The history of warfare is filled with the constant evolution of increasingly dangerous and more ingenious weapons and tactics. Prehistoric man replaced rocks with spears. Bows and arrows were developed. Gunpowder superseded them. Tanks made cavalry obsolete, airplanes and helicopters made mobility a key factor. Missiles with nuclear warheads are now the mark of a major power. History may be turning yet another corner, as our civilization becomes so heavily dependent on computers that the ability to manipulate an opponent’s systems for aggressive purposes becomes a potent weapon.
America faces a number of cyberspace threats. The most serious are from those wishing to engage in espionage to steal both military and technological secrets, and from those who wish to turn the nation’s own computer systems against it by dismantling defense systems and committing sabotage against key civilian infrastructure. Cyber attacks have escalated by 1,700% since 2009, costing intellectual property theft losses over $400 billion.
An armed attack following a cyber assault would be exceptionally effective. Key defense systems could be disabled, leading to a military that is deaf, dumb, and blind, defending a nation that may have its electrical, energy, water, transportation and other crucial systems heavily disrupted.
Last July, General Keith Alexander, the commander of the U.S. Cyber Command, openly worried that the United States was not adequately prepared for a cyber attack. He noted that on a scale one one to ten in preparedness, the U.S. was at about a three. He emphasized that the time to stop a cyber attack is less than a minute–far less time than preparing for an incoming missile attack.
The Mandiant Corporation has just released a scathing expose of China’s aggressive, persistent and wide scale assault on American computer systems. The organization has been tracking Beijing’s threat for several years. In 2004, it reported that the ongoing attacks on global systems, which they referred to as “Advanced Persistent Threats,” (APT) were probably authorized by the Chinese Government.
The federal government has been cognizant of the threat for some time. In 2011, U.S. Rep. Michael Rogers (R-Michigan) warned that: “China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.”
That same year, The Office of the U.S. National Counterintelligence Executive reported to Congress that “foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security. Cyberspace–where most business activity and development of new ideas now takes place–amplifies these threats by making it possible for malicious actions, whether they are corrupted insiders or foreign intelligence services (FIS) to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.”
While there are a number of private and governmental actors somewhat active in cyber espionage, as well as several who could be seen as potential assailants in a cyber attack, two stand out far more than the rest: China and Russia. (Iran is also seen as a lesser but significant threat.) According to the National Counterintelligence Office, “Chinese actors are the world’s most active and persistent perpetrators of economic espionage. U.S. private sector firms and cyber security specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible. Russia’s intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets.”
The Mandiant Report settles the question of who in China is responsible for that nation’s cyber attacks and cyber espionage. Beijing’s armed forces are clearly at the center of the threat. Specifically, a shadowy unit of the People’s Liberation Army known as the 2nd Bureau, operating within the General Staff Department’s 3rd Department, most commonly known as Unit 61398. According to the report, Unit 61398 is physically located in the Pudong New Area of Shanghai, at a 130,663 square foot building built in 2007. Staffing may be in the thousands, by personnel who are not only training in computer security but in the English language as well.
Shanghai, the location of Unit 61398
According to the report, Unit 61398, which Mandiant calls Advanced Persistent Threat 1 (APT1) “has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously…Apt1 focuses on compromising organizations across a broad range of industries in English speaking countries… [and] maintains an extensive infrastructure of computer systems around the world.”
The powerful nature of a computer-assaulting organization that is a direct part of the Chinese military made the decision to release this information a risky one for Mandiant, which notes that it is “Acutely aware of the risk this report poses for us. We expect reprisals from China as well as an onslaught of criticism.” The reality of a foreign military attacking an American corporation for performing its civic duty in revealing a threat of this type should not be lost on anyone. It is, in essence, the beginning of a new level both of warfare, and of a fundamental threat to American free speech rights.
General Alexander has noted that China’s espionage efforts have resulted in “The greatest transfer of wealth in history.”
The Department of Defense notes that China makes extensive use of stolen military technology, saving their armed forces billions of dollars and decades of time. Following major security breeches in the Clinton administration, including the transfer of a supercomputer, security measures were enhanced, but were loosened again under President Obama.
The reality of a foreign military attacking an American corporation for performing its civic duty in revealing a threat of this type should not be lost on anyone. It is, in essence, the beginning of a new level both of warfare, and of a fundamental threat to American free speech rights.
A number of Republicans in Congress and the White House have supported legislation enhancing American cyber security, but legitimate concerns about further enhancing the federal government’s power have stymied enactment attempts. Rep. Rogers, a Michign Republican, has written extensively on America’s vulnerability to cyber attacks. He has described the potential of “cyber catastrophes” and has introduced bipartisan legislation, along with Rep. Dutch Ruppersberger (D-Mo.)
Rogers has also emphasized that the U.S. government should enact a price from the Chinese government for their assaults and espionage. According to a Bloomberg news report, one American metallurgical company, for example, lost technology worth a billion dollars spent over a decade of development time to Chinese computer espionage.
As a stopgap measure, President Obama issued an executive order on February 12 providing an optional means for key infrastructure companies to give government contractors near real-time information about cyber attacks.
According to Information Week’s Matthew Schwartz, the Defense Research Projects Agency (DARPA) and the U.S. Air Force both individually requested vendors to prepare concepts for defending against cyber attacks.
When the New York Analysis began researching the issue of cyber warfare in 2012, the problem was one that received comparatively little attention in the media. The Obama Administration had previously made a decision that confronting this serious threat to the U.S., and indeed western, national security was not worth the risk of endangering Sino-American relations.
