echelon support and frontline operational functions seem like two different streams of work with different skills, right?
Grok
And like if you're not, if you're not doing frontline operational stuff, if you're not on the pointy end, your skills atrophy. So like I've known people who are just really good and it's sort of like they, I'd say like they have the nose like they can just sniff out, like you put them on a network and they just go, huh, I bet you that's the Oracle server. Double or nothing I can get in with Oracle. Oracle. Oh, okay, now I'm here. Well, I bet you like looking at this. Someone like failed to do something properly. Okay, now I've got root. All right. Like looking at the SSH history. Oh, okay. I bet you that this is like their, whatever, you know, like the CDR or the billing server. Like it just, it feels right and they'll connect to that and like you're sitting there watching them and in real time they just, like they can sense it looks like magic, right? And the thing is, if they stop working for a year and then come back, they can't do that. Like that's gone, right? Like that sort of the touch has been lost because they've just been away too long. They have to build it back up again. Similarly, if you try and get those people to set up bounce boxes and build fishing sites, they'll go mad because it's like, it's such dull work compared to what they're used to. Like, they won't do a good job because they won't have the attention to detail because they'll be frustrated that they're doing this instead of the thing that they're actually good at. So it seems to me that you would not want this. Like, this is not a desirable feature.
Tommy Wren
Like, it just seemed to me that there were two different jobs and that it's hard to surge from one to the other, even if you've got skills. And I guess I was thinking of something like incident response and red teaming. You don't surge from one to the other.
Grok
But they're both using computers. What's, what's the problem?
Tommy Wren
And both have high level technical skills, right?
Grok
So I guess you can just swap one from the other.
Tommy Wren
You could train one of those people to be good at the other skill, I'm sure. Anyway, so that, that doesn't seem quite right, but as a whole, it seemed like China, the prc, is well placed to have that sort of surge capacity because of its secrecy culture or lack thereof, and because of just the number of people.
Grok
Right? And I think that part of the point with the number of people is that the state invested in building that pool. They deliberately wanted to create that sort of talent pool to draw on, and they did that. And it's now been, you know, a decade or whatever. And so they now have such a talent pool that they can draw on. Right?
Tommy Wren
It's not. So for like western countries.
Grok
Yeah.
Tommy Wren
They'd have to do the talent pool first and then they'd have to figure out, well, how do we incorporate these people with that culture of secrecy?
Grok
Right. So I'd say that Israel is probably ahead of the curve here in that. So they have that same approach to developing the talent pool. But then in terms of like having a reserve, they just very literally just have reserves. Everyone has served the military and is then on the reserve force. So it's.
Tommy Wren
Yeah, yeah. If your pipeline is the military.
Grok
Right.
Tommy Wren
You come pre indoctrinated. So the second point, Cyber militia forces function as a key supplement to the PLA in high risk contingencies such as cross strait operations or flare ups in the South China Sea. So cross strait operations, I'm taking that to mean the Taiwan Strait.
Grok
So such as like you, you go to bed one night and you wake up and suddenly all of your transport invasion barges are on the Taiwan beach. It's a contingency. We didn't anticipate that we're going to see this coming.
Tommy Wren
Yeah. So that's my issue with the framing of that is that invading Taiwan is not a contingency, it's like a plan perhaps.
Grok
Right. It's not a contingency, it's a thing that you've planned for and you plan to have surge capacity in the case of executing that plan. So.
Tommy Wren
Yeah, yeah, yeah, that makes complete sense. So it would be here's plan A, here's our invasion plan. How many cyber forces do we need? Do we have enough? If not, let's get more. That to me seems to be the, the logical thought process. Like something like the South China Sea, a flare up that might be a contingency, but that's.
Grok
Given that all of the, all of the issues in the South China Sea have been the result of Chinese aggression. You know, like if the Philippines is not building an island and saying this is ours. Right. That's, that's China. The Philippines are not like aggressively using their navy to scare off fishing vessels.
Tommy Wren
From other countries or using water cannon or whatever.
