23 October 2009

Chinese CyberWarfare Capabilities Developing

The following article (from Associated Press) shows that modern governments are seriously investing in their CyberWar Fighting capabilities.

But what does this mean to the rest of us? How can a government (especially one under totalitarian rule such as China) impact on the lives of we who live in democratic countries?

Currently, English is the dominant language on the Web -- but Google's Eric Schmidt recently proposed that within five years, Chinese language web sites could overtake this dominance, with their current rate of growth.

Increasingly, every aspect of our lives is becoming more dependent on the online experience. As China grows, and with the suggestion that "GreenWall"-like censorship measures could contain hidden backdoors that could recruit nearly every Windows PC in China into a giant government-controlled botnet, the threat of the Chinese being able to bring down nearly every Web site with a massive DDOS attack becomes a reality.

But in my view, for the Chinese government it's not only about force projection -- it's also about infiltrating themselves into foreign networks (e.g., NYPD and LAPD have long reported subtle attacks apparently originating from China), using a combination of HumInt and SigInt to subvert critical infrastructure, as part of a long-range plan to support potential future strikes.

More concerning for businesses however is the existence of ties between such intelligence operations, and the covert industrial espionage that endangers commercial enterprises. For this reason, in my view companies need to invest in long-range planning and strategic actions that reduce their exposure to such threats -- and acknowledge that the attackers are usually much better-funded, and smarter than our current defensive systems.

China is building its cyberwarfare capabilities and appears to be using the growing technical abilities to collect US intelligence through a sophisticated and long-term computer attack campaign, according to an independent report.

Released Thursday by a US congressional advisory panel, the study found cases suggesting that China's elite hacker community has ties to the Beijing government, although there is little hard evidence.

The commission report details a cyberattack against a US company several years ago that appeared to either originate in or come through China and was similar to other incidents also believed to be connected to the country.

According to the analysis, the company noticed that over several days, data from their network was being sent to multiple computers in the US and overseas. While the report does not identify the company, it contends that the attackers targeted specific data, suggesting a very coordinated and sophisticated operation by people who had the expertise to use the high-tech information. An internet protocol (IP) address located in China was used at times during the episode.

Barring proof, the study by the US-China Economic and Security Review Commission warns that the sort of expansive and sophisticated computer resources that have been seen in cyberattacks on the US and other countries "is difficult at best without some type of state sponsorship."

The study contends that the Chinese, long reported to be stoking a massive military build up, has also made computer warfare a priority. The Chinese government is said to view such cyberprowess as critical for victory in future conflicts - similar to the priority on offensive cyber abilities stressed by some US officials.

Potential Chinese targets in the US, according to the report, would likely include Pentagon networks and databases to disrupt command and control communications, and possibly corrupt encrypted data. The report notes, however, that penetrating such classified systems would be time consuming and difficult.

In large part, the commission report expands on the Pentagon's annual China military power review. The Defense study said earlier this year that China's People's Liberation Army has set up information warfare units to develop viruses to attack enemy computer systems and networks as well as to protect friendly systems.

The Pentagon report described computer attacks believed to have originated in China, but concluded that "it remains unclear if these intrusions were conducted by, or with the endorsement of, the PLA or other elements of the PRC (People's Republic of China) government."

The new report, prepared for the commission by Northrop Grumman, relies largely on publicly available information from Chinese hacker websites, technical articles and analysis of computer intrusions attributed to the Chinese.

No comments: