Another report was released last week that warned of China’s growing cyber capabilities. It went on to discuss China’s cyber military training program and warned that expansion of personnel training in Information Warfare Specialties that include offensive network attack skills may expand to meet the demand among field units for skilled cyber personnel. While China’s growing capabilities and training in the cyber domain are a growing risk, the threat does not stop there! What was missing in the report was a warning that China is not the only adversary the United States faces in the cyber warfare domain! It is important to note that the commission that funded the study was purely focused on China. However in the testimony I gave before this same commission back in April 2009 Russian capabilities, and the capabilities and activity of terrorists groups and criminal organizations’ cyber ambitions came up and was also discussed by a colleague from Canada that reported on GhostNet.
We cannot allow ourselves to have tunnel vision and fixate on China alone. A recent report on malicious activity showed that we must address the significant number of compromised computers used in acts of cyber aggression within the U.S. borders as well as those compromised computing assets in a number of countries. Many people fail to realize that by far, the largest percentage of computing capabilities used in several attacks against the United States and our Interests were compromised computers within our own borders. Cyber defense must be elevated by the Obama Administration to a top national priority and the answer is a public/private/industry/military partnership that addresses this national security threat.
The Center for Strategic & International Studies also released a report on “The ‘Korean’ Cyber Attacks and Their Implications for Cyber Conflict” on Friday.
http://csis.org/publication/korean-cyber-attacks-and-their-implications-cyber-conflict
The report is interesting as it discusses what an act of “cyberwar” is. It also states that:
“Only a few nations –Russia, China, Israel, France, the United States, and the United Kingdom, and perhaps a small number of the most sophisticated cyber criminals – have the advanced capabilities needed to launch a cyber attack that could do serious and long-term damage equivalent to sabotage or bombing and thus rise to the level of an act of war.“
And although it states that the most recent “N. Korean” attacks were just basically noise, (Personally I disagree, noise is sometimes used to cover more heinous attacks) I do whole heartedly agree with the statements that America is a bigger target than other nations, because we rely more on digital infrastructure than any other nation and also our need to hammer out legislation on responding to cyber aggression.
Ptsfp
Good Morning Folks,
I’ve seen this story up quite a few times on DT and have been trying to check it out and quite frankly there is little reliable evidence to suggest that China has either obtained from another country the capabilities or has developed a domestic capabilities to do what the above article “hints” at.
China’s technology pool is rather wide but only an inch deep. Nearly all of the communication/bandwith technology China is using has come from other countries such as Russia, France, Germany, Israel, Finland etc. and of course the United States. As in had goods China’s industrial development is still rather primitive by western standards. The reason for this of course is that the best and the brightest Chinese find better opportunities overseas and those that do return to China find working for foreign companies has more benefits the working for a PLA enterprise which at the levels we are talking about would require membership in the CCP.
In fact if one looks at recent security in the tech. industries with China a patter has developed that suggests that China does it’s spying the old fashion way whit humans. From Los Alamos, to the W88 nuclear warhead theft, to as late as last week.
The Chinese intelligence plants either a native of China or a first or second generation overseas born American into a position of trust and with a high level security clearance in the U.S. military or a sensitive industry. From then on they start taking papers and or discs home with them and then when they had something worth while to turning in the material is passed on to a member of the Chinese mission who has diplomatic immunity for a hand carried back to China.
The artice by Mr. Coleman sounds great but it is unlikely that that is how China obtains sensitive information with in the United States. In fact the latest efforts by the Chines in cyber gathering seem to be to decentralize the activity and use game players and cyber geeks to bore into data bases in the west. Although rather limited in it production is appears at this time to be the China’s most productive efforts on this.
ALLONS,
Byron Skinner
Byron,
The former national intelligence director Michael McConnell had an interesting comment in a speech at the international spy museum.
He stated the internet is “the soft underbelly of the US today” and that if the US ever got into a conflict with China to “expect the lights to go out”.
http://www.msnbc.msn.com/id/33164091/ns/technology_and_science-security/
Also, on the CSIS Commission on Cybersecurity for the 44th Presidency website, they have a list of the significant cyber events since 2006.
http://csis.org/publication/23-cyber-events-2006
This lists many accounts of China actively involved in Cyber espionage and probing incidents. Yes, many of the listed events are probes and not physical attacks, but it is in the probing that you find the places to attack.
I thought one of the more interesting events on the list was French fighter planes being grounded because of a computer virus.
Ptsfp
steelarms.com/blog
All one has to do is look to the Israeli strike in Syria last year to see the potential ramifications of cyber attacks.
Kevin,
Did I miss it in the article, or is there not a link to the report sighted in here? I’d love to read it.
Thanks,
Philo
You know, I wonder how many of these attacks on US networks really get no further than a well placed DMZ honeypot? Seriously, I wonder how much of the info that’s been stolen is worthless, how much is really sensitive, and how much was deliberately put there to be stolen? LOL
good article
“A recent report on malicious activity showed that we must address the significant number of compromised computers used in acts of cyber aggression within the U.S. borders as well as those compromised computing assets in a number of countries. Many people fail to realize that by far, the largest percentage of computing capabilities used in several attacks against the United States and our Interests were compromised computers within our own borders.“
The computers used in the attacks may have been located in the US, but I’d be willing to bet the malware and botnets through which the attacks were organized ans masterminded came from 2 regions, Asia and Eastern Europe.
China is just becoming a monumental pain, this type of thing will get worse as it gets stronger. I hate to say it but we should have nuked them while we had the chance.
If you talk to a hacker, a real one, they will tell you that there is no such thing as a secure network. There is always a hole or opening somewhere. When a hole is discovered in Windows by a “white” hacker group, they notify Microsoft and eventually Microsoft patches it.
Recently one was discovered and revealed to Microsoft and they denied that the vulnerability existed, or that it could be exploited, so the “white” hacker went public with it. But what if it is a member of the Russian hacker group “RBN” (That has government ties) that finds the hole. Rest assured that they do not notify Microsoft. This is called a “Zero Day Exploit”. Rootkits are installed on these systems that hide themselves from anti-virus detection so the hacker can gain access at anytime to the compromised network.
http://en.wikipedia.org/wiki/Russian_Business_Network
Most hackers are “script kiddies”, they use noisy port scanners and programs that are publicly available that look for un-patched systems. They do get lucky sometimes, but it is the hackers who can social engineer and write their own exploits that are truly dangerous.
All the time, corporations deal with the cost/risk situation because of budget constraints. How much it costs to secure something compared to risk of the item being compromised or destroyed. In a meeting at a fortune 500 company an executive told the head of IT security that he was not allowed to test a new main web service that they were going to install, because they did not have any more money in the budget, and anyways, the vendor told them that it was secure.
Our government knows how effective electronic warfare is. On the history channel they had a special on our “Commander Solo” plane. They stated that during the invasion of Iraq that we owned their targeting systems. We masked targets that showed up on their systems and made new targets appear where none existed.
Cyber warfare is real and thankfully our government is starting to see the threat and secure our systems.
Ptsfp
Good MOrning Folks,
Since people trying to support this idea of the chinese in every chip concept, I’ll give you a hand to back up your argument, hey I don’t like these one sided affairs any more the Christian does.
Look up a recent NYT article ““U.S. Chip-making capacity spurs concern: Pentagon hardware shortfall highlighted” by John Markoff. A warning the argument Mr. Markoff makes is full of holes and Sgt. Oblat I’m sure will jump on them, getting into your sh** is what Sergeants do, for you who have never served, it’s their job and most are quite good at it. but it’s most likely the best support you will get on this issue.
ALLONS,
Byron Skinner
The danger isn’t in a centralized group of hackers controlled by a centralized authority, it’s from the massive, decentralized network of hackers in China who are connected only through ideology. They are capable of causing massive damage and the chinese government is incapable of making them stand down, even if it was willing.
i dont care. so long US aircraft carriers can nucke chinks back into middle age USA will be save.