Grok
Right. It's, it's very like a flare up. Seems like the sort of thing that China would deliberately escalate as opposed to.
Tommy Wren
Yeah, yeah, I was just, I was just flinging my fists around and you walked into my fist, right?
Grok
Yeah. Like I have a hard time believing that that would come out of nowhere like that.
Tommy Wren
So I guess, so I guess in both of those scenarios, the Taiwan Strait or the South China Sea it is, we've got plans we should know what kind of cyber support we want and if we want more, let's, let's build out that plan so that we know who we're getting and what we're going to do with them. And that also makes a whole lot of sense for China. Right.
Grok
I don't think anyone else is planning on having a cross straight contingency.
Tommy Wren
Well, I mean, if you turn it around, I guess from us or a.
Grok
Filipino or they would actually have contingencies, they would actually need to plan for this.
Tommy Wren
And it's not clear to me that they would need a cyber militia to respond. Right. If, like, what, what role does a cyber operation have? I mean, in the Taiwan Strait cannons.
Grok
On, on the destroyers so that they stop spraying efficient vessels. Like, I, I don't know. Like.
Tommy Wren
Well, I guess when it comes to the Taiwan Strait, there was a report just this week that the U.S. i think someone in the FBI or NSA said that the vault typhoon efforts to compromise critical infrastructure had amounted to naught. So that seems to be a. Assuming that's correct. That seems to be like, this is what you would do. You would respond to that effort and neutralize it. And you would think ahead. What are the things they might do? Let's make sure that they can't do those things. Do we need a militia for that? I would say that the US probably thinks that they don't need a militia for that.
Grok
I think they've got a very, very large workforce of people and I think that they could not have a militia because of the secrecy issue. Like, I think that the, there's a number of things. First of all, the US IC is terrible with civilians. Just like the, the interfacing with people outside of their community is so bad that, you know, I, I have friends who, when they actively try and help, get so pissed off, right. They sort of, you know, swear off ever, ever speaking to them again.
Tommy Wren
Like, they just become so difficult, right?
Grok
Like, it's, it's just so frustrating and annoying. And it seems to me like that's the starting point that they would have is the. We don't need these people because they're not even. Like, they're not even us. They're not even. They're not part of the group. They're not good. So, yeah, I don't see it as culturally possible. It would take.
Tommy Wren
It also seems that there's no equivalent scenario to Taiwan where, say, the US or Australia is expecting to invade another country and maybe potentially planning for it. Well, I guess there's Canada.
Grok
But Greenland, the One thing I would say is one could argue that Taiwan is the Taiwanese contingency that the US should be planning for. Right. If China does decide to invade, then if the US steps up to try and protect Taiwan, that would be a case where maybe they would want surge capacity. Yes, but I am willing to bet, not very much, but I'm willing to bet that NSA and CIA probably squabble over who gets to do the most to China first. Right.
Tommy Wren
Like they're like who gets to do the surging.
Grok
Right, exactly. I think that they are so far ahead on that that the idea of like bringing in civilians to do stuff is probably.
Tommy Wren
Again, that strikes me as a, here's a thing that we could or should be planning against and so we should be figuring out what we actually need and what we would do.
Grok
Like I bet they have pre positioned all of their stuff and then they're pre positioning second line stuff and then, you know, they're kicking out the NSA so they can put in the CIA pre position stuff just.
Tommy Wren
Depending upon who's won the turf war on the day.
Grok
Yeah, Like I, I have a hard time believing that they're going to be surprised by having to go after China at the cyber level. Like having to, having to do cyber to China is not going to like it's, it's not going to stretch the resources because it's been planned out as one of the few things that they can actually plan out for.
Tommy Wren
Yeah, yeah. And it would be like this is priority number one. So, you know, resourcing is not an issue until we run out of people. So one of the interesting things is he says authoritative PLA commentary suggests that these units are expected to participate in tasks such as deception operations, public opinion control, and technical support for island landings and maritime operations.
Grok
Hack. And someone calls you up to reset their keyboard because the mouse doesn't work. The Internet is off. I keep clicking the Internet button and it doesn't work.