Recent revelations, which came not from federal intelligence agencies but from the private sector, have disclosed that intrusions into defense, government, corporate and journalistic computers came not from hackers or civilians, but from the Chinese armed forces themselves. The continuous scale and scope of assaults on the systems of America and its allies leads to the inescapable conclusion that China is conducting warfare-caliber operations against Western computers.
The recent assault on South Korean financial and media computer systems is now reported to have originated, at the request of North Korea, from China. This is indicative of the extraordinary scope and activism of China’s cyber war efforts. A recent report in the Wall Street Journal noted that “The world has never seen a state devote such large resources to siphoning off data from private companies to advance a broad range of national interests, political and economic. China’s penchant for online theft and sabotage could change the world economic order.”
In a recent Washington Times article, Cheryl Chumley quoted an industry expert who believes that “Cybersercurity is to 2013 what the space program was to the 1950s and 1960s, and the United States is in an aggressive race with China and Russia to develop cyberweapons that can damage infrastructure.”
Cyber war has already emerged from the pages of science fiction onto real world battlefields. General Keith Alexander has noted that this offensive technology has been employed in disputes throughout the former Soviet empire in Estonia, Georgia, Latvia, Lithuania, Azerbaijan, and Kyrgystan. In a delayed response to this threat, DARPA (the Defense Advanced Research Project Agency) and various other portions of the U.S. defense establishment have attempted to provide the U.S. with cyber war capabilities, some of which may have been used against Iran’s nuclear development program.
While American computer systems have already been subjected to serious assaults from China, the possibility exists for even more harsh attacks. It would not take an all-out war for this to occur. A Beijing assault against Taiwan, or even aggressive action against American allies in the Philippines, Japan, or South Korea, as has already occurred within the past year could prompt a preliminary move to neutralize any American response. A Slatemagazine article posed the very real question: would an American president rush to aide an ally if it meant that a key infrastructure system, for example, the electrical grid of America’s eastern seaboard, could be destroyed via a cyber attack?
American efforts are considerably late. Defense authority Bill Gertz, writing in the Washington Free Beacon, reports that President Obama turned down “a serious of options designed to dissuade China from further attacks” during a three month period starting in August 2011. The result of this decision has been further vulnerability of the U.S. private sector, which according to U.S. cyber commander General Keith Alexander may cost American industry about $250 billion annually.
Cyber war has already emerged from the pages of science fiction onto real world battlefields.
While the White House has finally acknowledged the threat, its response appears to be tepid. An executive order issued on February 13, 2013, “Improving Critical Infrastructure Cyber security” attempts to facilitate increased vigilance and protective measures within the private sector. The Administration has also criticized its own federal agencies, other than the Department of Defense and the General Services Administration, for not making adequate progress towards the 2014 gal of enhanced cyber security.
The National Security Council has outlined the President’s “10 point near-term actions” to support a cyber strategy policy:
• Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities.
• Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.
• Designate cybersecurity as one of the President’s key management priorities and establish performance metrics
• Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
• Conduct interagency-cleared legal analyses of priority cybersecurity- related issues.
• Initiate a national awareness and education campaign to promote cybersecurity.
• Develop an international cybersecurity policy framework and strengthen our international partnerships.
• Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships.
• Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure.
• Build a cyber security-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation.
A reasonable argument could be made that while these steps are all appropriate and necessary, they completely fail to provide any penalty for the dramatic and costly theft of American civilian and military technology-valued at $250 billion annually for many years-taken by China’s military, or to put forth a suggested response for similar ongoing and future actions by Beijing’s armed forces.
In what can only be seen as a weak response to China’s actions, the president’s National Security Advisor Tom Donilon recently stated that Chinese leaders need to “recognize the urgency and scope of the problem, along with the risks it imposes to international trade and to the regulation of Chinese industry in the world.”
The Washington Post reported on March 10 that the President signed a classified directive that requires an “imminent” or ongoing threat of an attack that could result in death or damage to the national security before a military cyber-action can be taken to thwart it. This is, in essence, a form of unilateral American disarmament in the face of the massive Chinese heist of private U.S. Industrial/intellectual property.
The costs to the taxpayer may be even greater, both in terms of jobs, investment, and future defense expenses. The vast sums appropriated to pay for cutting-edge military technology by U.S. citizens has been appropriated to pay for China’s armed forces, which thanks to the stolen information, now equal America’s.
The vast sums appropriated to pay for cutting-edge military technology by U.S. citizens has been appropriated to pay for China’s armed forces, which thanks to the stolen information, now equal America’s.
The legislative branch has been concerned about this growing challenge for some time. Previously, the New York Analysis reported on the bipartisan efforts of Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MO). In the Senate, Joseph Lieberman (Ind-CT) introduced S. 2105-the “Cybersecurity Act of 2012,” which “Directs the Secretary of Homeland Security (DHS), in consultation with owners and operators of critical infrastructure, the Critical Infrastructure Partnership Advisory Council, and other federal agencies and private sector gencis, to: (1) conduct a top-level assessment of cybersecurity risks to determine which sectors face the greatest imminent riskes, and beginning with the sectors identified as having the highest priority, conduct, on a sector-by sector basis, cyber risk assessment of the critical infrastructure; (2) establish a procedure for the designation of critical infrastructure; (3) identify and develop risk-based cybersecurity performance requirements; and (4) implement cyber response and restoration plans. Set forth requirements for securing critical infrastructure, including notification of cyber risks and threats and reporting of significant incidents affecting critical infrastructure.”
In addition to Russia, China, and the U.S., nations such as Iran and India are rapidly developing cyber war technologies.
As this article was being finalized, the Washington Post reported that American intelligence assets have been so devoted to anti-terrorist duties that they may have provided inadequate attention to the larger threats from China, Russia and other key threats.