Tommy Wren
Have you tried turning it off and on again?
Grok
Why don't you disconnect the power cable and check for dust and then reconnect it? It's.
Tommy Wren
So the first two kind of made sense to me. Deception operations and public opinion control. So public opinion control is basically information operations, telling people what to think.
Grok
Right.
Tommy Wren
These are nice to haves. And so if you've got a militia, well, maybe they could do this stuff.
Grok
Yeah, yeah.
Tommy Wren
But not core operations that would directly contribute to winning or losing.
Grok
Yeah, like the deception would probably be part of a cloud of deception stuff. So it wouldn't be deception Stuff like, people are probably familiar with the World War II. Like, the man who Never was. Like, you get a. A corpse, you dress it up like a. In a military uniform, give it a fake invasion plan, and then dump it off the coast of Spain so that it shows up. And people think, you know, these. Like, you're not going to have something of that level where you farm it out to a militia to put together.
Tommy Wren
Right.
Grok
You know, like, here's a. Here's a critical thing that we need to protect a major military oper. Why don't you guys have a crack at it? You know, see what you can do with your amateur.
Tommy Wren
Yeah. So that all actually kind of makes sense in a way like that. Kind of nice to have operation that you can have someone not core do.
Grok
Yeah. It can give you volume in an area that you wouldn't have otherwise. And it's useful to have volume there. It's not necessary, but it's useful. So, yeah, why not?
Tommy Wren
Yeah, yeah, yeah. And I was thinking back to the Russian invasion, where they tried to disrupt communications at the instant of invasion. And that seems like that would be a job for your core forces, right? Yeah.
Grok
But then maybe if you want to do DDoS against the telephone company.
Tommy Wren
Yep. That would be, I guess, your plan B, farm out.
Grok
Yeah. You could farm that out to the hacktivists and be like, you, you know, do your patriotic duty. Right. And then they point them at that.
Tommy Wren
So, so far, with just a few quibbles, we're basically like, yeah, this kind of makes sense.
Grok
Yeah.
Tommy Wren
So this for China.
Grok
Right. So the thing is, this very much reminds me of how Russia has these hacktivist units that are sort of controlled by the state, and they are mostly involved in public perception operations, like creating the perception of cyber attacks. So very early on, they do things like they would announce that they were attacking the US Right. And that would get news coverage like, Russia is going to attack. That was a thing that they could do. And it was like, yeah, you farm that out to your civilians, and if it gets picked up, that's great. And if it doesn't, so what? Like, it's not a. It's a nice to have sort of thing in a way, sort of. Like the. The lack of efficacy of these groups has sort of makes me wonder if that would show up as well in China's plans. Like, unless they were more tightly integrated with specific tasking and roles.
Tommy Wren
Right.
Grok
Like, you can't just sort of leave them out to be like, why don't you guys do some espionage? If you're you know, feeling like it, like it doesn't get you very useful stuff partially because the interesting targets used to are usually harder to get into. And so these guys will look for easier targets because it's more exciting to actually hack something than to try and fail. So I'm just, I'm curious about how useful it would be anything other than these peripheral tasks, right? Like this sort of stuff on the edges.
Tommy Wren
Well, hopefully we never get to find out. So the third point. China cyber units are becoming more professionalized and diversified with participation expanding beyond universities and state owned enterprise to include elite commercial cybersecurity firms.
Grok
Well, like Raytheon.
Tommy Wren
Lockheed. So it says here cyber militia units such as those operated by Antilabs, which is a kind of threat intelligence antivirus Type Company and Chihu360 represent the vanguard of these efforts. Such units contribute personnel, tools and infrastructure to the PLA's mobilization system. These partnerships blur the line between state and private cyber capabilities and suggests that Chinese cybersecurity firms with global commercial reach may act as vectors for state aligned operations in a conflict.
Grok
So many, many years ago, there's a friend of mine was working at a company in a Middle Eastern country in part of their IT security group and one day this guy in a suit shows up and says hi, I'm from bae, I'm here to do the audit. And everyone was like, the what now? He goes, yeah, I've got a usb, I just need to plug this in. Please show me your server racks. And yeah, like my friend got involved to sort of make sure they didn't even get in the door. But like no one had requested this. Like there wasn't a work order for BAE to come and do like an audit of their assistance. It was just like a couple of guys show up in suits with a USB stick saying please show us to your data center, we need to plug this into your servers. And assuming this actually was BAE and not someone impersonating them, I don't think they were doing it for like commercial espionage reasons. That would have been blurring the lines between state and corporate activity. I get, I find this a little bit offensive. It's very othering, it's very sort of like, you know, these inscrutable Orientals with their, you know, who knows what they're up to. They have the state and the enterprising working together and blah blah, blah. And it's, come on man, everyone does that. That's like, yeah, like there's not a country in the world doing cyber that doesn't have commercial involvement.
Tommy Wren
What's interesting is I had someone mention from a Western cybersecurity firm say that, yes, the. That they're involved in a counterintelligence war was, I think, the term they used against Chinese cybersecurity firms. But, I mean, it's. Yeah, like, when they said that to me, it was. Well, this is a bit shocking that they feel that they're in contest with these firms. Like. But now that we're having this discussion, it feels like, well, it takes two to be in a war, doesn't it?
Grok
Otherwise, it's a massacre. Right. Like, that's the thing. Right. It's only a war if both sides are fighting. Otherwise it's a massacre. And if we were in a. Yes, if you're in a war, it means both sides are engaged. But. Right. So you've got, like, Russia's got positive technologies involved in things. The US has got Raytheon and Lockheed and a myriad of. Right. Like, just loads of these defense contractors that exist in the uk. I'm sure that, you know, like, they. Like, they have people involved. Can you imagine, the French don't have, like, Talus doing things for them. It's just like, that's not a world we live in.
Tommy Wren
Yeah.
Grok
I don't think it's worth pointing this out as a uniquely Chinese thing. I think that's just. That's the world that we live in, is that a lot of capability exists in the commercial sector. The way that militaries and governments expand capabilities by buying commercial services from these service providers. Who.
Tommy Wren
So you don't think there's some sort of qualitative difference in the extent to which the Chinese government uses commercial services? Because that does seem like a thing.
Grok
Yeah, it could be. It might be that the Chinese can be a little bit more forceful in saying, like, you will do this for us.
Tommy Wren
Maybe it's a different of degree rather than kind, I guess, is what you're. Yeah.
Grok
Like, I don't think it's beyond the pale what they're doing. Right. Like, that's just. Everyone does it. Maybe they do it 110% and everyone else is sort of 80%. Right.
Tommy Wren
It's turned the dial up to 11.
Grok
Yeah. Like, it. It seems like they just saw what other people are doing. Like, we can do that.
Tommy Wren
That's beyond the standard 10, I'm telling you.
Grok
Like, this is one more. More.
Tommy Wren
Unacceptable.
Grok
Yeah. Like, that's sort of what it feels like to me is like, it's no different from what anyone else is doing, I think, like. Like the earlier stuff about having a militia that they can use for information ops or deception ops or things like that that I don't think is being done in the west, like, and I'm not sure it could be because the, the west, like, they're very bad at information operations in general and deception operations are not the sort of thing that you just sort of tell people in public that you're doing. You know, like, you couldn't farm that out over a telegram channel. I'm not sure that the west could do some of the things that Chinese, the, the Chinese are doing. Like, I just, it seems like the, the infrastructure at the, maybe the cultural level isn't there.
Tommy Wren
One of the things that I stuck in my newsletter this week was that the NCSC, the UK's National Cybersecurity center, had started a vulnerability research, I think they called it an initiative and it was just reaching out to expert vulnerability research people. And that felt like the beginning, like the very beginning of opening up the. Yeah, yeah. Of opening up the tent and letting people in. And it seems like they wouldn't even let people in. They just say, oh, that's very interesting that research you've done. That's fantastic.
Grok
Probably not even that it's complete black hole of like, you know, thank you for your submission.
Tommy Wren
But, but like, and so that's what, 2025? And you're just reaching out to members of a community where it feels like, I don't know, would have been something that's been going on for decades in China.
Grok
Yeah, I mean, better part of a decade I think, at least. But the NCSE did have that, I don't know what it was called, like the jobs program, where basically people from industry would leave their commercial position for like a month or two months or something.
Tommy Wren
Or something like that.
Grok
Yeah. And then they'd be working in a government role on government initiatives. So it would be like policy or protocols or you know, some other, more like state level initiative stuff. And the companies initially were sort of against this because they didn't like having to pay someone for a month of not working there. But then after being running for a little while, they started clamoring to get extra spots. Like it turned out to be incredibly useful to have there people go and not only learn sort of how things work at the government side, but also to develop contacts over there so that they would be able to make things go easier and they'd sort of know how to operate better and the skills that they would develop there would map over quite well for them.
Tommy Wren
So it's almost like there's a partnership between the public sector and private enterprise at times.
Grok
Yeah.
Tommy Wren
I know there used to be something similar at nsa. There used to be people, I think, who would take. I don't know if it was sabbaticals or something similar short terms of duty and, and learned skills and different perspectives and that sort of thing. Yeah, very useful.
Grok
I guess that sort of thing does happen in the west, but it doesn't seem to be a militia so much like it's. It's not a. An organized force. It's more of a Here's a way to make everything better for everyone. I, I know that the. Like, the UK has floated the idea of a sort of cyber reserve several times.
Tommy Wren
Yeah, I know that people here floated the idea as well. And the problem always seems to be that when have we ever needed a cyber militia?
Grok
Well, in case you accidentally invade East Timor, you know, contingency might come up.
Tommy Wren
Thanks a lot, Craig.
Grok
Thanks a lot, Tom.
Risky Bulletin: "Between Two Nerds: How China's Cyber Militia Make Sense"
Released on July 21, 2025 | Host: Tommy Wren | Guest: Grok
In this engaging episode of Risky Bulletin, host Tommy Wren and co-host Grok delve deep into the intricate workings of China's cyber militia, exploring their role within the People's Liberation Army (PLA) and the broader implications for global cybersecurity dynamics. Drawing insights from Kieran Green's paper, "The Growing Role of Cyber Militias in China's Network Warfare Structure," the discussion unpacks the evolution, functionality, and strategic significance of these paramilitary units.
[00:12] Tommy Wren:
Tommy introduces the topic by referencing Kieran Green's research, highlighting the emergence of cyber militias in China. These militias are described as paramilitary units composed of civilian volunteers who operate under the dual leadership of local governments and the PLA.
Key Points:
Grok's Insight:
Grok emphasizes the importance of tapping into a vast civilian talent pool, drawing parallels with Western concepts of cyber reserves.
[02:15] Grok:
Grok seeks clarification on the term "network warfare," leading to a comprehensive explanation by Tommy.
Tommy's Definition:
Network warfare integrates cyber, electronic, and space warfare to disrupt enemy command and control, sensor networks, and information systems.
Quote:
"It's like all of the above kind of thing. Like just every... everything that's not a bomb."
— Grok [02:21]
Discussion Highlights:
Grok's Commentary:
He likens the integration of various warfare domains to a meta-strategic approach, aiming for comprehensive disruption capabilities.
[05:07] Grok:
Grok points out the cultural acceptance in China of collaborating with the state, contrasting it with Western societies where military and state collaboration is often met with resistance.
Tommy's Observation:
The social acceptability of working for the state in China facilitates the integration of civilian experts into cyber operations, unlike the West where secrecy and compartmentalization hinder similar initiatives.
Quote:
"They have a bigger pool of people to choose from. So we want to be able to harness that."
— Tommy Wren [05:49]
Implications:
[07:53] Grok:
Grok discusses the practical aspects of having a cyber militia capable of pivoting between support and operational roles, questioning the feasibility of such transitions.
Tommy's Skepticism:
He expresses doubt about the ability to switch roles seamlessly, given the specialized nature of cyber operations.
Quote:
"It struck me you're talking about things like back end and rear echelon support and frontline operational functions seem like two different streams of work with different skills, right?"
— Tommy Wren [08:47]
Key Points:
Conclusion:
While the concept is theoretically sound, practical implementation presents significant challenges, although China's extensive manpower and integrated structure may mitigate these issues.
[19:00] Tommy Wren:
Tommy highlights that PLA's cyber militia participates in deception operations and public opinion control, which are supplementary rather than core operational tasks.
Grok's Analysis:
He compares these activities to historical examples like deception strategies in World War II, suggesting that while useful for propaganda and peripheral operations, they may not directly contribute to decisive outcomes.
Quote:
"It can give you volume in an area that you wouldn't have otherwise. It's useful to have volume there."
— Grok [21:05]
Discussion Highlights:
Implications:
These operations enhance China's informational and psychological warfare capabilities but remain secondary to direct cyber operations aimed at disrupting adversary infrastructures.
[23:24] Tommy Wren:
The discussion shifts to the collaboration between state and private cybersecurity firms in China, exemplified by companies like Antilabs and Chihu360 contributing to PLA's cyber efforts.
Grok's Perspective:
He argues that such collaborations are not unique to China, citing Western defense contractors like Raytheon and Lockheed Martin. However, he acknowledges that the extent and enforceability of these collaborations may differ.
Quote:
"It's a different degree rather than kind, I guess."
— Grok [28:10]
Key Points:
Implications:
This synergy enhances China's cyber warfare capabilities, making it challenging for other nations to disentangle commercial and state-sponsored cyber activities.
[29:48] Tommy Wren:
Tommy contrasts China's established cyber militia with the nascent and somewhat disjointed efforts in Western countries, referencing the UK's National Cyber Security Centre (NCSC) initiatives.
Grok's Insight:
He notes that while Western countries are beginning to explore cyber reserves and public-private partnerships, cultural and structural barriers impede the formation of effective cyber militias akin to China's model.
Quote:
"It's no different from what anyone else is doing, I think."
— Grok [28:36]
Discussion Highlights:
Implications:
Western nations may need to adopt more collaborative and transparent approaches to effectively harness civilian cyber talent, though this remains a work in progress.
In wrapping up the episode, Tommy and Grok acknowledge that while China's cyber militia presents a formidable and integrated approach to cyber warfare, Western counterparts are still grappling with the necessary cultural and structural changes to emulate such a model. The discussion underscores the strategic importance of cyber capabilities in modern warfare and the delicate balance between civilian collaboration and operational secrecy.
Final Quote:
"You have a way to make everything better for everyone... when have we ever needed a cyber militia?"
— Grok [32:46]
Conclusion:
China's proactive cultivation of a cyber militia underscores its commitment to enhancing network warfare resilience. As global cybersecurity evolves, understanding and adapting to such models will be crucial for nations aiming to safeguard their digital frontiers.
Notable Quotes:
"It's like all of the above kind of thing. Like just every... everything that's not a bomb."
— Grok [02:21]
"They have a bigger pool of people to choose from. So we want to be able to harness that."
— Tommy Wren [05:49]
"It struck me you're talking about things like back end and rear echelon support and frontline operational functions seem like two different streams of work with different skills, right?"
— Tommy Wren [08:47]
"It can give you volume in an area that you wouldn't have otherwise. It's useful to have volume there."
— Grok [21:05]
"It's a different degree rather than kind, I guess."
— Grok [28:10]
"It's no different from what anyone else is doing, I think."
— Grok [28:36]
"You have a way to make everything better for everyone... when have we ever needed a cyber militia?"
— Grok [32:46]
This episode of Risky Bulletin provides a comprehensive exploration of China's cyber militia, shedding light on their structural integration, operational roles, and the broader implications for international cybersecurity strategies. For cybersecurity professionals and enthusiasts alike, understanding these dynamics is essential in navigating the evolving landscape of cyber warfare.